A communication method, device and system

By configuring network devices to disallow insecure redirection, terminal devices ignore redirection messages, thus resolving the problem of fake base station attacks and ensuring communication security and normal call functionality.

CN122248418APending Publication Date: 2026-06-19HONOR DEVICE CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HONOR DEVICE CO LTD
Filing Date
2024-12-17
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

When user equipment accesses a fake base station, existing protocols cannot effectively prevent insecure redirection, increasing the risk of attacks.

Method used

By configuring network devices to disallow insecure redirection, the terminal device receives an instruction and ignores the redirection message, ensuring that insecure redirection is not performed in preset scenarios, such as MO call or MT call scenarios. Network policy IE is used to control redirection behavior.

Benefits of technology

It effectively avoids fake base station attacks, ensures communication security, and prevents call interruption caused by insecure redirection of the UE.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122248418A_ABST
    Figure CN122248418A_ABST
Patent Text Reader

Abstract

This application provides a communication method, device, and system, relating to the field of communication technology. The method prevents a UE from being redirected to a 2G or 3G network when the network device configuration disallows insecure redirection, thereby avoiding attacks from fake base stations. The method may include: receiving a first message indicating that insecure redirection is not allowed; after entering a preset scenario, receiving a second message indicating redirection to a first network. The first network is a 2G or 3G network. The preset scenario includes: initiating a mobile call (MO) scenario or receiving a mobile call (MT) scenario; and ignoring the second message based on the first message.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of communication technology, and in particular to a communication method, device and system. Background Technology

[0002] In current communication systems, user equipment (UE) may be vulnerable to attack when connected to fake base stations.

[0003] Existing protocols have been supplemented to address this situation. Some network devices using updated protocols can configure network policy IEs for UEs using updated protocols, allowing the UE to be instructed on whether to allow insecure redirects via the network policy IE.

[0004] When the network device instructs the UE not to perform insecure redirection, the UE can avoid falling back to the 2G or 3G network corresponding to the fake base station based on the fake base station's redirection instruction. This helps avoid being attacked by the fake base station.

[0005] In some solutions, to avoid disrupting the UE's call function, the UE will still attempt to redirect even when the network device is configured to disallow insecure redirection. This increases the likelihood of the UE being attacked. Summary of the Invention

[0006] This application provides a communication method, device, and system that allows a UE to prevent redirection to 2G or 3G networks when network device configuration disallows insecure redirection. This helps avoid attacks from fake base stations.

[0007] To achieve the above technical objectives, this application adopts the following technical solution:

[0008] Firstly, a communication method is provided, applied to a terminal device. The method includes: receiving a first message indicating that insecure redirection is not allowed; upon entering a preset scenario, receiving a second message indicating redirection to a first network; and ignoring the second message based on the first message. For example, the first network may be a 2G or 3G network.

[0009] In this way, even in preset scenarios, the UE can still refrain from performing insecure redirects based on the network device's pre-configured instructions that insecure redirects are not allowed. This effectively avoids redirecting to a fake base station's network in preset scenarios (such as MO calls or MT calls) to maintain service, thereby reducing the probability of being attacked and improving UE communication security.

[0010] Optionally, the preset scenarios include: initiating a mobile call (MO call) scenario, or receiving a mobile call (MT call) scenario. It is understood that in an MO call or MT call scenario, the UE can use CSFB to fall back from a higher-standard (e.g., 4G) network to a 2G or 3G network to conduct calls via the 2G or 3G network.

[0011] Optionally, before receiving the second message, the method further includes: determining, based on the sent third message, that the preset scenario has been entered. The third message includes a Service request for requesting call services. In MO call or MT call scenarios, the third message may also include different type identifiers. These different type identifiers are used to indicate that the current Service request is for requesting to initiate a call or to answer a call.

[0012] Optionally, the first message includes a first field configured to indicate that insecure redirection is not allowed. Alternatively, the first message does not include the first field.

[0013] Optionally, this first field is used to indicate the Network Policy Information Element (IE).

[0014] When the first network device sending the first message is a Legacy network device, it will not carry the first field because the protocol rules corresponding to the network policy IE have not been updated. When the first network device sending the first message is an Upgraded network device, it can carry the first field because the protocol rules corresponding to the network policy IE have been updated, thereby instructing the UE not to allow insecure redirection.

[0015] Optionally, before receiving the first message, the method further includes: accessing a second network, the second network corresponding to the first network device. Receiving the first message includes: receiving a first message from the first network device. For example, the second network can be a normally providing service network (i.e., a non-fake base station network).

[0016] Optionally, the second network is a 4G network.

[0017] Optionally, the first message may include a Tracking Area Update Confirmation (TAU Accept) or an Attach Confirmation (AttachAccept).

[0018] Optionally, before receiving the first message, the method further includes sending a fourth message, which includes a TAU request or an Attach request.

[0019] Optionally, the terminal device is configured with an identifier bit, the value of which is used to indicate whether insecure redirection is allowed. After receiving the first message, the method further includes: configuring the identifier bit with a second value according to the first message to indicate that insecure redirection is not allowed.

[0020] Optionally, ignoring the second message based on the first message includes: ignoring the second message based on the identifier bit being a second value.

[0021] Optionally, before entering the preset scenario, the method further includes: reselecting to camp on a third network, which corresponds to the second network device. Receiving the second message includes: receiving a second message from the second network device. In some examples, the third network may be a fake base station.

[0022] Optionally, the second message may include an RRC release.

[0023] Optionally, the third network is a 4G network.

[0024] Taking a fake base station as an example, the second network device can typically induce a UE to camp on the network corresponding to the fake base station during reselection by using a strong signal. In this example, the second network device can have 4G communication capabilities. Thus, the UE can reselect and camp on the 4G network corresponding to the fake base station. Consequently, the fake base station can use this 4G network to instruct the UE to fall back to a 2G or 3G network also established by the fake base station, allowing the fake base station to attack the UE through the 2G or 3G network.

[0025] Optionally, the first message is used to indicate whether insecure redirection is not allowed, specifically including: the first message is used to indicate whether insecure redirection to a 2G or 3G network is not allowed.

[0026] Optionally, the insecure redirection includes: a received redirection indication if no security configuration is received.

