JP7074991B2 - Providing security information - Google Patents

Description

Cross-reference of related applications

This application is accompanied by a priority claim under US provisional application 62 / 502,002 filed May 5, 2017. The entire content of future applications is incorporated herein by reference in its entirety.

background

[Technical field]
Embodiments of the present invention generally include UMTS (Universal Mobile Telecommunications System), UTRAN (UMTS Terrestrial Radio Access Network), LTE (Long Term Evolution) E-UTRAN (Evolved UTRAN, LTE-A (LTE-Advanced), It relates to a wireless communication network or mobile communication network such as LTE-A Pro and / or 5G wireless access technology, NR (new radio) access technology, but is not limited to the above wireless communication network or mobile communication network. No. Some embodiments may relate to security measures such as 5G or NR.

Description of related technology

UTRAN refers to a communication network including a base station or node B (Node B), and an RNC (radio network controllers). UTRAN enables connections between user equipment (UE) and core networks. RNC provides the control function of one or more nodes B. The RNC and the node B corresponding to this RNC are called a radio network subsystem (RNS). In the case of E-UTRAN (enhanced UTRAN), there is no RNC, and the wireless access function is provided by one eNodeB or eNB (evolved Node B) or multiple eNodeBs. Further, as in the case of CoMP (Coordinated Multipoint Transmission) or dual connection, a plurality of eNBs are provided for one UE connection.

Long Term Evolution (LTE) or E-UTRAN refers to UMTS improvements through improved efficiency and service, lower cost, and the use of new spectrum opportunities. In particular, LTE is a 3GPP standard. And this 3GPP standard provides at least a peak speed of 75 Mbps per carrier for uplinks and at least 300 Mbps per carrier for downlinks. LTE supports scalable carrier bandwidths from 1.4MHz to 20MHz and supports both Frequency Division Duplexing (FDD) and Time Division Duplexing (TDD).

As mentioned above, LTE can also improve spectral efficiency in networks, providing a lot of data by carrier waves, making it possible to provide voice services above a given bandwidth. Therefore, LTE is designed to meet the demands for high speed data and media transmission in addition to high performance voice support. Benefits of LTE include, for example, high processing power, low latency, FDD and TDD support on the same platform, improved end-user knowledge, and low operating costs due to the simplicity of the technology.

Specific releases of 3GPP LTE (eg LTE Rel-10, LTE Rel-11, LTE Rel-12, LTE Rel-13) are for future IMT-A systems (international mobile telecommunications advanced systems). , In the present specification, this is simply referred to as LTE-Advanced or LTE-A.

LTE-A is heading towards expanding and optimizing 3GPP's LTE wireless access technology. The goal of LTE-A is to provide very advanced services at low cost with high data rates and low latencies. LTE-A is a more optimized wireless system that meets the requirements (ITU-R requirements) of the International Telecommunication Union Radiocommunication Sector of IMT-Advanced while maintaining backward compatibility. One of the main features of LTE-A announced at LTE Rel-10 is a collection of carrier waves. These key features make it possible to improve the data rate through an aggregate of two or more LTE carriers.

A 5G (5th generation) or NR (new radio) radio system is a new generation (NG) of a radio system and network structure. 5G will provide bit rates on the order of 10-20 Gbit / s. 5G will support at least eMBB (enhanced mobile broadband) and URLLC (ultra-reliable low-latency-communication). 5G is also expected to increase network scalability to hundreds of thousands of connections. 5G signaling technology is expected to improve for wide coverage as well as spectral and signaling efficiencies. 5G is expected to support the Internet of Things (IoT) by providing extreme broadband and ultra-robust, low latency connectivity, and huge networking. As IoT and M2M (machine-to-machine) communications become more widespread, the need for networks that meet the demands of low power, low data rates, and long battery life will increase. In 5G or NR, node B or eNB may mean the next generation node B (gNB).

Description

One embodiment relates to a method that may include pre-transmitting a new parameter used by a network node to generate a security key to at least one user device. This embodiment may further include performing a consistency check to determine if at least one user device has generated a security key using the correct parameters.

Another embodiment of the invention relates to a device capable of comprising at least one processor and at least one memory containing computer program code. The at least one processor and the computer program code use the at least one processor to pre-send to the device new parameters used to generate a security key to at least one user device. And performing a consistency check to determine whether the security key is generated by the at least one user device using the correct parameters.

Other embodiments relate to one device. Here, the device uses a transmission means by which the network node pre-sends new parameters used to generate a security key to at least one user device, and the at least one user device uses the correct parameters. It is possible to provide an implementation means for performing a consistency check for determining whether or not the security key is generated.

Another embodiment relates to a sustainable computer readable medium. Here, this persistent computer readable medium pre-sends a new parameter used by the network node to generate a security key to at least one user device, and the at least one user device is the correct parameter. It is provided with a consistency check to determine whether or not the security key is generated using the above, and a program instruction to be recorded to be executed.

Another embodiment relates to a method that may include preliminarily receiving new parameters from a network node that are used to generate a security key to a user device. The method further comprises generating a new security key by the user device based on at least one of the new parameter and the cell identifier of the cell in which the user device is camped on.

Another embodiment of the invention relates to a device capable of comprising at least one processor and at least one memory containing computer program code. The at least one memory and the computer program code shall be pre-received by the device with at least one new parameter used to generate a security code for the device from a network node using at least one processor. , The device is configured to generate a new security key based on at least one of the correct parameters and the cell identifier of the cell in which the device is camped on.

Another embodiment relates to an apparatus. Here, the device is a receiving means that previously receives from a network node new parameters used to generate a security key for the device, the correct parameters, and the cell in which the device is camped on. It comprises a generation means for generating a new security key based on at least one of the cell identifiers.

Another embodiment relates to a sustainable computer readable medium. Here, this persistent computer readable medium pre-receives new parameters from the network node that are used to generate a security key for at least one user device, and by said user device, said correct parameters. , Or generate a new security key based on at least one of the cell identifiers of the cell in which the user equipment is camp-on, and include program instructions recorded to be executed.

Please refer to the accompanying drawings below for a proper understanding of the present invention.

An example of a state machine of UE and a block diagram showing a state transition in NR are shown.

An exemplary block diagram of an apparatus according to an embodiment is shown.

An exemplary block diagram of the device according to another embodiment is shown.

An exemplary flow diagram of a method according to an embodiment is shown.

It is an exemplary flow diagram of the method by another embodiment.

Detailed explanation

As generally described and illustrated in the drawings of the present application, the components of the invention can be configured and designed in a wide variety of forms. Accordingly, embodiments of systems, methods, devices, computer program products related to security processing in accordance with, for example, 5G or New Radio Access Technology (NR), as described in the accompanying drawings and below. The drawings described in detail do not limit the scope of the invention, but represent selected embodiments of the invention.

The properties, configurations, or features of the invention described throughout this specification may be combined in any way in one or more embodiments. For example, "some embodiments", "some embodiments", or similar expressions described throughout the specification have specific properties, configurations, or features described in connection with an embodiment. It shows that it may be included in at least one embodiment of the present invention. Accordingly, "one embodiment," "some embodiments," "another embodiment," or similar expressions described throughout the specification do not necessarily indicate the same group of embodiments. None, the properties, configurations, or features described may be combined in any suitable form in one or more embodiments.

Further, if desired, the various functions disclosed below may be performed in different order and / or simultaneously. Further, if necessary, one or more of the described functions may be arbitrarily selected or integrated. Therefore, the following explanation should be considered merely as an explanation of the principles, teachings, and typical embodiments of the present invention, and should not be considered to limit them.

FIG. 1 shows an example of a state machine of UE and a block diagram showing a state transition in NR. As shown in FIG. 1, the RRC (Radio Resource Control) of the NR may include three state modes. Here, these three state modes are RRC_IDLE, RRC_CONNECTED, and RRC_INACTIVE. In the RRC_IDLE state, there is Cell Re-Selection Mobility (which determines if the UE AS context is remembered in one of the gNBs or UEs), and the CN (Core Network) initiates paging. The paging area is managed by CN. In the RRC_INACTIVE state, there is cell reselection mobility, a CN-NR RAN connection (both C / U-plane) is established for the UE, and the UE AS context is stored in at least one gNB and UE. Also, paging is initiated by NR RAN and the RAN-based notification area is managed by NR RAN. Also, NR RAN recognizes the RAN-based notification area to which the UE belongs. In the RRC_CONNECTED state, the UE has an NR RRC connection. The UE has an AS context in the NR, and the NR RAN recognizes the cell to which the UE belongs, sending and receiving unicast data to and from the UE, and network mobility management (that is, handover in the NR, handover in and out of E-UTRAN). do.

Some embodiments of the invention may relate to NR RRC_INACTIVE and security controls.

In general, when a UE establishes and reestablishes an RRC connection with a network, it requires the generation of a new security key. This is currently responded by the UE sending a message on the uplink (eg RRCConnectionResumeRequest) and the network responding with a key update proposal (eg RRCConnectionResume with an NCC (next hop chaining count) field). It works in such a way as to. The UE can confirm this receipt (for example, by RRCConnectionRessumeComplete) and use the new key. It has already been proposed to omit the third step by assigning NCC to the UE in the release message / inactive message (message that transitions the UE to the inactive state). In this case, the UE will not need to confirm receipt of the security key update proposal. However, this approach will not work in cases where the UE does not get the release command from the network. For example, RLF (radio link failure), HO (handover) failure, RRC connection reconfiguration failure, and any other failure that could cause an attempt to reestablish an RRC connection.

In some embodiments, new NCCs, or equivalent parameters, are added to the UE when the UE transitions to the CONNECTED state and / or when the UE activates security for the current connection. This new NCC, or equivalent parameter, will be used to generate the key. As a result, if the UE fails RLF or HO, fails reconfiguration, fails any other wireless communication, etc. and reestablishes / reconfigures the RRC connection, the new NCC that was already in use from the beginning You can use the new key that is generated based on it. Here, the starting point is, for example, a starting point for generating an appropriate MAC-I / short MAC-I for a reestablishment message. Here, the network can determine the integrity of the UE's RRC message from this reestablishment message, authenticate the UE, and omit sending the COMPLETE message (ie, msg5). This allows the UE to immediately send new data with a re-establishment message as the new key is used for data encryption.

In certain embodiments, the network may update the NCC, for example, using the RRCConnectionReconfiguration message and confirm receipt using the UE's RRCConnectionReconfigurationComplete message. According to some embodiments, failure events such as RLF, HO failure, reconfiguration failure, etc. may serve as a trigger for the UE to use the new NCC.

In certain embodiments, a new NCC may be applied if the UE selects or reselects a new cell after a failure event and / or during RRC connection reestablishment. In this case, the old security key can be used when there is no need to change the key (so-called when the serving network nodes are the same).
In some embodiments, the network may configure the UE with a list of cells and / or a list of RAN notification areas (which may be a list of RAN notification area IDs) to which the UE does not apply the new NCC.
In some embodiments, the network is by a list of cells and / or a list of RAN notification areas (which may be a list of RAN notification area IDs) from which the UE must apply the new NCC when selecting or reselecting cells. , UE may be configured.
In some embodiments, if the selected or reselected cell is determined to belong to a different network node than the previously connected cell (ie, prior to the failure event or deactivation), the UE will issue a new NCC. Can be applied. The UE may be able to determine this from the network node ID and / or gNBID transmitted in the system information.

In one embodiment, if the network attempts to update the NCC for the UE and makes a reconfiguration failure (HO failure is this special case) that occurs for that message, the network sends to the UE. Update the NCC contained in the reestablishment message. This triggers the UE to send an RRCConnectionResumeComplete message to the network. In some embodiments, the network can determine that the UE did not use the correct NCC with a consistency check. At this time, both the old and new NCCs may be required to be transferred by the preceding gNB to the new gNB based on the context fetch. Alternatively, the network may reject the UE's reestablishment request when the UE enters IDLE mode and initiates an attempt to establish its connection from scratch.

FIG. 2a is a diagram illustrating an example of the device 10 according to an embodiment. In certain embodiments, the device 10 may be a node, host, or server constituting a serving such as a communication network or a network. For example, the device 10 includes a base station related to a GSM (registered trademark) network, an LTE network, a radio access network such as 5G, NR, a node B, an evolved node B, and a 5G node B (5G node B). ) Or an access point, a next-generation node B (NG-NB, gNB), a WLAN access point, an MME (mobility management entity), or a subscription server.

The device 10 may consist of an edge cloud server as a distributed computing system. Here, in this distributed computing system, the server and the radio node may be a stand-alone device that communicates with each other via a radio propagation path or a radio connection, or these servers and the radio node make a radio connection. It may be located within the same entity communicating through. It should be noted that one of ordinary skill in the art will appreciate that the device 10 may have components or functions not shown in FIG. 2a.

As shown in FIG. 2a, the device 10 may include a processor 12 for processing information and performing instructions or operations. The processor 12 may be of any type, such as a versatile processor, a processor for a specific application, or the like. Further, the processor 12 is one or more multipurpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), field programmable gate arrays (FPGAs), and application-specific integrated circuits (ASICs). , Processors based on multi-core processor architecture, etc. Although the single processor 12 is shown in FIG. 2a, according to another embodiment of the present invention, a multiprocessor can also be used. For example, in certain embodiments, the device 10 may include one or more processors, these one or more processors forming a multiprocessor system (in other words, in this case the processor 12 represents a multiprocessor). It should be understood that it may be. Here, this multiprocessor system can support multiprocessing. In certain embodiments, the multiprocessor system may be tightly coupled or loosely coupled (eg, to form a computer cluster).

The processor 12 can perform functions related to the operation of the device 10. This function includes, for example, precoding of antenna gain and / or antenna phase parameters, encoding and decoding of individual bits forming a communication message, information formatting, and overall control of the device 10 (communication resource management). Includes processing related to).

Further, the device 10 may include a memory 14 connectable to the processor 12 or may be connected (internally or externally) to the memory 14, which may be executed by the processor 12 and information and information. Memorize the command. The memory 14 may be one or more memories, or of any kind suitable for the local application environment. For example, it may be implemented using a variety of compatible volatile and non-volatile data storage techniques such as semiconductor-based memory devices, magnetic memory device systems, optical memory device systems, fixed and mobile memories, etc. .. The memory 14 is, for example, a random access memory (RAM), a read-only memory (ROM), a magnetic or optical disk, a static storage device such as a hard disk drive (HDD), or any other type of persistent machine (non). -transitory machine), can consist of any combination of computer readable media. The instructions stored in the memory 14 may include program instructions or computer program codes, and when these program instructions or program codes are executed by the processor 12, the device 10 executes the tasks described herein. be able to.

In certain embodiments, the device 10 may further include or be connected (internally or externally) to a drive or port. Here, these drives or ports are configured to accommodate and read external computer-readable storage media such as optical discs, USB drives, flash drives, and other storage media. For example, an external computer-readable storage medium can store computer programs or software executed by the processor 12 and / or device 10.

In some embodiments, the device 10 may further include, or may be connected to, one or more antennas 15 for transmitting and receiving signals and / or data. The device 10 may further include a transceiver 18 configured to transmit and receive information, or may be connected to the transceiver 18. The transceiver 18 may include, for example, a plurality of wireless interfaces that can be interlocked with the antenna 15. The wireless interface can support multiple wireless access technologies. Multiple wireless access technologies include one or more GSM®, BN-IoT, LTE, 5G, WLAN, Bluetooth®, BT-LE, NFC, RFID, UWB and the like. Is included. The wireless interface may include elements such as filters, converters (such as digital-to-analog converters), mappers, fast Fourier transform (FFT) modules, and symbols transmitted through one or more downlinks. Generate and receive symbols, for example through an uplink. Thus, the transceiver 18 modulates the information for transmission by the antenna 15 onto a carrier waveform and demodulates the information received via the antenna 15 for further processing by other elements of the device 10. Can be configured as In another embodiment of the invention, the transceiver 18 may be able to directly transmit and receive signals or data.

In one embodiment of the invention, the memory 14 can store a software module that realizes its function when executed by the processor 12. The above modules may include an operating system or the like that provides operation of the system functions of the device 10. The memory may also store one or more functional modules, such as an application or program that implements the additional functionality of the device 10. The components of the device 10 may be implemented in hardware or as an appropriate combination of hardware and software.

In certain embodiments, the device 10 is a network node or RAN node such as a base station, access point, node B, eNB, 5G or new wireless communication node B (gNB) or access point, WLAN access point or the like. There may be. In some embodiments, the device 10 is controlled by the memory 14 and the processor 12 and is capable of performing any of the functions associated with the embodiments described herein.

