阅读说明：本技术 非接入层消息安全的指示方法、装置、amf设备、终端及介质 (Indicating means, device, AMF equipment, terminal and the medium of non-access layer information safety ) 是由 谢振华 于 2018-08-10 设计创作，主要内容包括：本发明公开了一种非接入层消息安全的指示方法、装置、AMF设备、终端及介质。所述指示方法包括：第一接入管理功能AMF激活新非接入层NAS信令密钥；第一AMF接收到来自第二AMF的上下文转移请求,使用新NAS信令密钥或使用旧NAS信令密钥验证所述上下文转移请求；所述旧NAS信令密钥为所述第一AMF激活所述新NAS信令密钥前已有的NAS信令密钥。本发明有效地解决多接入场景移动更新失败的问题。(The invention discloses indicating means, device, AMF equipment, terminal and the media of a kind of non-access layer information safety.The indicating means includes: that the first access management function AMF activates new Non-Access Stratum NAS signaling key；First AMF receives the context transfer request from the 2nd AMF, using new NAS signaling key or uses context transfer request described in old NAS signaling key authentication；The old NAS signaling key is that the first AMF activates existing NAS signaling key before the new NAS signaling key.The present invention efficiently solves the problem of multiple access scene mobile update failure.)

1. a kind of indicating means of non-access layer information safety, which is characterized in that the described method includes:

First access management function AMF activates new Non-Access Stratum NAS signaling key；

First AMF receives the context transfer request from the 2nd AMF, using new NAS signaling key or uses old NAS signaling Context transfer request described in key authentication；The old NAS signaling key is that the first AMF activates the new NAS signaling close Existing NAS signaling key before key.

2. the method as described in claim 1, which is characterized in that the first AMF receives the context from the 2nd AMF and turns Request is moved, using the new NAS signaling key or uses context transfer request described in old NAS signaling key authentication, comprising:

First AMF receive from the 2nd AMF carrying instruction information context transfer request, using with it is described Indicate context transfer request described in the corresponding new NAS signaling key of information or old NAS signaling key authentication.

3. method according to claim 1 or 2, which is characterized in that the first access management function AMF activation is new non-access Layer NAS signaling key, comprising:

First AMF sends safe mode command to terminal；

The safe mode that first AMF receives the terminal is completed.

4. method according to claim 1 or 2, which is characterized in that the instruction information is by the 2nd AMF received from described Terminal.

5. a kind of indicating means of non-access layer information safety, which is characterized in that the described method includes:

Terminal sends the non-access layer information for carrying instruction information；The instruction information is used to indicate the Non-Access Stratum being most recently received The command property of message is that safe mode command or the instruction information are used to indicate the non-access layer information being most recently received and are not Safe mode command.

6. a kind of indicating means of non-access layer information safety, which is characterized in that the described method includes:

First access management function AMF receives the context transfer request from the 2nd AMF, is believed using new Non-Access Stratum NAS Enable context transfer request described in key authentication；

In authentication failed, the first AMF sends failure cause information to the 2nd AMF, and the failure cause information is used Terminal is allowed to retransmit non-access layer information in instruction.

7. method as claimed in claim 6, which is characterized in that the first access management function AMF is received from second The context transfer request of AMF, before context transfer request described in new Non-Access Stratum NAS signaling key authentication, comprising:

First AMF activates the new NAS signaling key.

8. the method for claim 7, which is characterized in that the first AMF activates the new NAS signaling key, comprising:

First AMF sends safe mode command to terminal；

The safe mode that first AMF receives the terminal is completed.

9. a kind of indicating means of non-access layer information safety, which is characterized in that the described method includes:

Second access management function AMF forwarding carrys out the content of the access layer information of self terminal to the first AMF；

2nd AMF receives the failure cause information from the first AMF, and the transmission of Xiang Suoshu terminal retries instruction, described to retry instruction Being used to indicate allows terminal UE to retransmit message.

10. a kind of indicating means of non-access layer information safety, which is characterized in that the described method includes:

Terminal sends non-access layer information to the 2nd AMF；

The terminal, which is received, retries instruction from the 2nd AMF, retransmits the non-access layer information.