[0027] Optionally, the failure to receive a security configuration includes an incomplete Security Mode Command (SMC) procedure. In some implementations, this incomplete SMC procedure can be an incomplete AS SMC procedure. Correspondingly, the UE will not obtain the security configuration configured by the network device through the AS SMC procedure, and therefore will not perform communication based on that security configuration. For example, the subsequent redirection can be an insecure redirection.

[0028] Secondly, a communication method is provided, applied to a first network device. The method includes sending a first message indicating that insecure redirection is not allowed. This allows a terminal device, upon entering a preset scenario and receiving a second message from a second network device, to ignore the second message based on the first message. The second message indicates redirection to the first network.

[0029] Optionally, the preset scenarios include: initiating a mobile call (MO call) scenario, or receiving a mobile call (MT call) scenario.

[0030] Optionally, after entering a preset scenario, the method further includes: receiving a third message, which includes a Service request for requesting call services.

[0031] Optionally, the first message includes a first field configured to indicate that insecure redirection is not allowed. Alternatively, the first message does not include the first field.

[0032] Optionally, this first field is used to indicate the Network Policy Information Element (IE).

[0033] Optionally, the first message may include a Tracking Area Update Confirmation (TAU Accept) or an Attach Confirmation (AttachAccept).

[0034] Optionally, before sending the first message, the method further includes receiving a fourth message, which includes a TAU request or an Attach request.

[0035] Optionally, the first message is used to indicate whether insecure redirection to 2G or 3G networks is not allowed.

[0036] Optionally, the insecure redirection includes: a redirection corresponding to a redirection instruction sent when no security configuration has been configured for the UE.

[0037] Optionally, the failure to configure security settings for the UE includes not completing the Security Mode Command (SMC) procedure with the UE. In some implementations, this failure to complete the SMC procedure can be replaced by not completing the AS SMC procedure. Correspondingly, the first network device will not configure the security settings configured by the network device for the UE through the AS SMC procedure, and therefore will not conduct communication based on these security settings.

[0038] Optionally, the first network is a 2G or 3G network.

[0039] Thirdly, a terminal device is provided, comprising: a memory and one or more processors. The memory and the processors are coupled. The memory stores computer program code, which includes computer instructions. When the processor executes the computer instructions, it causes the terminal device to perform the technical solutions provided in the first aspect and any possible implementation thereof.

[0040] Fourthly, a communication system is provided, comprising a terminal device as provided in the second aspect, and a first network device. The first network device is used to indicate whether the terminal device does not allow insecure redirection. Exemplarily, the first network device can be used to implement the technical solutions provided in the second aspect and any possible implementation thereof.

[0041] Fifthly, a network device is provided for performing the functions described in the second aspect and any possible implementation thereof.

[0042] Sixthly, this application also provides a chip system applied to a terminal device; the chip system may include one or more interface circuits and one or more processors. The interface circuits and processors are interconnected via lines, and the interface circuits are used to receive signals from the memory of the electronic device and send the signals to the processors, the signals including computer instructions stored in the memory. When the processor executes the aforementioned computer instructions, the terminal device executes the technical solutions provided in the first aspect and any possible implementation thereof.

[0043] In a seventh aspect, this application also provides a chip system applied to a first network device; the chip system may include one or more interface circuits and one or more processors. The interface circuits and processors are interconnected via lines, and the interface circuits are used to receive signals from the memory of the electronic device and send the signals to the processors, the signals including computer instructions stored in the memory. When the processor executes the aforementioned computer instructions, the first network device executes the technical solutions provided in the second aspect and any possible implementation thereof.

[0044] Eighthly, this application also provides a computer-readable storage medium including computer instructions that, when executed on a terminal device, cause the terminal device to perform the technical solutions provided in the first aspect and any possible implementation thereof.

[0045] Ninthly, this application also provides a computer-readable storage medium including computer instructions that, when executed on a first network device, cause the first network device to perform the technical solutions provided in the second aspect and any possible implementation thereof.

[0046] In a tenth aspect, this application also provides a computer program product that, when run on a computer, causes the computer to execute the technical solutions provided in the first aspect and any possible implementation thereof.

[0047] In the eleventh aspect, this application also provides a computer program product that, when run on a computer, causes the computer to execute the technical solutions provided in the second aspect and any possible implementation thereof.

[0048] It is understood that the solutions provided in the second to eleventh aspects of this application can be respectively associated with the first aspect and any of its possible designs, and therefore the beneficial effects achieved are similar, which will not be repeated here. Attached Figure Description

[0049] Figure 1 A schematic diagram illustrating a communication scenario provided in an embodiment of this application;

[0050] Figure 2 A schematic diagram of the interaction flow of a communication method provided in an embodiment of this application;

[0051] Figure 3 A schematic diagram of the interaction flow of another communication method provided in an embodiment of this application;

[0052] Figure 4 A schematic diagram of the interaction flow of another communication method provided in an embodiment of this application;

[0053] Figure 5 A schematic diagram of the interaction flow of another communication method provided in an embodiment of this application;

[0054] Figure 6 A schematic diagram of the interaction flow of another communication method provided in an embodiment of this application;

[0055] Figure 7 A schematic diagram of the interaction flow of another communication method provided in an embodiment of this application;

[0056] Figure 8 This is a schematic diagram of the composition of a terminal device provided in an embodiment of this application;

[0057] Figure 9 This is a schematic diagram illustrating the composition of another terminal device provided in an embodiment of this application;

[0058] Figure 10 This is a schematic diagram of the composition of a chip system provided in an embodiment of this application. Detailed Implementation

[0059] Hereinafter, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this embodiment, unless otherwise stated, "a plurality of" means two or more.

[0060] Electronic devices can achieve wireless communication functions through network devices such as base stations. These wireless communication functions can include wireless communication technologies corresponding to different standards such as 2G, 3G, 4G, 5G, and 6G.

[0061] refer to Figure 1 This provides a schematic diagram of a communication scenario. The example uses an electronic device as a user equipment (UE).

[0062] In this scenario, network device A may include base station A, MME entity A, etc. Network device A provides 4G network communication capabilities. Network device B may include base station B, MME entity B, etc. Network device B provides 2G network communication capabilities.