In certain embodiments, the device 10 may be controlled by a memory 14 and a processor 12 to pre-send a new NCC to the UE (eg, during a preceding RRC connection). This transmission is performed using, for example, an RRCConnectionReconfiguration message, a SecurityModeCommand message, an RRCConnectionSetup message, and an RRCConnectionResume message. In some embodiments, the device 10 may be controlled by the memory 14 and the processor 12 to send a new NCC to the UE as soon as the UE transitions to the connected state. At this time, the UE can immediately apply the new pre-assigned NCC and the new security key calculated based on the cell ID of the cell in which the UE is camping on. For example, when the UE switches from inactive mode (eg RRC_INACTIVE mode) to connected mode (eg RRC_CONNECTED mode), or when sending small data in inactive mode via a ResumeRequest message without switching to connected mode. Or, when the UE encounters a failure such as RLF, HO failure, the UE may calculate a new key. It should be noted that if the new NCC was not provided to the UE in advance, the UE would need to use the old key to encrypt the data sent with the Resume Request message. This is believed to mean that the old RAN node (so-called device 10) is the only one that is allowed to encrypt data packets. In some embodiments, by providing the NCC in advance, the UE can immediately apply the key for the data sent with the ResumeRequest message. Then, when the new RAN node fetches the UE context, the new RAN node can decrypt the ResumeRequest message itself.

In some embodiments, the device 10 is controlled by a memory 14 and a processor 12, and a consistency check may be used to determine if the correct NCC has been used. For example, in one embodiment, device 10 may be controlled by memory 14 and processor 12 to perform consistency checks using RRCConnectionResume messages. Previously, the NCC was included in the reestablishment message, so the RRC ResumeComplete message served the purpose of UE integrity verification. However, according to certain embodiments disclosed herein, the NCC is provided between the preceding RRC connections so that integrity verification can be done from the RRCConnectionResume message, omitting the RRCResumeComplete message. be able to.

FIG. 2b is a diagram illustrating an example of the device 20 according to another embodiment of the present invention. In certain embodiments, the device 20 is a node or element within a communication network or related to a similar network, such as a UE, ME (mobile equipment), mobile station, mobile device, fixed device, IoT device, or other device. May be good. As described herein, the UE is an alternative, for example, a mobile station, mobile terminal, mobile unit, mobile device, user device, subscriber station, wireless terminal, tablet, smartphone, IoT device or NB-IoT device. , Others may mean something similar. As an example, the device 20 may be mounted on, for example, a wireless handheld device, a wireless plug-in accessory, or the like.

In some embodiments, the device 20 has one or more processors, one or more computer-readable storage media (eg, memory, storage, or the like), or one or more wireless access components (eg, memory, storage, or the like). For example, it may include a modem, a transceiver, and the like), and / or a user interface. According to some embodiments, the device 20 is GSM®, LTE, LTE-A, NR, 5G, WLAN, WiFi, NB-IoT, Bluetooth®, NFC and other wireless access technologies. Etc., may be configured to manipulate the use of one or more wireless access technologies. It should be noted that one of ordinary skill in the art will appreciate that the device 20 may have components or functions not shown in FIG. 2b.

As shown in FIG. 2b, the device 20 may include or be coupled with a processor 22 for processing information and performing instructions or operations. The processor 22 may be of any type, such as a versatile processor, a processor for a specific application, or the like. Furthermore, the processor 22 is one or more multipurpose computers, special purpose computers, microprocessors, digital signal processors (DSPs), field programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs). , A processor based on a multi-core processor architecture, or the like. Although the single processor 22 is shown in FIG. 2b, according to another embodiment of the invention, a multiprocessor can also be used. For example, in certain embodiments, the device 20 may include one or more processors, these one or more processors forming a multiprocessor system (in other words, in this case, the processor 22 represents a multiprocessor). It should be understood that it may be. Here, this multiprocessor system can support multiprocessing. In certain embodiments, the multiprocessor system may be tightly coupled or loosely coupled (eg, to form a computer cluster).

The processor 22 can perform functions related to the operation of the device 20. This function includes precoding of antenna gain and / or antenna phase parameters, encoding and decoding of individual bits forming a communication message, information formatting, and overall control of device 20 (processing related to communication resource management). Includes, but is not limited to.

