Mobile communication method, apparatus, and device
First Claim
1. A mobile communication method, comprising:
- sending, by a user equipment (UE), and attach request message to a mobility management entity, wherein the attach request message includes a first UE security capability of the UE;
receiving, by the UE, a non-access stratum (NAS) security mode command message from the mobility management entity, wherein the NAS security mode command message comprises a first hash value, an integrity algorithm, a key identifier, a first NAS message authentication code (NAS-MAC) of the NAS security mode command message, and a second UE security capability;
calculating, by the UE, a second NAS-MAC of the NAS security mode command message;
determining, by the UE, whether the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability;
in response to determining that the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability, determining, by the UE, whether a second hash value is consistent with the first hash value, wherein the second hash value is a hash value of the attach request message; and
sending, by the UE, the first NAS security mode complete message to the mobility management entity in response to determining that the second hash value is inconsistent with the first hash value, wherein the first NAS security mode complete message having integrity protection comprises the attach request message.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to mobile communications technologies, and in particular, to a mobile communication method, apparatus, and device. The method includes receiving, by user equipment (UE), a non-access stratum (NAS) security mode command message from a mobility management entity (MME), where the NAS security mode command message carries first verification matching information used to verify UE capability information received by the MME, determining, by the UE based on the first verification matching information, whether the UE capability information received by the MME is consistent with UE capability information sent by the UE to the MME, and, if the UE capability information received by the MME is consistent with the UE capability information sent by the UE to the MME, sending, by the UE, a NAS security mode complete message to the MME.
25 Citations
20 Claims
-
1. A mobile communication method, comprising:
-
sending, by a user equipment (UE), and attach request message to a mobility management entity, wherein the attach request message includes a first UE security capability of the UE; receiving, by the UE, a non-access stratum (NAS) security mode command message from the mobility management entity, wherein the NAS security mode command message comprises a first hash value, an integrity algorithm, a key identifier, a first NAS message authentication code (NAS-MAC) of the NAS security mode command message, and a second UE security capability; calculating, by the UE, a second NAS-MAC of the NAS security mode command message; determining, by the UE, whether the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability; in response to determining that the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability, determining, by the UE, whether a second hash value is consistent with the first hash value, wherein the second hash value is a hash value of the attach request message; and sending, by the UE, the first NAS security mode complete message to the mobility management entity in response to determining that the second hash value is inconsistent with the first hash value, wherein the first NAS security mode complete message having integrity protection comprises the attach request message. - View Dependent Claims (2, 3)
-
-
4. A mobile communication method, comprising:
-
receiving, by a mobility management entity, a first attach request message from user equipment (UE), wherein the first attach request message comprises a UE security capability; and sending, by the mobility management entity, a non-access stratum (NAS) security mode command message to the UE, wherein the NAS security mode command message comprises a first hash value of the attach request message, an integrity algorithm, a key identifier, a first NAS message authentication code (NAS-MAC) of the NAS security mode command message, and a the UE security capability or a hash value of the UE security capability. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A mobile communications apparatus, wherein the apparatus is deployed in a user equipment (UE) and comprises:
-
at least one processor; and a memory coupled to the at least one processor and having program instructions stored thereon which, when executed by the at least one processor, cause the apparatus to; send an attach request message to a mobility management entity, wherein the attach request message including a first UE security capability of the UE; receive a non-access stratum (NAS) security mode command message from the mobility management entity, wherein the NAS security mode command message comprises a first hash value, an integrity algorithm, a key identifier, a first NAS message authentication code (NAS-MAC) of the NAS security mode message, and a second UE security capability; calculate a second NAS-MAC of the NAS security mode command message; determine whether the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability; in response to determining that the second NAS-MAC is consistent with the first NAS-MAC and the first UE security capability is consistent with the second UE security capability, determine whether a second hash value is consistent with the first hash value, wherein the second has value is a hash value of the attach request message; and send a first NAS security mode complete message to the mobility management entity in response to determining that the second hash value is inconsistent with the first hash value, wherein the first NAS security mode complete message having integrity protection comprises the attach request message. - View Dependent Claims (12, 13)
-
-
14. A mobility management entity, comprising:
-
at least one processor; and a memory coupled to the at least one processor and having program instructions stored thereon which, when executed by the at least one processor, cause the entity to; receive a first attach request message from user equipment (UE), wherein the first attach request message comprises a second UE security capability; and send a non-access stratum (NAS) security mode command message to the UE, wherein the NAS security mode command message comprises a first hash value of the first attach request message, and integrity algorithm, a key identifier, a first NAS message authentication code (NAS-MAC) of the NAS security mode command message, and the second UE security capability. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification