[go: up one dir, main page]

WO2022151917A1 - Procédé et appareil de traitement de message, terminal et dispositif côté réseau - Google Patents

Procédé et appareil de traitement de message, terminal et dispositif côté réseau Download PDF

Info

Publication number
WO2022151917A1
WO2022151917A1 PCT/CN2021/139100 CN2021139100W WO2022151917A1 WO 2022151917 A1 WO2022151917 A1 WO 2022151917A1 CN 2021139100 W CN2021139100 W CN 2021139100W WO 2022151917 A1 WO2022151917 A1 WO 2022151917A1
Authority
WO
WIPO (PCT)
Prior art keywords
rrc message
terminal
side device
network side
root key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2021/139100
Other languages
English (en)
Chinese (zh)
Inventor
傅婧
周叶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Publication of WO2022151917A1 publication Critical patent/WO2022151917A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signalling, i.e. of overhead other than pilot signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present disclosure relates to the field of communication technologies, and in particular, to a message processing method, apparatus, terminal, and network side equipment.
  • a new wireless access network (Wireless Access Network) is introduced into the New Radio (NR).
  • NR New Radio
  • RAN controlled radio resource control (Radio Resource Control, RRC) state: RRC inactive state (RRC_INACTIVE).
  • the RAN node instructs the terminal to enter or remain in the RRC inactive state by sending an RRC release message with suspendConfig (suspend configuration). After that, the RAN node becomes the "anchor node" of the terminal and stores the context of the terminal.
  • suspendConfig suspend configuration
  • the wireless communication network involves the operation of transmitting signaling and user data through the air interface, which is vulnerable to eavesdropping or tampering by attackers. Therefore, a complete security system is designed, which aims at encrypting (anti-eavesdropping) and integrity protection (anti-tampering) for signaling and user data interacted through the air interface.
  • a complete security system is designed, which aims at encrypting (anti-eavesdropping) and integrity protection (anti-tampering) for signaling and user data interacted through the air interface.
  • the user terminal and the RAN node need to hold the same "access layer root key", which is called K in the 5G/NR system.
  • K access layer root key
  • the 5G system requires different base stations (gNBs) to use different K gNBs when communicating with the same terminal.
  • gNBs base stations
  • the purpose of the embodiments of the present disclosure is to provide a message processing method, apparatus, terminal, and network-side equipment, so as to solve the problem that security isolation cannot be achieved between nodes in the process of inactive small data transmission in the related art.
  • the present disclosure provides a message processing method, the method includes:
  • the terminal in the inactive state receives the first radio resource control RRC message, where the first RRC message is used to indicate at least one of the following:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the method also includes:
  • the second RRC message is a feedback message of the first RRC message.
  • the method also includes:
  • a dedicated random access procedure is performed with the second network side device.
  • the second network side device is the current serving node of the terminal.
  • Embodiments of the present disclosure also provide a message processing method, the method comprising:
  • the first network side device sends a first RRC message to the inactive terminal or the second network side device; wherein the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the method further includes:
  • the first RRC message is generated when it is determined to replace the user plane node inside the first network side device for small data transmission.
  • the method further includes:
  • the first network side device sends the first RRC message to the second network side device, including:
  • the first network side device encrypts and protects the integrity of the first RRC message by using the access stratum root key before the update, and generates a first downlink PDU; the first downlink PDU carries the first RRC message;
  • the first downlink PDU is sent to the second network side device, so that the second network side device sends the first downlink PDU to a terminal in an inactive state.
  • the method before receiving the first RRC message sent by the second network side device, the method further includes:
  • a first interface message is sent to the second network side device, so that the second network side device generates the first RRC message; wherein the first interface message includes : Context information of the terminal and/or update related information of the access stratum root key.
  • receiving the first RRC message sent by the second network side device includes:
  • the method also includes:
  • the method also includes:
  • the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the first RRC message is decrypted and integrity checked by using the access stratum root key before updating to obtain the second RRC message.
  • the method also includes:
  • the method also includes:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • Embodiments of the present disclosure also provide a message processing method, the method comprising:
  • the second network side device sends a first RRC message to the terminal in the inactive state; wherein, the first RRC message is used to indicate at least one of the following:
  • the second network side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the second network side device sends the first RRC message to the terminal in the inactive state, including:
  • the first network side device is the anchor node of the terminal.
  • the method before sending the first RRC message to the first network side device, the method further includes:
  • the first interface message includes: context information of the terminal and update-related information of the access stratum root key;
  • the first RRC message is generated according to the first interface message.
  • sending the first RRC message to the first network side device includes:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key is obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • the method also includes:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • the method also includes:
  • the terminal receiving the first uplink PDU sent by the terminal, wherein the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the method also includes:
  • Embodiments of the present disclosure further provide a message processing apparatus, which is applied to a terminal in an inactive state, including:
  • a first receiving unit configured to receive a first radio resource control RRC message, where the first RRC message is used to indicate at least one of the following:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the third sending unit is used to send the first uplink protocol data unit PDU, and the first uplink PDU carries the second RRC message encrypted and integrity protected by using the access stratum root key before updating;
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is a feedback message of the first RRC message.
  • the device includes:
  • An execution unit configured to perform at least one of the following operations according to the first RRC message:
  • a dedicated random access procedure is performed with the second network side device.
  • the second network side device is the current serving node of the terminal.
  • An embodiment of the present disclosure further provides a terminal, where the terminal is an inactive terminal, including a memory, a transceiver, and a processor;
  • a memory for storing a computer program
  • a transceiver for sending and receiving data under the control of the processor
  • a processor for reading the computer program in the memory and performing the following operations:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the processor is further configured to read the computer program in the memory and perform the following operations:
  • the second RRC message is a feedback message of the first RRC message.
  • An embodiment of the present disclosure further provides a message processing apparatus, which is applied to the first network side device, including:
  • a first sending unit configured to send a first RRC message to a terminal in an inactive state or a second network side device; wherein the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • a first generating unit configured to generate the first RRC message when it is determined to replace a user plane node inside the first network side device for small data transmission.
  • a second receiving unit configured to receive the first RRC message sent by the second network side device
  • the first sending unit includes:
  • a first subunit configured to encrypt and integrity-protect the first RRC message by using the access stratum root key before updating, and generate a first downlink PDU; the first downlink PDU carries the first RRC information;
  • the second subunit is configured to send the first downlink PDU to the second network side device, so that the second network side device sends the first downlink PDU to a terminal in an inactive state.
  • a fourth sending unit configured to send a first interface message to the second network-side device when it is determined to perform an anchor point transfer, so that the second network-side device generates the first RRC message; wherein,
  • the first interface message includes: the context information of the terminal and/or the update related information of the access stratum root key.
  • the second receiving unit includes:
  • a receiving subunit configured to receive the first RRC message sent when the second network side device determines to perform anchor point transfer.
  • a fifth sending unit configured to send the updated access stratum root key to the second network side device.
  • the third receiving unit is configured to receive the first uplink PDU of the terminal forwarded by the second network side device, wherein the first uplink PDU carries the first uplink PDU encrypted and integrity protected by using the access layer root key before the update.
  • a first decryption and verification unit configured to decrypt and integrity check the first RRC message by using the access stratum root key before updating to obtain the second RRC message.
  • a first feedback unit configured to send a second RRC message and/or anchor transfer success indication information to the second network side device.
  • a fourth receiving unit configured to receive a second uplink PDU sent by the terminal; wherein, the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key;
  • the second decryption and verification unit is configured to decrypt and verify the integrity of the second RRC message according to the updated access stratum root key.
  • An embodiment of the present disclosure further provides a network-side device, where the network-side device is a first network-side device, including a memory, a transceiver, and a processor:
  • a memory for storing a computer program
  • a transceiver for sending and receiving data under the control of the processor
  • a processor for reading the computer program in the memory and performing the following operations:
  • the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the processor is further configured to read the computer program in the memory and perform the following operations:
  • the first RRC message is generated when it is determined to replace the user plane node inside the first network side device for small data transmission.
  • the processor is further configured to read the computer program in the memory and perform the following operations:
  • the first downlink PDU carries the first RRC message
  • the first downlink PDU is sent to the second network side device, so that the second network side device sends the first downlink PDU to a terminal in an inactive state.
  • An embodiment of the present disclosure further provides a message processing apparatus, which is applied to a second network-side device, including:
  • the second sending unit is configured to send the first RRC message to the terminal in the inactive state; wherein, the first RRC message is used to indicate at least one of the following items:
  • the second network side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following;
  • the first RRC message is also used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on other messages except the second RRC message according to the updated access stratum root key.
  • the second sending unit includes:
  • a fifth subunit configured to send the first RRC message to the first network side device
  • the sixth subunit is configured to receive the first downlink PDU sent by the first network side device, where the first downlink PDU carries the first RRC encrypted and integrity protected by using the access layer root key before the update information;
  • a seventh subunit configured to send the first downlink PDU to the terminal in the inactive state
  • the first network side device is the anchor node of the terminal.
  • a fifth receiving unit configured to receive a first interface message sent when the first network-side device determines to perform an anchor point transfer, where the first interface message includes: context information of the terminal and an access layer root key update relevant information;
  • a second generating unit configured to generate the first RRC message according to the first interface message.
  • the fifth subunit is further used for:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key are obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • a sixth receiving unit configured to receive the second uplink PDU sent by the terminal; wherein, the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key;
  • the third decryption and verification unit is configured to decrypt and verify the integrity of the second RRC message according to the updated access stratum root key.
  • a seventh receiving unit configured to receive the first uplink PDU sent by the terminal, wherein the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before updating;
  • a tenth sending unit configured to send the first uplink PDU to the first network side device, so that the first network side device uses the access stratum root key before updating to pair the first uplink PDU Decryption and integrity check are performed.
  • a feedback receiving unit configured to receive the second RRC message and/or anchor transfer success indication information sent by the first network side device.
  • An embodiment of the present disclosure further provides a network-side device, where the network-side device is a second network-side device, including a memory, a transceiver, and a processor;
  • a memory for storing a computer program
  • a transceiver for sending and receiving data under the control of the processor
  • a processor for reading the computer program in the memory and performing the following operations:
  • the first RRC message is used to indicate at least one of the following:
  • the second network side device is the current serving node of the terminal.
  • the processor is further configured to read the computer program in the memory and perform the following operations:
  • the first network side device is the anchor node of the terminal.
  • the processor is further configured to read the computer program in the memory and perform the following operations:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key is obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • An embodiment of the present disclosure further provides a processor-readable storage medium, wherein the processor-readable storage medium stores a computer program, and the computer program is used to cause the processor to execute the above method.
  • the network-side device in the process of inactive small data transmission, if there is a situation in which anchor point transfer or user plane node replacement is required, the network-side device transmits the first RRC message through the first RRC message. Instruct the terminal to update the root key of the access layer, perform at least one of the anchor transfer, the synchronization reconfiguration process, and the dedicated random access process, which ensures the timely transfer of the anchor and the security between the security access network nodes. isolation.
  • FIG. 1 shows a block diagram of a wireless communication system to which an embodiment of the present disclosure can be applied
  • FIG. 2 shows one of the schematic diagrams of the steps of a message processing method provided by an embodiment of the present disclosure
  • FIG. 3 shows the second schematic diagram of the steps of the message processing method provided by the embodiment of the present disclosure
  • FIG. 4 shows the third schematic diagram of the steps of the message processing method provided by the embodiment of the present disclosure
  • FIG. 5 shows one of the schematic structural diagrams of Example 1 of the message processing method provided by the embodiment of the present disclosure
  • FIG. 6 shows the second schematic structural diagram of Example 1 of the message processing method provided by the embodiment of the present disclosure
  • Example 7 is a schematic structural diagram of Example 2 of a message processing method provided by an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of Example 3 of a message processing method provided by an embodiment of the present disclosure.
  • FIG. 9 shows one of the schematic structural diagrams of a message processing apparatus provided by an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of a terminal provided by an embodiment of the present disclosure.
  • FIG. 11 shows the second schematic structural diagram of a message processing apparatus provided by an embodiment of the present disclosure
  • FIG. 12 shows one of the schematic structural diagrams of a network side device provided by an embodiment of the present disclosure
  • FIG. 13 shows a third schematic structural diagram of a message processing apparatus provided by an embodiment of the present disclosure.
  • FIG. 14 shows the second schematic structural diagram of a network side device provided by an embodiment of the present disclosure.
  • FIG. 1 shows a block diagram of a wireless communication system to which an embodiment of the present disclosure can be applied.
  • the wireless communication system includes a terminal 11 and a network-side device 12 .
  • the terminal 11 may also be referred to as a terminal device or a user terminal (User Equipment, UE). It should be noted that, the embodiment of the present disclosure does not limit the specific type of the terminal 11 .
  • the network side device 12 may be a base station or a core network. It should be noted that, in the embodiments of the present disclosure, only a base station in an NR system is used as an example, but the specific type of the base station is not limited.
  • the term "and/or" describes the association relationship of associated objects, and indicates that there can be three kinds of relationships. For example, A and/or B can indicate that A exists alone, A and B exist at the same time, and B exists alone these three situations.
  • the character “/” generally indicates that the associated objects are an "or" relationship.
  • the term “plurality” refers to two or more than two, and other quantifiers are similar.
  • the embodiments of the present disclosure provide a message processing method and apparatus, which are used to realize timely transfer of anchor points and security isolation between security access network nodes in the process of inactive small data transmission.
  • the method and the device are conceived based on the same application. Since the principles of the method and the device for solving the problem are similar, the implementation of the device and the method can be referred to each other, and repeated descriptions will not be repeated here.
  • applicable systems may be global system of mobile communication (GSM) system, code division multiple access (CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) general packet Wireless service (general packet radio service, GPRS) system, long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD) system, Long term evolution advanced (LTE-A) system, universal mobile telecommunication system (UMTS), worldwide interoperability for microwave access (WiMAX) system, 5G New Radio (New Radio, NR) system, etc.
  • GSM global system of mobile communication
  • CDMA code division multiple access
  • WCDMA Wideband Code Division Multiple Access
  • general packet Wireless service general packet Radio service
  • GPRS general packet Wireless service
  • LTE long term evolution
  • LTE long term evolution
  • LTE frequency division duplex frequency division duplex
  • TDD time division duplex
  • LTE-A Long term evolution advanced
  • the terminal device involved in the embodiments of the present disclosure may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem.
  • the name of the terminal device may be different.
  • the terminal device may be called user equipment (User Equipment, UE).
  • Wireless terminal equipment can communicate with one or more core networks (Core Network, CN) via a radio access network (Radio Access Network, RAN).
  • RAN Radio Access Network
  • "telephone) and computers with mobile terminal equipment eg portable, pocket-sized, hand-held, computer-built or vehicle-mounted mobile devices, which exchange language and/or data with the radio access network.
  • Wireless terminal equipment may also be referred to as system, subscriber unit, subscriber station, mobile station, mobile station, remote station, access point , a remote terminal device (remote terminal), an access terminal device (access terminal), a user terminal device (user terminal), a user agent (user agent), and a user device (user device), which are not limited in the embodiments of the present disclosure.
  • the network side device involved in the embodiments of the present disclosure may be a base station, and the base station may include a plurality of cells providing services for the terminal.
  • the base station may also be called an access point, or may be a device in the access network that communicates with wireless terminal equipment through one or more sectors on the air interface, or other names.
  • the network-side equipment can be used to exchange received air frames with Internet Protocol (IP) packets, and act as a router between the wireless terminal equipment and the rest of the access network, where the rest of the access network can include Internet Protocol (IP) communication network.
  • IP Internet Protocol
  • the network side equipment can also coordinate the attribute management of the air interface.
  • the network-side device involved in the embodiments of the present disclosure may be a network-side device (Base Transceiver Station) in a Global System for Mobile Communications (GSM) or a Code Division Multiple Access (Code Division Multiple Access, CDMA).
  • BTS Global System for Mobile Communications
  • BTS can also be a network side device (NodeB) in Wide-band Code Division Multiple Access (WCDMA), or it can be an evolution in a long term evolution (LTE) system network side equipment (evolutional Node B, eNB or e-NodeB), 5G base station (gNB) in 5G network architecture (next generation system), or Home evolved Node B (HeNB), relay node (relay node), home base station (femto), pico base station (pico), etc., are not limited in the embodiments of the present disclosure.
