Abstract: This application provides a system message transmission method including receiving, based on scheduling information of OSI in SIB1 when a system frame number is ?1 and a slot number is v1, OSI and a first digital signature, where the first digital signature is for the OSI and a time stamp t1; determining the time stamp t1 based on the system frame number ?1, the slot number v1, a time stamp t2, a system frame number ?2, and a slot number v2, where the system frame number ?2 and the slot number v2 are a system frame number and a slot number to which the first SIB1 belongs, and the time stamp t2 is an absolute time point corresponding to the access network device when the system frame number is ?2 and the slot number is v2; and verifying the first digital signature based on the OSI and time stamp t1.

Abstract: Embodiments of this application provide a method and an apparatus for detecting a false base station. The method includes: A network device sends system information to a terminal device, where the system information includes a first signature of the system information and a first timestamp, and the first timestamp identifies time at which the network device generates the first signature. The network device receives private information from the terminal device. The network device signs the private information of the terminal device by using a private key corresponding to the network device, to obtain a second signature. The network sends the second signature to the terminal device. According to the foregoing method, the terminal device can accurately verify whether the terminal device is attacked by a false base station, to improve communication security.

Abstract: This application discloses a communication method and apparatus. In solutions of this application, a base station sends a first broadcast message to a terminal. The base station sends, to the terminal, information indicating a transmission resource of a first signature, where the first signature is used to check the first broadcast message. The terminal obtains the transmission resource of the first signature based on the information, to accurately receive the first signature, and then checks the first broadcast message based on the first signature.

Abstract: A man-in-the-middle detection method and apparatus. The method includes: A base station receives, in a first physical frame, a RRC message from user equipment UE; the base station receives from the UE a second RRC message including frame information of a second physical frame, and security protection is performed on the first RRC message and the second RRC message by using an access stratum AS security context established by the UE and the base station; and the base station determines whether the first physical frame matches the second physical frame. Thereby, whether a man-in-the-middle exists in air interface communication is determined by determining whether a physical frame in which the UE sends an uplink message matches a physical frame in which the base station receives the uplink message, to prevent the man-in-the-middle from bypassing detection through a mechanism of the man-in-the-middle and improve a man-in-the-middle detection rate.

Abstract: A cell handover method, an apparatus, and a system are disclosed. In this application, a first base station sends a measurement control message to a terminal device, where the measurement control message includes information about a pilot signal allocated to the terminal device. After receiving a measurement response message from the terminal device, where the measurement response message includes signal quality of the pilot signal, and determining that the signal quality of the pilot signal satisfies a handover condition, the first base station performs a cell handover process for the terminal device. The first base station first determines that the signal quality, reported by the terminal device, of the pilot signal satisfies the handover condition, so that the terminal device is effectively prevented from directly accessing a fake base station, and it is also ensured that the terminal device can successfully access the second base station without a call drop.

Abstract: Embodiments of this application provide a key generation method and a related device. The method includes: receiving, by a terminal, a first message sent by a source base station, where the first message includes a key exchange algorithm selected by a target base station and a first public key generated by the target base station; generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and sending, by the terminal, a second message to the target base station, where the second message includes a second public key generated by the terminal. According to the embodiments of this application, a communication latency and network load can be reduced while communication security is ensured.