– A network connection method is performed by a terminal, and the method comprises: establishing a pre-connection with a to-be-accessed device, and the to-be-accessed device being a device to access network; generating a first key pair, and sending a first public key In the first key pair to the to-be-accessed device; generating a first shared key based on the first key pair and first key negotiation information corresponding to the to-be-accessed device; encrypting network configuration information of a network device by using the first shared key, to obtain encrypted network configuration information; and sending the encrypted network configuration information to the to-be-accessed device, to allow the to-be-accessed device to decrypt the encrypted network configuration information by a second shared key, and access the network device based on the decrypted network configuration information. –

The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

A device within a small cell may establish a first secure communication channel between the device and a network device based on a first type of encryption. The device within the small cell may transmit data between the small cell and a core network via the first secure communication channel. The device within the small cell may receive information associated with a second type of encryption, wherein the second type of encryption is different from the first type of encryption. The device within the small cell may terminate the first secure communication channel. The device within the small cell may establish a second secure communication channel between the device and the network device based on the information associated with the second type of encryption. The device within the small cell may transmit further data between the small cell and the core network via the second secure communication channel.

A device within a small cell may establish a first secure communication channel between the device and a network device based on a first type of encryption. The device within the small cell may transmit data between the small cell and a core network via the first secure communication channel. The device within the small cell may receive information associated with a second type of encryption, wherein the second type of encryption is different from the first type of encryption. The device within the small cell may terminate the first secure communication channel. The device within the small cell may establish a second secure communication channel between the device and the network device based on the information associated with the second type of encryption. The device within the small cell may transmit further data between the small cell and the core network via the second secure communication channel.

A method for handling broadcast information is described. A first network node (111) operating in a wireless communications network (100) determines (403) one or more decryption keys (K1, K2, K3) to be provided to a wireless device (131) in the wireless communications network (100). The decryption keys enable the wireless device (131) to decrypt information to be broadcasted by a second network node (112) in the wireless communications network (100). The information comprises a plurality of subsets of positioning information. Each of the subsets is to be, or is, encrypted with a different encryption key based on a respective type of subscription for wireless devices (131, 132, 133) in the wireless communications network (100). The determined decryption keys are based on at least one type of subscription of the wireless device (131). The first network node (111) then initiates (404) providing the determined to the wireless device (131).

A method for handling broadcast information is described. A first network node (111) operating in a wireless communications network (100) determines (403) one or more decryption keys (K1, K2, K3) to be provided to a wireless device (131) in the wireless communications network (100). The decryption keys enable the wireless device (131) to decrypt information to be broadcasted by a second network node (112) in the wireless communications network (100). The information comprises a plurality of subsets of positioning information. Each of the subsets is to be, or is, encrypted with a different encryption key based on a respective type of subscription for wireless devices (131, 132, 133) in the wireless communications network (100). The determined decryption keys are based on at least one type of subscription of the wireless device (131). The first network node (111) then initiates (404) providing the determined to the wireless device (131).

Provided are an information transmission method, a network device and a terminal device. The method comprises: a first network device obtains indication information, the indication information being used for indicating integrity protection (IP) check failure of data on a data radio bearer (DRB); the first network device sends the indication information to a second network device. In embodiments of the present application, by means of the indication information, the second network device can update a secret key of the terminal device during the IP check failure of data on the DRB, or the second network device can release RRC connection of the DRB. In this way, the potential safety hazard is eliminated, the communication security is ensured, and therefore, the success rate of data transmission is improved.

Provided are an information transmission method, a network device and a terminal device. The method comprises: a first network device obtains indication information, the indication information being used for indicating integrity protection (IP) check failure of data on a data radio bearer (DRB); the first network device sends the indication information to a second network device. In embodiments of the present application, by means of the indication information, the second network device can update a secret key of the terminal device during the IP check failure of data on the DRB, or the second network device can release RRC connection of the DRB. In this way, the potential safety hazard is eliminated, the communication security is ensured, and therefore, the success rate of data transmission is improved.

A method and apparatus for supporting security in a radio resource control (RRC) inactive state in a wireless communication system is provided. A user equipment (UE) receives information on multiple security variables, of which each variable is mapped to each of multiple counter values, respectively. The UE calculates a security parameter and/or updating a UE identifier (ID) based on a security variable among the security variables which is mapped to a corresponding counter value among the multiple counter values, and transmits a radio resource control (RRC) resume request message including the calculated security parameter and/or the updated UE ID. The counter value may be increase whenever a timer expires or an RRC reject message is received as a response to the RRC resume request message.