11. a kind of instruction device of non-access layer information safety, which is characterized in that described device includes:

Active module, for activating new Non-Access Stratum NAS signaling key；

Authentication module is received, for receiving the context transfer request from the 2nd AMF, for using new NAS signaling key Or use context transfer request described in old NAS signaling key authentication；The old NAS signaling key is to activate the new NAS letter Enable the existing NAS signaling key of the first AMF before key.

12. device as claimed in claim 11, which is characterized in that the reception authentication module comes from specifically for receiving The context transfer request of the carrying instruction information of 2nd AMF, it is close using new NAS signaling corresponding with the instruction information Context transfer request described in key or old NAS signaling key authentication.

13. the device as described in claim 11 or 12, which is characterized in that the active module is specifically used for sending to terminal Safe mode command；The safe mode for receiving the terminal is completed.

14. the device as described in claim 11 or 12, which is characterized in that the instruction information by the 2nd AMF received from The terminal.

15. a kind of instruction device of non-access layer information safety, which is characterized in that described device includes:

Transmission unit, for sending the non-access layer information for carrying instruction information；It is nearest that the instruction information is used to indicate terminal The command property of the non-access layer information received is that safe mode command or the instruction information are used to indicate terminal and are most recently received Non-access layer information be not safe mode command.

16. a kind of instruction device of non-access layer information safety, which is characterized in that described device includes:

It receives authentication unit and uses new Non-Access Stratum NAS signaling for receiving the context transfer request from target AMF Context transfer request described in key authentication；

Indicating unit is retried, in authentication failed, Xiang Suoshu target AMF to send failure cause information, the failure cause Information, which is used to indicate, allows terminal to retransmit non-access layer information.

17. device as claimed in claim 6, which is characterized in that described device further include:

Unit is activated, for activating the new NAS signaling key.

18. device as claimed in claim 17, which is characterized in that the activation unit is specifically used for sending safety to terminal Mode command；The safe mode for receiving the terminal is completed.

19. a kind of instruction device of non-access layer information safety, which is characterized in that described device includes:

Forwarding module, for forwarding the content for carrying out the access layer information of self terminal to the first AMF；

Indicating module is retried, for receiving the failure cause information from the first AMF, the transmission of Xiang Suoshu terminal retries instruction, institute Stating to retry instruction and be used to indicate allows terminal UE to retransmit message.

20. a kind of instruction device of non-access layer information safety, which is characterized in that described device includes:

Sending module, for sending non-access layer information to the 2nd AMF；

Module is retransmitted, instruction is retried from the 2nd AMF for receiving, retransmits the non-access layer information.

21. a kind of access management function AMF equipment, which is characterized in that the equipment includes memory and processor, the storage Device is stored with the instruction computer program of non-access layer information safety, and the processor executes the computer program to realize such as The step of any one of claim 1-4 the method.

22. a kind of terminal, which is characterized in that the equipment includes memory and processor, and the memory is stored with non-access The instruction computer program of layer message safety, the processor execute the computer program to realize as claimed in claim 5 The step of method.

23. a kind of access management function AMF equipment, which is characterized in that the equipment includes memory and processor, the storage Device is stored with the instruction computer program of non-access layer information safety, and the processor executes the computer program to realize such as The step of any one of claim 6-8 the method.

24. a kind of access management function AMF equipment, which is characterized in that the equipment includes memory and processor, the storage Device is stored with the instruction computer program of non-access layer information safety, and the processor executes the computer program to realize such as The step of claim 9 the method.

25. a kind of access management function AMF equipment, which is characterized in that the equipment includes memory and processor, the storage Device is stored with the instruction computer program of non-access layer information safety, and the processor executes the computer program to realize such as The step of claim 10 the method.

26. a kind of computer readable storage medium, which is characterized in that the storage medium is stored at least one of computer Program: the first, second, third, fourth and fifth computer program；

First computer program can be executed by least one processor, to realize such as any one of claim 1-4 institute The step of stating method；

The second computer program can be executed by least one processor, the step of to realize method as claimed in claim 5；

The third computer program can be executed by least one processor, to realize such as any one of claim 6-8 institute The step of stating method；

4th computer program can be executed by least one processor, the step of to realize method as claimed in claim 9；

5th computer program can be executed by least one processor, to realize the step of method as claimed in claim 10 Suddenly.