  • the network-side device may include a centralized unit (centralized unit, CU) node and a distributed unit (distributed unit, DU) node, and the centralized unit and
  • One or more antennas can be used between the network side device and the terminal device to perform multiple input multiple output (Multi Input Multi Output, MIMO) transmission, and MIMO transmission can be single user MIMO (Single User MIMO, SU-MIMO) or multi-user MIMO MIMO (Multiple User MIMO, MU-MIMO).
  • MIMO transmission can be 2D-MIMO, 3D-MIMO, FD-MIMO, or massive-MIMO, or diversity transmission, precoding transmission, or beamforming transmission.
  • the current serving gNB may be different from the anchor gNB by using the RRC signal to transmit small data in the disconnected state.
  • the RRC signal to transmit small data there may be no need for anchor point transfer; in the case of a large amount of downlink data arriving, anchor point transfer must be performed; therefore, there may be anchor point transfer in the process of non-connected small data transmission, or Anchor point transfer is not performed.
  • the small data packets in the non-connected state can only be performed by the anchor point gNB for PDCP layer related operations, including encryption/decryption and integrity protection/validation.
  • an embodiment of the present disclosure provides a message processing method, and the method includes:
  • Step 201 the terminal in the inactive state (INACTIVE) receives a first radio resource control RRC message, where the first RRC message is used to indicate at least one of the following:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • Update related information of the access stratum root key updates the access stratum root key according to the update related information
  • Indication information indicating that the anchor point transfer occurs, and the terminal performs the anchor point transfer according to the instruction information
  • Access stratum security algorithm configuration information the terminal applies the access stratum security algorithm configuration information; for example, the access stratum security algorithm configuration information is used to update the specific algorithm for subsequent use of the updated access stratum root key;
  • the configuration information required for performing synchronization reconfiguration, and the terminal performs the synchronization process according to the configuration information
  • the resource configuration information of the dedicated random access is executed, and the terminal performs a non-contention random access process according to the resource configuration information.
  • the update-related information of the access stratum root key includes at least one of the following;
  • Next-hop link calculation value NCC NextHop Chaining Count
  • the terminal can determine the updated access stratum root key according to the update related information of the access stratum root key.
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the terminal uses the updated access stratum root key to perform encryption and integrity protection and/or decryption and integrity verification on subsequent messages (including the second RRC message and other messages);
  • the incoming layer root key encrypts and protects the integrity of the second RRC message, and uses the updated access layer root key to encrypt messages other than the second RRC message (such as signaling radio bearer SRB and data radio bearer DRB). ) for encryption and integrity protection and/or decryption and integrity verification.
  • the method further includes:
  • the second RRC message is a feedback message of the first RRC message.
  • first uplink PDU or the second uplink PDU may be sent to the first network side device, or may be sent to the second network side device.
  • first RRC message is directly sent to the terminal by the first network side device
  • the first uplink PDU or the second uplink PDU is sent to the first network side device; for another example, the first RRC message is sent by the second network side device. If the side device forwards it to the terminal, the first uplink PDU or the second uplink PDU is sent to the second network side device.
  • the first network-side device is the last network-side device that instructs the terminal to enter or remain in an inactive state
  • the second network-side device is the current serving node of the terminal (ie, the network-side device directly connected to the air interface side of the current terminal).
  • the first network side device and the second network side device may be the same node, or may be different nodes.
  • the method further includes:
  • a dedicated random access procedure is performed with the second network side device.
  • the second network side device is the current serving node of the terminal.
  • the network side device instructs the terminal to update the access layer root key, Performing at least one of the anchor point transfer, the synchronization reconfiguration process, and the dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • an embodiment of the present disclosure further provides a message processing method, the method includes:
  • Step 301 the first network side device sends a first RRC message to the inactive terminal or the second network side device; wherein the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • Update related information of the access stratum root key updates the access stratum root key according to the update related information
  • Indication information indicating that the anchor point transfer occurs, and the terminal performs the anchor point transfer according to the indication information
  • Access stratum security algorithm configuration information the terminal applies the access stratum security algorithm configuration information; for example, the access stratum security algorithm configuration information is used to update the specific algorithm for subsequent use of the updated access stratum root key;
  • the configuration information required for performing synchronization reconfiguration, and the terminal performs the synchronization process according to the configuration information
  • the resource configuration information of the dedicated random access is executed, and the terminal performs a non-contention random access process according to the resource configuration information.