[0063] The UE can communicate with network device A via 4G or with network device B via 2G.

[0064] The UE can be configured to prioritize communication with 4G base stations, which offer higher speeds and greater security. In contrast, 2G networks are less secure.

[0065] After a UE accesses a 4G network, if the UE needs to make a call (such as making or receiving a call), the UE can switch to camp on a 2G or 3G network via Circuit Switched Fallback (CSFB) to facilitate calls over either the 2G or 3G network.

[0066] In this CSFB scenario, upon receiving a service request related to a call from the UE, the network device can send a redirection instruction to the UE, instructing the UE to redirect to a 2G or 3G network. In this way, the UE can use CSFB to fall back and camp on the 2G or 3G network to provide call services.

[0067] For example, refer to Figure 2 This provides a schematic diagram of the interaction process of a communication method.

[0068] like Figure 2 As shown, the process may include:

[0069] S201, UE accesses network A of network device A.

[0070] For example, network A can be a 4G network. After the UE accesses network device A, it can communicate with network device A via network A using 4G.

[0071] S202, UE sends request message 21 to network device A.

[0072] For example, the request information 21 may include an attach request or a tracking area update (TAU) request.

[0073] S203, Network device A sends response message 22 to UE.

[0074] For example, if request information 21 includes an Attach request, the response message 22 may include Attach Accept. If request information 21 includes a TAU request, the response message 22 may include TAU Accept.

[0075] S204. Network device A sends a redirection instruction 23 to the UE.

[0076] In some embodiments, redirection instruction 23 may include an RRC release message. This redirection instruction 23 may be used to indicate a redirection to network B. For example, network B may include a 2G or 3G network.

[0077] S205, The UE accesses network B of network device B.

[0078] In this way, the UE can disconnect from network device A according to redirection instruction 23. The UE can then establish a connection with network device B's network B for subsequent communication. For example, the UE can conduct communication related to voice services on network B.

[0079] Understandably, in a 4G network, after a UE establishes a connection with a base station (such as network device A), network device A can configure security policies (such as encryption policies) for the UE through a Security Mode Control (SMC) process. In this way, the UE can perform subsequent communication with network device A according to the received security policy.

[0080] How Figure 2 In the example shown, the UE can complete the redirection to network device B before completing the SMC procedure.

[0081] In some scenarios, base station B in network device B can be a fake base station, i.e., an illegal base station. These fake base stations can establish a network disguised as a 2G network, so that after the UE accesses the fake base station, the fake base station can attack the UE through fake SMS messages, phone calls, etc., such as performing a man-in-the-middle (MITM) attack.

[0082] It should be noted that, in the embodiments of this application, the SMC process can be an Access Stratum (AS) SMC process and / or a Non-Access Stratum (NAS) SMC process.

[0083] During the AS SMC process, the base station can send AS SMC information to the UE. This AS SMC information may include the selection of a security algorithm (such as securityConfigSMC{securityAlgorIthmConfig}).

[0084] During the NAS SMC process, core network equipment (such as the Mobile Management Entity (MME)) can send NAS SMC information to the base station. This NAS SMC information may include at least one of the following: the security algorithm selected by the NAS, UE security functions, IMEISV request, ngKSI, additional 5G security information, etc.

[0085] Take the SMC process, which includes the AS SMC process, as an example.

[0086] When the UE completes the AS SMC procedure, it can obtain security configurations, such as the selected security algorithm. The UE can then use these security configurations for subsequent communication with network devices. Conversely, if the AS SMC procedure is not completed, the UE does not receive security configurations. The UE can then engage in unencrypted communication with network devices. This unencrypted communication has lower security.

[0087] Before completing the SMC process, the UE does not encrypt messages exchanged with network devices. This means that after being redirected to network B, the UE may be vulnerable to attacks from network device B.

[0088] To counter attacks from fake base stations, some solutions allow network devices to configure a Network Policy Information Element (Network policy IE) for the UE, instructing the UE on its handling strategy for subsequent redirection information.

[0089] For example, when the network policy IE is configured to 0, the UE can allow insecure redirection to the GSM / EDGE Radio Access Network (GERAN) or the UMTS Terrestrial Radio Access Network (UTRAN). That is, the UE can allow insecure redirection to 2G or 3G networks.

[0090] When the network policy IE is configured to 1, the UE may not be allowed to perform insecure redirects to GERAN or UTRAN.

[0091] Insecure redirection can refer to a redirection to a 2G or 3G network performed by the UE without receiving a security policy from the network device (i.e., without completing the Security Mode Command (SMC) process) (such as in a CSFB scenario).

[0092] Thus, in this embodiment of the application, allowing insecure redirection can correspond to: allowing redirection to a 2G or 3G network without completing the ASSMC process.

[0093] Correspondingly, secure redirection is not allowed, that is: redirection to 2G or 3G networks is not allowed without completing the AS SMC process.

[0094] As an example, see reference Figure 3 This is a schematic diagram of the interaction process of another communication method provided in the embodiments of this application.

[0095] In this application, we take the example where both the UE and the network device have updated the aforementioned protocol regarding the network policy IE. Thus, the UE can be an upgraded UE, and the network device can be an upgraded network device (such as an upgraded network device, including an upgraded eNB and an upgraded MME, etc.).

[0096] Correspondingly, UEs that have not updated the above-mentioned network policy IE can be Legacy UEs, and network devices that have not updated the above-mentioned network policy IE can be Legacy network devices.

[0097] like Figure 3 As shown, this scheme takes an Upgraded UE and a Legacy network device A as an example. The SMC process is not completed before network device A sends redirection indication 23.

[0098] like Figure 3 As shown, the solution may include:

[0099] S301, The UE accesses network A of network device A. For example, network A can be a 4G network.

[0100] S302, the UE sends a request message 31 to network device A. For example, similar to the example in S202, the request message 31 may include an Attach request or a TAU request.

[0101] S303, Network device A sends response message 32 to UE. For example, similar to the example in S203, response message 32 may include Attach Accept or TAU Accept.

[0102] In this example, network device A can be a legacy network device. Therefore, the network policy IE may not be included in the response message 32 sent by network device A to the UE.

[0103] S304: According to response message 32, which does not include the network policy IE, the UE does not allow insecure redirection.

[0104] In this example, if the upgraded UE does not receive the network policy IE, it is equivalent to receiving the network policy IE, and the network policy IE field is configured to 1. That is, after the upgraded UE receives response message 22, insecure redirection is not allowed.

[0105] S305, Network device A sends redirection instruction 33 to UE.

[0106] For example, the redirection instruction 33 can instruct the UE to redirect to another network (such as network B).

[0107] In this example, the UE did not complete the AS SMC procedure with network device A before receiving the redirection indication 33. Therefore, the redirection indicated by redirection indication 33 can be an insecure redirection. Redirection indication 33 can be an insecure redirection indication.

[0108] According to the description in S304, the upgraded UE is not allowed to perform insecure redirection. Therefore, after receiving the redirection indication 33, the upgraded UE will not perform redirection to the network B indicated by the redirection indication 33.

[0109] That is, after receiving the redirection instruction 33 from the Legacy network device, the upgraded UE may fail to perform the CSFB.

[0110] Thus, if a user wants to use the call function in a scenario where the IP Multimedia Subsystem (IMS) is unavailable, the call function will be unavailable due to the UE not performing redirection. In some embodiments of this application, the scenario in which the user uses the call function may include initiating a Mobile Originated Call (MO call) (i.e., the user operates the UE to make a phone call). In other embodiments of this application, the scenario in which the user uses the call function may include answering a Mobile Terminated Call (MT call) (i.e., the user operates the UE to answer a phone call).

[0111] The following explanation uses the MO call scenario as an example.

[0112] To avoid this problem, some solutions include... Figure 3 The process shown has been improved for MO call scenarios.

[0113] For example, refer to Figure 4 This is a schematic diagram of the interaction process of a communication method. Continuing with the example, the UE is an upgraded UE, and the network device is a legacy network device.

[0114] like Figure 4 As shown, the solution may include:

[0115] S401, UE accesses network A of network device A.

[0116] S402, The UE sends a request message 41 to network device A.

[0117] S403, Network device A sends response message 42 to UE.

[0118] S404: The UE does not allow insecure redirection because the network policy IE is not included in response message 42.

[0119] For example, the processing steps of S401-S404 can be referred to Figure 3 The details of S301-S304 are not elaborated here.

[0120] Thus, as Figure 4 As shown, an upgraded UE can determine not to respond to subsequent insecure redirection indications based on the fact that the received response message 42 does not include the network policy IE.

[0121] In this example, the UE can be configured using the following S405-S409 to avoid the problem of being unable to make calls via CSFB network switching in MO call scenarios.

[0122] S405, UE performs MO call under the user's instruction.

[0123] S406, UE prepares for a call with network device A.

[0124] For example, such as Figure 4 As shown, the call preparation in step S406 may include: the UE sending a service request 43 to network device A. In some embodiments, the service request 43 may include a service request. The service request 43 may be used to request the network to provide call services. In some embodiments, the service request 43 may be used to request a fallback from the 4G network to the 2G / 3G network to facilitate calls based on the 2G / 3G network.

[0125] Upon receiving a MO call instruction from the user, the UE can generate a service request 43. The UE can then send this service request 43 to network device A, which is currently connected to the network (e.g., network A).

[0126] In some embodiments, call preparation may further include: an RRC setup procedure between the UE and network device A. It is understood that after the UE accesses network A, if there is no communication need for a period of time, network device A may release the communication resources between itself and the UE. However, if the UE has new communication needs (such as in a MO call scenario), the UE can re-establish an RRC connection with network device A through this RRC connection procedure and communicate with network A using the newly configured communication resources.

[0127] It is understandable that in other scenarios, the call preparation process may differ from the above description. In this application, after call preparation, the UE can establish an RRC connection with network device A for subsequent communication.

[0128] S407, Network device A sends a redirection instruction 44 to the UE.

[0129] For example, network device A can configure relevant information for redirection to other networks to the UE via redirection instruction 44. For example, this relevant information may include the frequency, standard, etc. of the redirected network.

[0130] In this example, the UE did not complete the AS SMC procedure with network device A before receiving the redirection indication 44. Therefore, the redirection indicated by redirection indication 44 can be an insecure redirection. Redirection indication 44 can be an insecure redirection indication.

[0131] S408, UE can choose to switch to network B.

[0132] In this example, the UE can be configured to autonomously choose the network to camp on after receiving redirection instruction 44, provided that it is currently in an MO call scenario.

[0133] In some examples, the UE can determine that it is currently in an MO call scenario based on the Service request that has been sent (or has been sent within a preset time) to request call services.

[0134] In other words, if the upgraded UE does not respond to subsequent insecure redirection indications after S404, the UE can be adjusted to respond to subsequent insecure redirection indications in MO call scenarios.

[0135] Unlike the response mechanism described above where the network device configures the network policy IE to 0 for the UE (i.e., allows insecure redirection to GSM / EDGE wireless access networks), in this example, the UE can autonomously decide which network to switch to after receiving redirection indication 44. In other words, the UE can choose to camp on a network different from the one indicated by redirection indication 44.

[0136] In this example, we take the UE's autonomous selection to switch to network B as an example. Network B can be the network corresponding to network device B. Network B can include a 2G network or a 3G network.

[0137] S409, UE accesses network B of network device B.

[0138] For example, the UE can switch to network B via CSFB. Thus, the UE can communicate with network device B through network B, enabling normal MO calls.

[0139] The above Figure 4In the provided solution, when the UE has updated its policy to "Upgraded UE" and the network device is a Legacy network device, the UE may encounter a situation where insecure redirection is not allowed because it has not received the network policy IE field. Therefore, the UE can be specifically configured for MO call scenarios, enabling it to autonomously choose the network to camp on after receiving a redirection instruction, thus ensuring the normal operation of MO calls.

[0140] It is understandable that the above MO call scenario can be extended or replaced with other communication scenarios (such as MT call). For example, in an MT call scenario, when the UE is in IDLE mode, network device A can initiate paging of the UE. Correspondingly, after receiving the paging, the UE can send a Service request corresponding to the call service to network device A. Thus, through steps S407-S409, the UE can ensure the normal operation of the MT call by switching to network B.

[0141] The Service request for the call service can include Service requests in MO call scenarios and Service requests in MT call scenarios. In some implementations, Service requests in different scenarios can be configured with different identifiers to distinguish between MO call and MT call scenarios.

[0142] In subsequent examples, we will continue to use the MO call scenario as an example. Correspondingly, the execution logic in the MT call scenario can be adjusted accordingly based on the above description, and will not be repeated here.

[0143] However, this may result in the following: Figure 2 The risk of fake base station attacks in China.

[0144] For example, combining Figure 4 The example in the text uses base station B in network device B as a fake base station. When the UE receives redirection instruction 44 and chooses to switch to network B, it will switch from network A to network B corresponding to the fake base station. This leads to the risk of fake base station attacks.

[0145] Based on this, the embodiments of this application also provide a communication method that, while ensuring the normal operation of communication in preset scenarios such as MO call, reduces the risk of UE being attacked due to switching to a fake base station.

[0146] For example, refer to Figure 5This is an interactive flowchart of a communication method provided in an embodiment of this application. In this example, the UE is an Upgraded UE, and network device A is an Upgraded network device.

[0147] This example also involves network device C and network device B (not shown in the figure). Network device C can be a 4G network device corresponding to a fake base station. Network device B can be a 2G / 3G network device corresponding to a fake base station. In some implementations, network device B and network device C can be the same device entity. In other implementations, network device B and network device C can be separate.

[0148] like Figure 5 As shown, the solution may include:

[0149] S501, The UE accesses network A of network device A. Network A is also called the second network. Network device A is also called the first network device.

[0150] For example, the execution of S501 can be referred to Figure 4 S401 in the example. In this example, network A is a 4G network and network device A is a 4G network device.

[0151] S502, the UE sends a request message 51 to network device A. This request message 51 can also be called the fourth message.

[0152] For example, the execution of S502 can be referred to Figure 4 S402 in the middle.

[0153] In some embodiments, request message 51 may include a TAU request or an Attach request.

[0154] S503, Network device A sends response message 52 to UE. This response message 52 can also be called the first message.

[0155] For example, the execution of S503 can be referred to Figure 4 S403 in the middle.

[0156] In some embodiments, the response message 52 may include TAU Accept or Attach request.

[0157] In this example, network device A, as an upgraded network device, can carry a network policy IE in response message 52. This network policy IE allows the UE to be configured with subsequent handling logic for insecure redirects. In response message 52, the field corresponding to the network policy IE can be the first field.

[0158] As explained above, insecure redirection can include receiving a redirection instruction from the network before the UE has completed the SMC procedure. This redirection instruction can be used to instruct redirection to a 2G or 3G network.

[0159] As an upgraded network device, network device A can carry a network policy IE in response message 52 to indicate the UE's subsequent handling strategy for insecure redirection.

[0160] In this example, the network policy IE is configured as 1 in response message 52, which indicates that the UE does not allow insecure redirection.

[0161] S504, According to response message 52, the UE does not allow insecure redirection.

[0162] For example, the UE can be configured with an indicator bit corresponding to the network policy IE. The value of this indicator bit can be used to indicate whether to respond to insecure redirection.

[0163] In some embodiments, when the flag bit is set to a first value, it corresponds to the UE allowing insecure redirection. In some implementations, the UE's flag bit can be configured to the first value by default, corresponding to the UE allowing insecure redirection by default.

[0164] In other embodiments, when the flag is set to a second value, it corresponds to the UE not allowing insecure redirection.

[0165] In this example, the UE configures the flag bit to the second value according to the network policy IE configuration of 1 received in response message 52. This corresponds to disallowing insecure redirection.

[0166] S505, UE reselects to camp on network C.

[0167] After establishing a connection with network device A, the UE can enter IDLE mode if there is no service demand for an extended period. Afterward, the UE can reselect a cell to camp on another network.

[0168] In this example, assuming the UE's current location is within the coverage area of ​​network C, network C refers to the 4G network corresponding to network device C. Network device C is also the network device corresponding to the fake base station. Network C is also referred to as the third network. Network device C is also referred to as the second network device.

[0169] Generally, by providing a strong signal, a fake base station can allow a UE to reselect and access the network corresponding to the fake base station.

[0170] In this way, after the UE performs cell reselection, it can determine that it will camp on the network C corresponding to network device C.

[0171] S506, UE performs MO call under the user's instruction.

[0172] In this way, after receiving an instruction from the user to make a call, the UE can perform an MO call, i.e., enter the MO call scenario. In other embodiments, this MO call scenario can also be replaced with other preset scenarios.

[0173] S507, UE and network device C prepare for a call.

[0174] For example, such as Figure 5 In the example above, after entering an MO call scenario, the UE can prepare for a call with the network device C corresponding to its currently camped network (e.g., network C) by sending a service request 53 (including a service request) to network device C and / or initiating an RRC establishment procedure. This service request 53 can also be referred to as a third message.

[0175] Service request 53 can be used to request fallback (such as via CSFB) to a 2G or 3G network so that calls can be made over the 2G or 3G network.

[0176] S508, Network device C sends redirection instruction 54 to UE. This redirection instruction 54 can also be referred to as the second message.

[0177] For example, the redirection instruction 54 can be used to instruct the UE to redirect to network B (the first network).

[0178] In this case, the UE has not completed the AS SMC procedure with the network device (such as network device C) before receiving the redirection indication 54. Therefore, the redirection indicated by the redirection indication 54 can be an insecure redirection. The redirection indication 54 can be an insecure redirection indication.

[0179] It is understandable that network device C, as the network device corresponding to the fake base station, can use this redirection instruction 54 to instruct the UE to fall back to a 2G or 3G network (such as network B) that is also issued by the fake base station. This allows the fake base station to launch an attack on the UE through network B.

[0180] S509: The UE determines whether insecure redirection is not allowed. If insecure redirection is not allowed, the call ends. If insecure redirection is allowed, S510 is executed, i.e., the UE autonomously selects and connects to the network it intends to camp on.

[0181] In this example, the UE can determine whether unsafe redirection is not allowed after receiving redirection indication 54.

[0182] In some embodiments, the UE can determine whether to disallow insecure redirection based on the value of the flag bit indicating whether insecure redirection is allowed.

