In a communication system, a device (typically a mobile device) termed user equipment (UE) communicates wirelessly with a radio access network. Communications between the UE and the radio access network are effected in accordance with a multi-layered communications protocol.
The 3GPP 25.331 specification classifies a Security Mode Command procedure shown in FIG. 1 between the UE 102 and the radio access network 105.
The security consists of two aspects, optional ciphering and mandatory integrity protection. Ciphering provides encryption according to a ciphering configuration to ensure that all signaling and data messages transmitted between the UE and the radio access network are ciphered over the air interface to provide data confidentiality. Integrity protection provides protection against message manipulation between the UE and the radio access network. That is, integrity protection prevents third parties from sending unauthorized signaling messages between the UE and radio access network. Typically, both ciphering and integrity protection are enabled during a call.
As part of the Security Mode Command procedure the radio access network sends a Security Mode Command 112 using the Radio Resource Control (RRC) protocol to the UE with an indication of a new integrity protection configuration and new cipher configuration. In response to the Security Mode Command, the UE sends an RRC Security Mode Complete message 116 to the radio access network. In response to receiving the Security Mode Complete message from the UE, the radio access network sends an acknowledgement message 118 to the UE.
The 3GPP 25.331 specification mandates a specific method to handle a Cell Update procedure during the security mode command procedure. This method is to abort the new integrity protection configuration and new cipher configuration, and continue with the original integrity protection configuration and cipher configuration (used prior to initiation of the security mode command procedure).
This is problematic because the Security Mode Command procedure terminates at different times in the UE and the radio access network, which can lead to the abortion of the Security Mode Command procedure in the UE but not in the radio access network or vice versa. If the UE and radio access network do not abort the Security Mode Command procedure simultaneously, ciphering and integrity protection configuration will be not be the same in the UE and the radio access network which leads to the RRC connection to be lost.
In release 10 of the 3GPP 25.331 specification, change requests have been introduced and subsequently corrected to mitigate problems of security mode command failures. These change requests are 4427 (November 2010), 4583 (May 2011), and 4884 (November 2011) all applying to the 3GPP 25.331 specification.
These change requests introduce a single bit indication, the information element (IE) “Security Revert Status Indicator” to the Cell Update Message giving the status of the UE for the Security Mode Command procedure.