  • the update-related information of the access stratum root key includes at least one of the following items;
  • the terminal can determine the updated access stratum root key according to the update related information of the access stratum root key.
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the terminal uses the updated access stratum root key to perform encryption and integrity protection and/or decryption and integrity verification on subsequent messages (including the second RRC message and other messages);
  • the incoming layer root key encrypts and protects the integrity of the second RRC message, and uses the updated access layer root key to encrypt other messages (such as signaling radio bearer SRB and data radio bearer DRB) except the second RRC message. ) for encryption and integrity protection and/or decryption and integrity verification.
  • step 301 there are at least two scenarios in step 301:
  • the first network side device directly sends the first RRC message to the inactive terminal, then before step 301, the method further includes:
  • the first RRC message is generated when it is determined to replace the user plane node inside the first network side device for small data transmission.
  • a network-side device may further include multiple user plane nodes, and security isolation is also required between these user plane nodes. Therefore, when the user plane nodes are replaced, the network-side device and the terminal also need to be replaced. access layer root key.
  • the terminal remains in a disconnected state, and sends/receives small data packets through the anchor node (ie, the first network-side device) itself. Since there are too many small data packets to be sent, the first network-side device needs to replace its internal user plane node. In order to ensure the security isolation between its internal user plane nodes, it is also necessary to replace the access layer root key. At this time, the anchor node generates the first RRC message and sends it to the terminal.
  • the first network side device forwards the first RRC message to the inactive terminal through the second network side device, before step 301, the method further includes:
  • the first RRC message is transmitted to the first network side device in plaintext;
  • step 301 includes:
  • the first network side device encrypts and protects the integrity of the first RRC message by using the access stratum root key before the update, and generates a first downlink PDU; the first downlink PDU carries the first RRC message;
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the terminal remains in a disconnected state and sends/receives small data packets through a current serving node different from the anchor node, and no anchor transfer occurs on the network side.
  • the downlink non-access stratum message arrives, or the downlink non-small data packet arrives, or there are too many small data packets to be sent, and it is decided to perform the anchor point transfer, the first network side device according to the first RRC sent by the second network side device.
  • the message undergoes PDCP processing (including encryption and integrity protection), generates the first downlink PDU, and sends the first downlink PDU to the second network side device, and the second network side device encapsulates the first RRC message.
  • Downlink PDUs are transparently transmitted to inactive terminals.
  • the method before receiving the first RRC message sent by the second network side device, the method further includes:
  • a first interface message is sent to the second network side device, so that the second network side device generates the first RRC message; wherein the first interface message includes : Context information of the terminal and/or update related information of the access stratum root key.
  • the anchor node decides to perform anchor transfer.
  • the anchor node calculates the updated access layer root key, and sends a first interface message to the current serving node, informing it that it needs to perform anchor point transfer.
  • the first interface message includes: the context information of the terminal, and/ Or, the updated access stratum root key and the associated NCC.
  • receiving the first RRC message sent by the second network side device includes:
  • the current serving node decides to trigger the anchor transfer process based on its own decision. If the current serving node finds that there is currently non-small data that needs to be sent, or when small data is to be transmitted, the current serving node decides to trigger the anchor transfer process, and generates the The first RRC message.
  • the method further includes:
  • the method further includes:
  • the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the first RRC message is decrypted and integrity checked by using the access stratum root key before updating to obtain the second RRC message.
  • the method further includes:
  • the second network side device after receiving the first uplink PDU including the second RRC message, the second network side device does not process the first uplink PDU, but transparently forwards it to the first network side device. After decrypting and integrity checking the received first uplink PDU, the first network-side device performs at least one of the following processes:
  • the method further includes:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • the network side device instructs the terminal to update the access layer root key, Performing at least one of the anchor point transfer, the synchronization reconfiguration process, and the dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • an embodiment of the present disclosure further provides a message processing method, the method includes:
  • Step 401 the second network side device sends a first RRC message to the terminal in the inactive state; wherein, the first RRC message is used to indicate at least one of the following:
  • the second network side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • Update related information of the access stratum root key updates the access stratum root key according to the update related information
  • Indication information indicating that the anchor point transfer occurs, and the terminal performs the anchor point transfer according to the instruction information
  • Access stratum security algorithm configuration information the terminal applies the access stratum security algorithm configuration information; for example, the access stratum security algorithm configuration information is used to update the specific algorithm for subsequent use of the updated access stratum root key;
  • the configuration information required for performing synchronization reconfiguration, and the terminal performs the synchronization process according to the configuration information
  • the resource configuration information of the dedicated random access is executed, and the terminal performs a non-contention random access process according to the resource configuration information.