Further, the device 20 may include a memory 24 connectable to the processor 22 or may be connected to the memory 24 (internally or externally), which may be executed by the processor 22 and information. Memorize the command. The memory 24 may be one or more memories, or of any kind suitable for the local application environment. For example, it may be implemented using a variety of compatible volatile and non-volatile data storage techniques such as semiconductor-based memory devices, magnetic memory device systems, optical memory device systems, fixed and mobile memories, etc. .. The memory 24 may be, for example, a random access memory (RAM), a read-only memory (ROM), a static storage device such as a magnetic disk or an optical disk, or any other non-transitory machine. It can consist of any combination of computer readable media. The instructions stored in the memory 24 may include program instructions or computer program codes, and when these program instructions or program codes are executed by the processor 22, the device 20 executes the tasks described herein. be able to.

In certain embodiments, the device 20 may further include or be connected (internally or externally) to a drive or port. Here, these drives or ports are configured to accommodate and read external computer-readable storage media such as optical discs, USB drives, flash drives, and other storage media. For example, an external computer-readable storage medium can store computer programs or software executed by the processor 22 and / or device 20.

In some embodiments, the device 20 further comprises or interlocks with one or more antennas 25 to receive the downlink signal and transmit over the uplink from the device 20. Can be done. The device 20 may further include a transceiver 28 configured to transmit and receive information. The transmit / receive 28 may further include a wireless interface (eg, a modem) associated with the antenna 25. Wireless interfaces include multiple wireless access technologies (one or more GSM®, LTE, LTE-A, 5G, NR, WLAN, NB-IoT, Bluetooth®, BT-LE, NFC, RFID. , UWB, and the like). The wireless interface may further include elements such as filters, converters (such as D / A converters), symbol demappaers, inverse fast Fourier transform (IFFT) modules, etc., in downlinks and uplinks. Process the symbols to be carried (OFDMA symbols, etc.).

For example, the transceiver 28 may modulate the information for transmission by the antenna 25 into a carrier waveform and demodulate the information received via the antenna 25 for further processing by other elements of the device 20. Can be configured. In another embodiment of the invention, the transceiver 28 may be able to directly transmit and receive signals or data. The device 20 may further include a user interface such as a graphic user interface and a touch screen.

In one embodiment of the invention, the memory 24 stores a software module that realizes its function when executed by the processor 22. The above modules may include an operating system or the like that provides operation of the system functions of the device 20. The memory may also store one or more functional modules, such as an application or program that implements the additional functionality of the device 20. The components of the device 20 may be implemented in hardware or as an appropriate combination of hardware and software.

Depending on the embodiment, the device 20 may be, for example, a UE, a mobile device, a mobile station, an ME, an IoT device and / or an NB-IoT device. In some embodiments, the device 20 can be controlled by the memory 24 and the processor 22 to perform functions related to the embodiments described herein. For example, in some embodiments, the device 20 may be configured to perform one or more processes as shown in the flowcharts and signal diagrams described herein. In some embodiments, the device 20 is controlled by a memory 24 and a processor 22 and may pre-receive a new NCC, for example during a preceding RRC connection. For example, in certain embodiments, the NCC may be received in an RRCConnectionReconfiguration message, a SecurityModeCommand message, an RRCConnectionSetup message, an RRCConnectionResume message.

In one embodiment, the device 20 is controlled by a memory 24 and a processor 22 and is new based on a new NCC and / or a cell ID of the cell in which the device 20 is camp on. Security keys may be calculated or generated. In certain embodiments, the device 20 is further controlled by a memory 24 and a processor 22, for example, when the device 20 switches from an inactive state (eg, RRC_INACTIVE mode) to a connected state (eg, RRC_CONNECTED mode), or in RRC_CONNECTED mode. Apply the new key when sending small data to device 20 via ResumeRequest message in non-acty mode without switching to, or when device 20 encounters a wireless communication failure such as RLF, HO failure, etc. May be good.

In some embodiments, if an RRC connection has been set up, the device 20 may attempt to reestablish the RRC connection in the reestablishment procedure by providing a new NCC in advance or immediately. In addition, the device 20 can immediately apply a new security key based on the new NCC provided in advance, and the network connection can be reestablished more quickly while allowing data multiplexing. It will be possible.