[0183] For example, a UE can determine whether insecure redirection is allowed if the flag bit is set to the first value.

[0184] For example, the UE can determine that insecure redirection is not allowed if the value of the flag bit is the second value.

[0185] Referring to the description in S504, in this example, we take the UE configuring the identifier bit to the second value according to response message 52 as an example.

[0186] Therefore, the UE can determine that unsafe redirection is not allowed, and thus terminate the current call.

[0187] Through this Figure 5 In the illustrated example, network device A can instruct the UE not to allow insecure redirection via response message 52. Therefore, even if the UE reselects to the network of the fake base station, it will not be redirected to the 2G or 3G network indicated by the fake base station due to entering preset scenarios such as MO calls. This prevents attacks on the UE by the fake base station through the 2G or 3G network.

[0188] The above Figure 5 In the example, network device A instructs the UE not to allow insecure redirection by responding to message 52.

[0189] refer to Figure 6 This is an interactive flowchart of another communication method provided in an embodiment of this application. In this example, network device A instructs the UE to allow insecure redirection by responding to message 62.

[0190] For example, such as Figure 6 As shown, the solution may include:

[0191] S601, UE accesses network A of network device A.

[0192] S602, UE sends request message 61 to network device A.

[0193] S603, Network device A sends response message 62 to UE.

[0194] For example, the execution process of S601-S603 can be referred to Figure 5 S501-S503 in the middle.

[0195] In Figure 6 In the example, network device A can carry network policy IE configured to 0 in response message 62. This indicates that the UE allows insecure redirection to a 2G or 3G network.

[0196] S604, the UE allows insecure redirection based on response message 62.

[0197] For example, the UE can configure the identifier bit to a first value according to response message 62. This corresponds to allowing insecure redirection.

[0198] S605, UE reselects to camp on network C.

[0199] S606, UE performs MO call under the user's instruction.

[0200] S607, UE and network device C prepare for a call.

[0201] S608, Network device C sends a redirection instruction 64 to the UE.

[0202] For example, the execution of S605-S608 can be referred to Figure 5 The explanations of S505-S508 are not repeated here.

[0203] S609: The UE determines whether insecure redirection is not allowed. If insecure redirection is not allowed, the call ends. If insecure redirection is allowed, S610 is executed, i.e., access is made to the network indicated by redirection indication 64.

[0204] In this example, the UE can execute S609 after receiving redirection instruction 64 after entering the MO call scenario.

[0205] In some embodiments, the UE can determine whether to enter an MO call scenario based on a Service request that has been sent to initiate a call.

[0206] Based on the example in S604, the UE can determine in S609 that it is configured to allow insecure redirection.

[0207] In this way, the UE can execute S610, that is, to perform redirected access and camp on the network indicated by Redirection Instruction 64. Then, it can continue subsequent services (such as making a call) on the network indicated by Redirection Instruction 64.

[0208] The above Figure 5 and Figure 6 In the examples, network device A is always used as the example of an upgraded network device.

[0209] refer to Figure 7 Taking network device A as an example of a Legacy network device, the solution provided in the embodiments of this application will be described.

[0210] like Figure 7 As shown, the solution may include:

[0211] S701, UE accesses network A of network device A.

[0212] S702, the UE sends a request message 71 to network device A.

[0213] S703, Network device A sends response message 72 to UE.

[0214] For example, the execution process of S701-S703 can be referred to Figure 4 S401-S403 in the middle.

[0215] In Figure 7 In the example, network device A, which is a legacy network device, can omit the network policy IE in response message 72.

[0216] S704, UE, according to response message 72, does not allow insecure redirection.

[0217] For example, the UE can configure the flag bit to the second value if the response message 72 does not carry the network policy IE. This indicates that insecure redirection is not allowed.

[0218] S705, UE reselects to camp on network C.

[0219] S706, UE performs MO call under the user's instruction.

[0220] S707, UE and network device C prepare for a call.

[0221] S708, Network device C sends a redirection instruction 74 to the UE.

[0222] For example, the execution of S705-S708 can be referred to Figure 5 The explanations of S505-S508 are not repeated here.

[0223] S709: The UE determines whether insecure redirection is not allowed. If insecure redirection is not allowed, the call ends. If insecure redirection is allowed, S710 is executed, i.e., the UE autonomously selects and connects to the network it intends to camp on.

[0224] Referring to the example in S704, the UE can determine in S709 that it is configured to disallow insecure redirection. This allows the UE to terminate the call, avoiding spoofing attacks that could occur if it falls back to a spoofed base station's 2G or 3G network via CSFB.

[0225] Thus, combined Figures 5-7As explained in the embodiments of this application, in the solution provided, the UE can, in a preset scenario (such as MO call, MT call, etc.), receive a redirection indication (i.e., an insecure redirection indication) without completing the AS SMC process, and then perform subsequent processing based on whether it has been configured to disallow insecure redirection. For example, the UE can choose not to perform the insecure redirection if it has been configured to disallow insecure redirection. Taking the MO call scenario as an example, the UE can end the call, thereby avoiding fake base station attacks caused by CSFB fallback to the 2G or 3G network of a fake base station.

[0226] It should be noted that in the above example, network device A is a 4G network device. The above scheme enables the UE to reasonably perform CSFB fallback to 2G or 3G network to ensure call service and reduce the probability of attack.

[0227] In other embodiments, network device A can also be a 5G or 6G network device. Correspondingly, when network device A is an upgraded network device, it can also configure network policy IE to the UE via a 5G or 6G network. The UE can use the solution provided in any of the above embodiments to achieve the effect of ensuring call service while reducing the probability of attack. Further details are omitted.

[0228] It is understood that the electronic device provided in this application embodiment includes hardware structures and / or software modules corresponding to perform each function in order to achieve the above-mentioned functions. Those skilled in the art should readily recognize that, in conjunction with the units and algorithm steps of the various examples described in the embodiments disclosed herein, the embodiments of this application can be implemented in hardware or a combination of hardware and computer software. Whether a function is executed by hardware or by computer software driving hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of the embodiments of this application.

