Abstract: This application relates to the field of communications technologies, and discloses a method and apparatus. The method includes: A real base station receives a first uplink NAS message and an identifier of a first device. The real base station obtains a first hash value of first system information of a cell corresponding to the identifier of the first device. The real base station sends an N2 message to a core network device, where the N2 message includes the first uplink NAS message and the first hash value of the first system information. The core network device receives the N2 message from the real base station, and sends an integrity protected first downlink NAS message to a terminal, where the first downlink NAS message is forwarded by the real base station to the terminal, and the first downlink NAS message includes the first hash value of the first system information.

Abstract: A cell handover method, an apparatus, and a system are disclosed. In this application, a first base station sends a measurement control message to a terminal device, where the measurement control message includes information about a pilot signal allocated to the terminal device. After receiving a measurement response message from the terminal device, where the measurement response message includes signal quality of the pilot signal, and determining that the signal quality of the pilot signal satisfies a handover condition, the first base station performs a cell handover process for the terminal device. The first base station first determines that the signal quality, reported by the terminal device, of the pilot signal satisfies the handover condition, so that the terminal device is effectively prevented from directly accessing a fake base station, and it is also ensured that the terminal device can successfully access the second base station without a call drop.

Abstract: The mobility management network element performs security protection on a paging identity of a terminal device by using a security context obtained by negotiating with the terminal device, to obtain a first paging identity, and sends a first paging message to a base station. The base station sends a second paging message to the terminal device, where the second paging message carries the first paging identity and first indication information, and the first indication information is used to indicate that the first paging identity is a security-protected paging identity. The terminal device performs security verification on the first paging identity by using the security context based on the first indication information, to obtain a second paging identity, and processing the second paging message based on the second paging identity and an identity of the terminal device.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.