FIG. 3a is an exemplary flow diagram of a method according to an embodiment. The method of FIG. 3a can be performed, for example, by a network node (base station, access point, eNB, gNB or the like). As described in FIG. 3a, this method may include pre-sending a new NCC to one or more UEs (eg, during a preceding RRC connection) (300). In certain embodiments, sending a new NCC can include sending a new NCC with an RRCConnectionReconfiguration message, a SecurityModeCommand message, an RRCConnectionSetup message, and an RRCConnectionResume message. At this time, the UE can immediately apply the new pre-assigned NCC and the new security key calculated based on the cell ID of the cell in which the UE is camp on. For example, when the UE switches from inactive mode (eg, RRC_INACTIVE mode) to connected mode (eg, RRC_CONNECTED mode), or when it sends small data in inactive mode via a ResumeRequest message without switching to connected mode. Or, when the UE encounters a failure such as RLF, HO failure, the UE may calculate a new key. In certain embodiments, the method can further include using a consistency check to determine if the UE has used the correct NCC. For example, in one embodiment, the step of use may include performing an integrity check on an RRCConnectionResume message. According to certain embodiments disclosed herein, NCC may be provided between preceding RRC connections, so consistency verification may be performed in the RRCConnectionResume message and the RRCResumeComplete message may be omitted. can.

FIG. 3b is an exemplary flow diagram of a method according to an embodiment. The method of FIG. 3b may be performed by, for example, a UE, a mobile station, a mobile device, an IoT device, an MTC device or the like. As described in FIG. 3b, this method can include pre-receiving a new NCC (eg, during a preceding RRC connection) (350). For example, in certain embodiments, the NCC may be received in an RRCConnectionReconfiguration message, a SecurityModeCommand message, an RRCConnectionSetup message, an RRCConnectionResume message. In certain embodiments, the method may further calculate or generate a new security key based on a new pre-assigned NCC and / or the cell ID of the cell in which the UE is camp on. Good (360). In certain embodiments, the method further resumesRequest in non-acty mode, for example, when the UE switches from an inactive state (eg, RRC_INACTIVE mode) to a connected state (eg, RRC_CONNECTED mode), or without switching to connected mode. It may include applying a new key when sending small data via a message or when the UE encounters a failure such as RLF, HO failure (370).

In view of the above, embodiments of the present invention provide some technical benefits and / or improvements and / or advantages. For example, depending on the embodiment, the latency can be reduced even in the case of RLF by allowing the omission of msg5, for example. Further, in some embodiments, key refresh after the first RRC message is not required, and data transmission by the UE becomes possible immediately. In some embodiments, it is possible to mix with the first RRC message and send the data immediately. As a result, in some embodiments, the performance and throughput of network nodes (including, for example, base stations, eNBs, gNBs, and / or UEs) can be improved. Moreover, the use of embodiments of the present invention results in improved functionality of the communication network and its nodes.

In some embodiments of the invention, all functions of the methods, processes, signal diagrams, and flow diagrams described herein are software and / or memory, other computer readable media, or tangible representation media. It may be implemented by a computer program (or part of that computer program) stored in tangible media) and executed by a processor.

In certain embodiments, the device may include or cooperate with at least one software application, module, unit, entity. Here, this entity is configured as an arithmetic operation or as a program or part thereof (including addition or update software routines) executed by at least one operating processor. A computer may also be referred to as a computer program product or computer program. These also include software routines, applets and macros. These may be stored on a device readable storage medium. These have program instructions to perform a particular task.

A computer program product may include one or more computer-executable elements configured to perform the embodiments described herein when the program is executed. This one or more computer-executable elements may be at least one software code or part thereof. The improvements and deployments required to improve the functionality of certain embodiments can be made as mundane, which can be implemented as additional or updated software routines. In some embodiments, software routines may be downloaded to the device.

The software or computer program code (or part of the code) may be in source code format, object code format, or some medium format. Further, the computer program may be recorded on some carrier, distribution medium, or computer-readable medium, where these carriers, distribution medium, or computer-readable medium may be any entity or device capable of propagating the program. .. Such carriers include storage media, computer memory, ROMs, optoelectronic and / or electrical propagation signals, telecommunications signals, software sales packages, and the like. Depending on the processing power required, the computer program may be run on a single electronic digital device or distributed across multiple devices or computers. The computer-readable medium or the computer-readable storage medium may be a persistent medium.

In other embodiments of the invention, the above functions may be realized by hardware. Examples of hardware include application specific integrated circuits (ASICs), programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), and other hardware-software combinations. In yet another embodiment, the function may be implemented as a signal, non-contact means. Here, this signal, non-contact means, can be propagated by electromagnetic signals downloaded from the Internet or other networks.