[0229] It should be noted that in the solutions provided in this application embodiment, the UE can be an electronic device. This electronic device may include at least one of the following: mobile phone, foldable electronic device, tablet computer, desktop computer, laptop computer, handheld computer, laptop, ultra-mobile personal computer (UMPC), netbook, cellular phone, personal digital assistant (PDA), augmented reality (AR) device, virtual reality (VR) device, artificial intelligence (AI) device, wearable device, in-vehicle device, smart home device, or smart city device. This application embodiment does not impose any special limitations on the specific type of electronic device.

[0230] The above descriptions of the solutions provided in the embodiments of this application are all from the perspective of the UE. An example of the hardware structure composition of a terminal device (i.e., UE) is provided in the embodiments of this application.

[0231] In this example, the terminal device may include a processor, an external memory interface, internal memory, a Universal Serial Bus (USB) interface, a charging management module, a power management module, a battery, antenna 1, antenna 2, a mobile communication module, a wireless communication module, a sensor module, buttons, a motor, an indicator, a camera, a display screen, and a SIM card slot, etc. The audio module may include a speaker, a receiver, a microphone, a headphone jack, etc., and the sensor module may include a pressure sensor, a gyroscope sensor, a barometric pressure sensor, a magnetic sensor, an accelerometer, a proximity sensor, a proximity light sensor, a fingerprint sensor, a temperature sensor, a touch sensor, an ambient light sensor, a bone conduction sensor, etc.

[0232] It is understood that the structures illustrated in the embodiments of this application do not constitute a specific limitation on the terminal device. In other embodiments, the terminal device may include more or fewer components, or combine some components, or split some components, or have different component arrangements. The aforementioned components may be implemented in hardware, software, or a combination of software and hardware.

[0233] The processor may include one or more processing units, such as an application processor (AP), a modem (also known as a baseband processor), a graphics processing unit (GPU), an image signal processor (ISP), a controller, a video codec, a digital signal processor (DSP), and / or a neural network processing unit (NPU). Different processing units may be independent devices or integrated into one or more processors. The processor is the central nervous system and command center of the terminal device. The controller generates operation control signals based on instruction opcodes and timing signals to control instruction fetching and execution.

[0234] The wireless communication function of the terminal device can be implemented through antenna 1, antenna 2, mobile communication module, wireless communication module, and modem, etc. In some embodiments, antenna 1 of the terminal device is coupled to the mobile communication module, and antenna 2 is coupled to the wireless communication module, enabling the terminal device to communicate with network-side devices and other terminal devices through wireless communication technology.

[0235] In addition, an operating system runs on top of the aforementioned components. For example The company developed operating system, The company developed Open source operating system The company developed Operating systems, etc.

[0236] The operating system of a terminal device can adopt a layered architecture, event-driven architecture, microkernel architecture, microservice architecture, or cloud architecture. This application's embodiment uses a layered architecture. Taking the system as an example, the hardware and software structure of the terminal device is illustrated. It should be noted that, although the embodiments of this application use... The system is used as an example for explanation, but its basic principles also apply to systems based on... or Terminal devices with operating systems such as [list of operating systems].

[0237] For example, refer to Figure 8 This is a software structure block diagram of a terminal device provided in an embodiment of this application. The software structure adopts a layered architecture, which divides the software into several layers, each with a clear role and division of labor. Layers communicate with each other through software interfaces. system, Taking the system running on an AP as an example, in some embodiments, the Android system is divided into five layers, from top to bottom: the application layer, the application framework layer (Framework), the Android runtime and system libraries, the hardware abstraction layer (HAL), and the system kernel layer (Kernel).

[0238] The application layer can include a series of application packages. These packages may include apps for camera, gallery, calendar, call, map, WLAN, Bluetooth, music, video, and SMS. The application layer may also include the system UI, which displays the terminal device's interface, such as the signal icon corresponding to the SIM card or the call interface. The application framework layer provides the application programming interface (API) and programming framework for the applications in the application layer. The application framework layer includes some predefined functions. For example, it may include a window manager, content provider, view system, phone manager, resource manager, and notification manager. The phone manager provides the terminal device's call functionality, such as managing call status (including connection and disconnection). Figure 8 In this context, it is represented by telephony. The application framework layer may also include the RIL (Radio Interface Layer), through which the modem processor can interact with the telephony.

[0239] like Figure 8 As shown, the system library of the terminal device can be configured with a surface manager, a 3D graphics processing library, a 2D graphics engine, a media library, etc.

[0240] The HAL layer of a terminal device can be configured with display HAL, camera HAL, audio HAL, sensor HAL, etc. One or more drivers can be configured at the kernel layer, such as display driver, audio driver, camera driver, and sensor driver.

[0241] A modem may include a NAS (Non-Access Stratum) layer, an RRC (Radio Resource Control) layer, a Packet Data Convergence Protocol (PDCP) layer, a Radio Link Control (RLC) layer, a Medium Access Control (MAC) layer, and a Physical (PHY) layer. Each of these layers can be a software module. The modem interacts with the base station via an antenna.

[0242] also, Figure 9 The diagram shown illustrates the composition of a terminal device 900 according to some embodiments of this application. The terminal device 900 includes one or more processors 901 and a memory 902. The memory 902 stores computer program code, which includes computer instructions. When one or more processors 901 execute the computer instructions, the terminal device performs the technical solutions provided in any of the embodiments described above.

[0243] refer to Figure 10 This application provides a schematic diagram of the composition of a chip system 1000 according to some embodiments. The chip system 1000 is applied to a terminal device and includes at least one processor 1001 and a communication interface 1002. The communication interface 1002 is used to receive instructions and transmit them to the at least one processor 1001; the at least one processor 1001 executes instructions to cause the terminal device to perform the aforementioned communication method. The chip system may be a modem, or a system-on-a-chip (SoC) including a modem, and the aforementioned method may be implemented by a modem.

[0244] In other embodiments of this application, the chip system includes a processing circuit, a receiving pin, and a transmitting pin. The receiving pin, the transmitting pin, and the processing circuit communicate with each other via internal interconnection paths. The processing circuit executes the communication method provided in any of the above embodiments to control the receiving pin to receive signals and to control the transmitting pin to transmit signals.