Technical field

The present invention relates to field of communication technology, more particularly to a kind of indicating means of non-access layer information safety, device, AMF equipment, terminal and medium.

Background technique

Currently, Non-Access Stratum (NAS, Non Access when a kind of multiple access connection core net in the prior art Stratum) message security processing is under multiple access scene, access management function (AMF, Authentication Management Function) execute key updating cross Cheng Qian, in case of mobile update, mobile update may be will fail.

Aiming at the problem that failure of above-mentioned mobile update, effective solution scheme is not provided in the prior art.

Summary of the invention

In order to overcome drawbacks described above, the technical problem to be solved in the present invention is to provide a kind of fingers of non-access layer information safety Show method, apparatus, AMF equipment, terminal and medium, to solve the problems, such as that multiple access scene mobile update fails.

In order to solve the above technical problems, the indicating means packet of one of embodiment of the present invention non-access layer information safety It includes:

First access management function AMF activates new Non-Access Stratum NAS signaling key；

First AMF receives the context transfer request from the 2nd AMF, using new NAS signaling key or uses old NAS Context transfer request described in signaling key authentication；The old NAS signaling key is the first AMF activation new NAS letter Enable existing NAS signaling key before key.

In order to solve the above technical problems, one of embodiment of the present invention access management function AMF equipment, including memory And processor, the memory are stored with the instruction computer program of non-access layer information safety, described in the processor executes The step of computer program is to realize method as described above.

In order to solve the above technical problems, one of embodiment of the present invention computer-readable recording medium storage has the first meter Calculation machine program；

First computer program can be executed by least one processor, the step of to realize method as described above.

In order to solve the above technical problems, the indicating means packet of one of embodiment of the present invention non-access layer information safety It includes:

Terminal sends the non-access layer information for carrying instruction information；The instruction information is used to indicate be most recently received non-and connects The command property for entering layer message is that safe mode command or the instruction information are used to indicate the non-access layer information being most recently received It is not safe mode command.

In order to solve the above technical problems, one of embodiment of the present invention terminal includes memory and processor, it is described to deposit Reservoir is stored with the instruction computer program of non-access layer information safety, and the processor executes the computer program to realize The step of method as described above.

In order to solve the above technical problems, one of embodiment of the present invention computer-readable recording medium storage has the second meter Calculation machine program；

The second computer program can be executed by least one processor, the step of to realize the method in this way.

In order to solve the above technical problems, the indicating means packet of one of embodiment of the present invention non-access layer information safety It includes:

First access management function AMF receives the context transfer request from the 2nd AMF, uses new Non-Access Stratum Context transfer request described in NAS signaling key authentication；

In authentication failed, the first AMF sends failure cause information, the failure cause letter to the 2nd AMF Breath, which is used to indicate, allows terminal to retransmit non-access layer information.

In order to solve the above technical problems, one of embodiment of the present invention access management function AMF equipment, feature exist In the equipment includes memory and processor, and the memory is stored with the instruction computer journey of non-access layer information safety Sequence, the processor execute the step of computer program is to realize method as described above.

In order to solve the above technical problems, one of embodiment of the present invention computer-readable recording medium storage has third meter Calculation machine program；

The third computer program can be executed by least one processor, to realize the method any one of as above The step of.

In order to solve the above technical problems, the indicating means packet of one of embodiment of the present invention non-access layer information safety It includes:

Second access management function AMF forwarding carrys out the access layer information of self terminal to the first AMF；

2nd AMF receives the failure cause information from the first AMF, and the transmission of Xiang Suoshu terminal retries instruction, described to retry Instruction, which is used to indicate, allows terminal UE to retransmit message.

In order to solve the above technical problems, one of embodiment of the present invention access management function AMF equipment, including memory And processor, the memory are stored with the instruction computer program of non-access layer information safety, described in the processor executes The step of computer program is to realize method as described above.

In order to solve the above technical problems, one of embodiment of the present invention computer-readable recording medium storage has the 4th meter Calculation machine program；

4th computer program can be executed by least one processor, the step of to realize method as described above.