In some embodiments, devices such as nodes, devices, and corresponding components may be configured as single-chip computer elements, computers such as chipsets, or microprocessors. Here, these single-chip computer elements, chipsets, and the like also include a memory that provides storage capacity for arithmetic operations, and an operation processor for performing the arithmetic operations.

One embodiment relates to a method that can include a network node that pre-sends a new NCC to one or more UEs. In some embodiments, it may include transmitting a new NCC during an RRC connection that precedes the prior transmission. This method can include using a consistency check to determine if the UE used the correct NCC.

Another embodiment of the invention relates to a device capable of comprising at least one processor and at least one memory containing computer program code. The at least one memory and the program code are configured to pre-send a new NCC to the device to at least one UE using the at least one processor. In some embodiments, it may include transmitting a new NCC during an RRC connection that precedes the prior transmission. The at least one memory and the program code use the at least one processor to cause the device to use at least an integrity check to determine if the UE is using the correct NCC. Can be configured as

Other embodiments relate to methods that can include receiving a new NCC in advance (eg, during a preceding RRC connection) on the UE. This method also calculates or generates a new security key based on the cell ID of the cell in which the new NCC and / or UE is camped on, and, for example, from the inactive state to the connected state of the UE. It can include applying a new security key when transitioning.

Another embodiment of the invention relates to a device capable of comprising at least one processor and at least one memory containing computer program code. The at least one memory and the computer program use the at least one processor to receive at least a new NCC to the device in advance (eg, during a preceding RRC connection), and the new NCC and / Or, to calculate or generate a new security key based on the cell identifier of the cell in which the device is camped on, and to apply the new security key when the device transitions from the inactive state to the connected state. And is configured to execute.

Those skilled in the art will readily appreciate that the invention described above can be carried out in different processing sequences and with hardware elements of different configurations than those disclosed. Accordingly, although the invention has been described on the basis of preferred embodiments, it is obvious to those skilled in the art that various modifications, modifications, and alternative structures can be adopted without departing from the spirit and scope of the invention. Let's do it. In order to determine the scope of the exemplary embodiment, the appended claims must be referred to.

Claims (7)

The method performed by the network node,
Pre-sending the new parameters used to generate the security key to at least one user device,
Receiving a ResumeRequest message containing data encrypted with a security key generated based on the new parameter from at least one user device in RRC_INACTIVE mode.
Performing an integrity check to determine if the security key used to encrypt the data was generated using the correct parameters.
Including
The new parameters include a new next hop chaining counter (NCC).
The transmission further comprises transmitting the new parameter immediately when the at least one user device transitions to the connected state .
Method. The method performed by the network node,
Pre-sending the new parameters used to generate the security key to at least one user device,
Receiving a ResumeRequest message containing data encrypted with a security key generated based on the new parameter from at least one user device in RRC_INACTIVE mode.
Performing an integrity check to determine if the security key used to encrypt the data was generated using the correct parameters.
Including
The new parameters include a new next hop chaining counter (NCC).
The pre-sending includes sending the new parameter in at least one of an RRCConnectionReconfiguration message, a SecurityModeCommand message, and an RRCConnectionSetup message .
Method. The method of claim 1 or 2 , wherein the implementation comprises performing the consistency check in an RRCConnectionResume message. The method according to claim 1 to 3 , wherein the network node is an NR network node, and the at least one user device is an NR user device. A network node
A means of pre-sending new parameters used to generate a security key to at least one user device,
A means of receiving a ResumeRequest message from at least one user device in RRC_INACTIVE mode, including data encrypted with a security key generated using the new parameter.
A means of performing an integrity check to determine if the security key used to encrypt the data was generated using the correct parameters.
Equipped with
The new parameters include a new next hop chaining counter (NCC).
The pre-sending means is configured to send the new parameter in at least one of an RRCConnectionReconfiguration message, a SecurityModeCommand message, and an RRCConnectionSetup message.
Network node. A device including a processing means and a storage means, wherein the storage means stores a program instruction, and when the program instruction is executed by the processing means, the device is described in any one of claims 1 to 4 . A device configured to carry out the method of. A computer program comprising a program instruction configured to cause the device to perform the method according to any one of claims 1 to 4 , when executed by the processing means of the device.

Images