[0245] Furthermore, this application provides a terminal device that has the function of implementing the behavior of the terminal device in any of the above method embodiments. The function can be implemented by hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the various sub-functions described above. Specifically, the terminal device can be a user device, such as a mobile phone.

[0246] This application provides a network device that has the function of implementing the behavior of network device A in any of the above method embodiments. The function can be implemented by hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the various sub-functions described above. Specifically, the network device may include access network equipment (such as a base station), or the network device may include both access network equipment and core network equipment (such as an MME).

[0247] This application also provides a communication system, which includes the network device (such as network device A) and terminal device described in any of the above embodiments.

[0248] This application also provides a computer-readable storage medium storing a computer program thereon. When executed by a computer, the computer program implements the method flow related to the terminal device in any of the above method embodiments. Specifically, the computer can be the aforementioned terminal device.

[0249] This application also provides a computer program or a computer program product including a computer program, which, when executed on a computer, will cause the computer to implement the method flow related to the terminal device in any of the above method embodiments. Specifically, the computer can be the aforementioned terminal device.

[0250] This application also provides a computer program or a computer program product including a computer program, which, when executed on a computer, causes the computer to implement the method flow related to the network device in any of the above method embodiments. Specifically, the computer can be the aforementioned network device.

[0251] This application also provides an apparatus for use in a terminal device. The apparatus is coupled to a memory and is used to read and execute instructions stored in the memory, enabling the terminal device to execute the method flow related to the terminal device in any of the above method embodiments. The memory may be integrated into the processor or may be independent of the processor. The apparatus may be a chip on the terminal device. In some implementations, the chip may be a System on a Chip (SoC).

[0252] It should be understood that the processor mentioned in the embodiments of the present invention can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor.

[0253] It should also be understood that the memory mentioned in the embodiments of the present invention can be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. The volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of RAM are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced Synchronous DRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct Rambus RAM (DR RAM).

[0254] It should be noted that the memories described herein are intended to include, but are not limited to, these and any other suitable types of memories.

[0255] The functions, actions, operations, or steps in the above embodiments can be implemented, in whole or in part, by software, hardware, firmware, or any combination thereof. When implemented using software programs, they can be implemented, in whole or in part, in the form of a computer program product. This computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of this application are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium accessible to a computer or include one or more data storage devices such as servers and data centers that can be integrated with the medium. The available media can be magnetic media (e.g., floppy disks, hard disks, magnetic tapes), optical media (e.g., DVDs), or semiconductor media (e.g., solid-state disks, SSDs), etc.

[0256] Although this application has been described in conjunction with specific features and embodiments, it is obvious that various modifications and combinations can be made thereto without departing from the scope of this application. Accordingly, this specification and drawings are merely exemplary illustrations of the application as defined by the appended claims, and are considered to cover any and all modifications, variations, combinations, or equivalents within the scope of this application. Clearly, those skilled in the art can make various alterations and modifications to this application without departing from the scope of this application. Thus, if such modifications and modifications of this application fall within the scope of the claims of this application and their equivalents, this application is also intended to include such modifications and modifications.

Claims

1. A communication method, characterized in that, The method is applied to a terminal device, and the method includes: Receive a first message, which indicates that unsafe redirection is not allowed; Upon entering a preset scenario, a second message is received, which indicates redirection to a first network; the first network is a 2G or 3G network; the preset scenario includes: initiating a mobile call MO call 1 scenario, or receiving a mobile call MT call 1 scenario; Based on the first message, ignore the second message.

2. The method according to claim 1, characterized in that, Before receiving the second message, the method further includes: Based on the fact that a third message has been sent to the network device, it has been determined that the preset scenario has been entered; The third message includes a Service request for requesting call services.

3. The method according to claim 1 or 2, characterized in that, The first message includes a first field configured to indicate that insecure redirection is not allowed; or, The first message does not include the first field.

4. The method according to claim 3, characterized in that, The first field is used to indicate the Network Policy Information Element (IE).

5. The method according to any one of claims 1-4, characterized in that, Before receiving the first message, the method further includes: Access to a second network, which corresponds to the device in the first network; Receiving the first message includes: Receive the first message from the first network device.

6. The method according to claim 5, characterized in that, The second network is a 4G network.

7. The method according to claim 5 or 6, characterized in that, The first message includes either a Tracking Area Update Confirmation (TAU Accept) or an Attach Confirmation (Attach Accept).

8. The method according to claim 7, characterized in that, Before receiving the first message, the method further includes: Send a fourth message, which may include a TAU request or an Attach request.

9. The method according to any one of claims 1-8, characterized in that, The terminal device is configured with an indicator bit, the value of which is used to indicate whether insecure redirection is allowed; After receiving the first message, the method further includes: Based on the first message, the flag bit is configured with a second value to indicate that unsafe redirection is not allowed.

10. The method according to claim 9, characterized in that, The step of ignoring the second message based on the first message includes: The second message is ignored if the flag bit is set to the second value.

11. The method according to any one of claims 1-10, characterized in that, Before entering the preset scene, the method further includes: The device is reselected and camped on a third network, which corresponds to the second network device; the second network device is a fake base station. The receipt of the second message includes: Receive a second message from the second network device.

12. The method according to claim 11, characterized in that, The second message includes an RRC release.

13. The method according to claim 11 or 12, characterized in that, The third network is a 4G network.

14. The method according to any one of claims 1-13, characterized in that, The first message is used to indicate whether insecure redirection is not allowed, specifically including: The first message is used to indicate whether insecure redirection to a 2G or 3G network is not allowed.

15. The method according to claim 14, characterized in that, The insecure redirection corresponds to the insecure redirection indication, which includes a redirection indication received when no security configuration is received.

16. The method according to claim 15, characterized in that, The lack of received security configuration includes: The Access Layer Security Mode (AS) command SMC procedure was not completed.

17. A terminal device, characterized in that, The terminal device includes: a memory and one or more processors; the memory and the processors are coupled. The memory is used to store computer program code, which includes computer instructions. When the processor executes the computer instructions, it causes the terminal device to perform the method as described in any one of claims 1-16.

18. A communication system, characterized in that, The communication system includes the terminal device as described in claim 17, and a first network device; The first network device is used to indicate whether the terminal device does not allow insecure redirection.