In order to solve the above technical problems, the indicating means packet of one of embodiment of the present invention non-access layer information safety It includes:

Terminal sends non-access layer information to the 2nd AMF；

The terminal, which is received, retries instruction from the 2nd AMF, retransmits the non-access layer information.

In order to solve the above technical problems, one of embodiment of the present invention access management function AMF equipment includes memory And processor, the memory are stored with the instruction computer program of non-access layer information safety, described in the processor executes The step of computer program is to realize method as described above.

In order to solve the above technical problems, one of embodiment of the present invention computer-readable recording medium storage has the 5th meter Calculation machine program；

5th computer program can be executed by least one processor, the step of to realize method as described above.

In order to solve the above technical problems, the instruction device of one of embodiment of the present invention non-access layer information safety sets packet It includes:

Active module, for activating new Non-Access Stratum NAS signaling key；

Authentication module is received, for receiving the context transfer request from the 2nd AMF, for using new NAS signaling Key uses context transfer request described in old NAS signaling key authentication；The old NAS signaling key is that activation is described new The existing NAS signaling key of first AMF before NAS signaling key.

In order to solve the above technical problems, the instruction device packet of one of embodiment of the present invention non-access layer information safety It includes:

Transmission unit, for sending the non-access layer information for carrying instruction information；The instruction information is used to indicate terminal It is nearest that the command property for the non-access layer information being most recently received is that safe mode command or the instruction information are used to indicate terminal The non-access layer information received is not safe mode command.

In order to solve the above technical problems, the instruction device packet of one of embodiment of the present invention non-access layer information safety It includes:

It receives authentication unit and uses new Non-Access Stratum NAS for receiving the context transfer request from target AMF Context transfer request described in signaling key authentication；

Indicating unit is retried, in authentication failed, Xiang Suoshu target AMF to send failure cause information, the failure Cause information, which is used to indicate, allows terminal to retransmit non-access layer information.

In order to solve the above technical problems, the instruction device packet of one of embodiment of the present invention non-access layer information safety It includes:

Forwarding module, for forwarding the content for carrying out the access layer information of self terminal to the 2nd AMF；

Indicating module is retried, for receiving the failure cause information from the first AMF, the transmission of Xiang Suoshu terminal retries finger Show, it is described retry instruction be used to indicate allow terminal UE retransmit message.

In order to solve the above technical problems, the instruction device packet of one of embodiment of the present invention non-access layer information safety It includes:

Sending module, for sending non-access layer information to the 2nd AMF；

Module is retransmitted, instruction is retried from the 2nd AMF for receiving, retransmits the non-access layer information.

The present invention has the beneficial effect that:

The each embodiment of the present invention effectively solves under multiple access scene, and access management function executes the process of key updating Before, in case of mobile update, the problem of mobile update may will fail.

The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.

Detailed description of the invention

By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:

Fig. 1 is a kind of indicating means flow chart of optional non-access layer information safety in the embodiment of the present invention；

Fig. 2 is the indicating means flow chart of another optional non-access layer information safety in the embodiment of the present invention；

Fig. 3 is the indicating means flow chart of the optional non-access layer information safety of another in the embodiment of the present invention；

Fig. 4 is the indicating means flow chart of the optional non-access layer information safety of another in the embodiment of the present invention；

Fig. 5 is the indicating means flow chart of the optional non-access layer information safety of another in the embodiment of the present invention；

Fig. 6 is the indicating means flow chart of the optional non-access layer information safety of another in the embodiment of the present invention；

Fig. 7 is the indicating means flow chart of the optional non-access layer information safety of another in the embodiment of the present invention.

Specific embodiment

Third generation partner program (3GPP, 3rd Generation Partnership Project) proposes one kind Multiple access connects Non-Access Stratum (NAS, Non Access Stratum) message security processing when core net, and Fig. 1 is existing The flow chart one of NAS message safe handling when some multiple access mobile updates, the process include the following steps:

Step 101: terminal UE passes through wireless WIFI and non-3 gpp interactive function (N3IWF, Non-3GPP Interworking Function) with source AMF establish data connection, terminal UE (may not marked also by source base station in figure simultaneously Data connection is established with source AMF out)；

Step 102: source AMF determines the new NAS cipher key sets of activation, then sends safe mode command to terminal UE, than Such as send Security Mode Command message；

