Security activation optimization method suitable for LTE access layer

Abstract

The present invention relates to a security activation optimization method applicable to the LTE access layer, which is characterized in that: before the radio resource control protocol module activates the security protection mechanism of the packet data convergence protocol module, all received The downlink message and its corresponding count value are delivered to the radio resource control protocol module for processing. The integrity protection key is obtained through corresponding decoding, and the security protection function of the packet data convergence protocol module is activated only after the verification is successful; otherwise, the radio resource control protocol module continues to use the original security configuration. It can effectively avoid the hidden danger of security verification uncertainty caused by the timing impact of downlink message reception during SMC message integrity verification. The process processing can be faster and easier, the delay of message processing can be reduced, and the response speed of UE accessing the LTE network can be effectively improved.

Description

Technical field [0001] The present invention relates to an LTE access layer data transmission security optimization method, in particular to a security activation optimization method suitable for the LTE access layer. Background technique [0002] In view of the existing communication application field, the transmission mechanism established by 3GPP (Third Generation Partnership Project) has become increasingly mature. The 3GPP was established in December 1998, and a number of telecommunication standards organization partners signed the "Third Generation Partnership Project Agreement." The initial scope of 3GPP's work is to formulate global applicable technical specifications and technical reports for the third-generation mobile communication system. The third-generation mobile communication system is based on the developed GSM core network and the wireless access technologies they support, mainly UMTS. Subsequently, the scope of work of 3GPP has been improved, and the research...

AI Technical Summary

Problems solved by technology

[0040] However, only at least one of the indicator field in the header of the NAS message, the type of the NAS message, the NAS security state variable, and the indication according to the RRC protocol can satisfy subsequent encryption and decryption or integrity check It is necessary, and the COUNT value corresponding to related messages such as NAS messages cannot be clearly determined, which will also bring hidden dangers to security verification

More importantly, verification failures cannot be avoided in the process of implementing SMC according to protocol standards, and there may be cases where verification should pass but fail due to incomplete protocol methods

[0041] In short, according to the existing data processing method, in some cases, the SMC message verification will pass the second time, that is, the timing of the downlink message affects the COUNT value

The more serious situation is that some protocol implementations do not consider the timing of downlink messages, and then do not perform secondary verification, which makes the SMC verification fail and the link establishment fails.

Images