Step 103: terminal UE receives Security Mode Command message, generates new NAS signaling protection key, and terminal UE is to source AMF sends safe mode and completes, for example sends Security Mode Complete message, and source AMF receives safe mode completion, Also new NAS signaling protection key is accordingly generated, to complete the activation of new NAS signaling protection key；

Step 104: terminal UE moves, and is moved under the covering of target BS (gNB), then pass through target gNB to Target AMF sends registration request, for example Registration Request message occurs, and protects key using new NAS signaling The message is protected, i.e., check code MAC is generated based on new NAS signaling protection key and the message, message reaches target gNB；

Step 105: target gNB forwards the message to target AMF；

Step 106: target AMF sends context transfer request to source AMF, for example Transfer UE Context occurs Request message carries the registration request received；

Step 107: the NAS signaling protection key of source AMF has updated, then using new NAS signaling protection key and receipts To context transfer request in registration request verify check code MAC, since MAC is raw based on new NAS signaling protection key At, therefore be proved to be successful, then source AMF sends context transfer response to target AMF, for example sends Transfer UE Context Response message carries UE context；

Step 108: target AMF sends registration to terminal UE by target gNB and receives, for example sends Registration Accept message.

The flowchart 2 of NAS message safe handling when Fig. 2 is existing multiple access mobile update, the process include following step It is rapid:

Step 201: terminal UE passes through wireless WIFI and non-3 gpp interactive function (N3IWF, Non-3GPP Interworking Function) with source AMF establish data connection, terminal UE (may not marked also by source base station in figure simultaneously Data connection is established with source AMF out)；

Step 202: terminal UE moves, and is moved under the covering of target BS (gNB), then pass through target gNB to Target AMF sends registration request, for example Registration Request message occurs, and is protected using existing NAS signaling close Key (old key) protects the message, i.e., generates check code MAC based on existing NAS signaling protection key and the message, message arrives Up to target gNB；

Step 203: simultaneously with step 202, or point, source AMF determine the new NAS cipher key sets of activation a little earlier or a little later, in It is safe mode command to be sent to terminal UE, for example send Security Mode Command message；

Step 204: after step 202, the message that target gNB forwarding receives gives target AMF；

Step 205: terminal UE receives Security Mode Command message, generates new NAS signaling protection key, and terminal UE is to source AMF sends safe mode and completes, for example sends Security Mode Complete message, and source AMF receives safe mode completion, Also new NAS signaling protection key is accordingly generated, to complete the activation of new NAS signaling protection key；

Step 206: after step 204, target AMF sends context transfer request to source AMF, for example Transfer occurs UE Context Request message, carries the message from target gNB received；

Step 207: the NAS signaling protection key of source AMF has updated, then using new NAS signaling protection key and receipts To context transfer request in the check code MAC that carries in the information authentication message that carries, since MAC is based on old NAS Signaling protects key to generate, therefore authentication failed, and then source AMF sends verification failure to target AMF, for example sends Transfer UE Context Failure message；

Step 208: target AMF sends registration failure to terminal UE by target gNB, for example sends Registration Failure message.

It can be seen that under multiple access scene from the above existing method, if the Cheng Qian that crosses that AMF executes key updating sends out Raw mobile update, mobile update may will fail.Based on this, the present invention provides a kind of instruction side of non-access layer information safety Method, device, AMF equipment, terminal and medium.Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Though Show the exemplary embodiment of the disclosure in right attached drawing, it being understood, however, that may be realized in various forms the disclosure without It should be limited by the embodiments set forth herein.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and And the scope of the present disclosure can be fully disclosed to those skilled in the art.

In subsequent description, it is only using the suffix for indicating such as " module ", " component " or " unit " of element Be conducive to explanation of the invention, itself there is no a specific meaning.Therefore, " module ", " component " or " unit " can mix Ground uses.

Using for distinguishing element " first ", the prefixes such as " second " only for being conducive to explanation of the invention, Itself is without specific meaning.

Mobile terminal can be mobile phone, tablet computer, laptop, palm PC, personal digital assistant (Personal Digital Assistant, PDA), portable media player (Portable Media Player, PMP), navigation device, Wearable device, Intelligent bracelet, pedometer etc..