  • the update-related information of the access stratum root key includes at least one of the following;
  • the terminal can determine the updated access stratum root key according to the update related information of the access stratum root key.
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on other messages except the second RRC message according to the updated access stratum root key.
  • the terminal uses the updated access stratum root key to perform encryption and integrity protection and/or decryption and integrity verification on subsequent messages (including the second RRC message and other messages);
  • the incoming layer root key encrypts and protects the integrity of the second RRC message, and uses the updated access layer root key to encrypt messages other than the second RRC message (such as signaling radio bearer SRB and data radio bearer DRB). ) for encryption and integrity protection and/or decryption and integrity verification.
  • the first network-side device is the last network-side device that instructs the terminal to enter or remain in an inactive state
  • the second network-side device is the current serving node of the terminal (that is, the network-side device directly connected to the air interface side of the current terminal)
  • the first network side device and the second network side device may be the same node, or may be different nodes.
  • step 401 includes:
  • the first network side device is the anchor node of the terminal.
  • the terminal remains in a disconnected state and sends/receives small data packets through a current serving node different from the anchor node, and no anchor transfer occurs on the network side.
  • the downlink non-access stratum message arrives, or the downlink non-small data packet arrives, or there are too many small data packets to be sent, and it is decided to perform the anchor point transfer, the first network side device according to the first RRC sent by the second network side device.
  • the message undergoes PDCP processing (including encryption and integrity protection), generates the first downlink PDU, and sends the first downlink PDU to the second network side device, and the second network side device encapsulates the first RRC message.
  • Downlink PDUs are transparently transmitted to inactive terminals.
  • the method before sending the first RRC message to the first network side device, the method further includes:
  • the first interface message includes: context information of the terminal and update-related information of the access stratum root key;
  • the first RRC message is generated according to the first interface message.
  • the anchor node decides to perform anchor transfer.
  • the anchor node calculates the updated access layer root key, and sends a first interface message to the current serving node, informing it that it needs to perform anchor point transfer.
  • the first interface message includes: the context information of the terminal, and/ Or, the updated access stratum root key and the associated NCC.
  • sending the first RRC message to the first network side device includes:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key is obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • the current serving node decides to trigger the anchor transfer process based on its own decision. If the current serving node finds that there is currently non-small data that needs to be sent, or when small data is to be transmitted, the current serving node decides to trigger the anchor transfer process, and generates the The first RRC message.
  • the method further includes:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • the updated access layer key may be notified by the first network side device to the second network side device, or may be determined by the second network side device itself, which is not specifically limited herein.
  • the method further includes:
  • the terminal receiving the first uplink PDU sent by the terminal, wherein the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the method further includes:
  • the second network side device After receiving the first uplink PDU including the second RRC message, the second network side device does not process the first uplink PDU, but transparently forwards it to the first network side device. After decrypting and integrity checking the received first uplink PDU, the first network-side device performs at least one of the following processes:
  • the network side device instructs the terminal to update the access layer root key, Performing at least one of the anchor point transfer, the synchronization reconfiguration process, and the dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • Example 1 as shown in Figure 5, the terminal remains in the inactive state, and sends/receives small data packets through the current serving node different from the anchor node, and no anchor transfer occurs on the network side:
  • Step 1a the anchor node decides to perform anchor transfer due to the arrival of a downlink non-access stratum message, or the arrival of a downlink non-small data packet, or too many small data packets to be sent, or a request from the current serving node.
  • Step 2a at this time, the anchor node calculates the updated access layer root key, and sends a first interface message to the current service node, informing it that the anchor point needs to be transferred, and the first interface message includes: the context information of the terminal , and/or, the updated access stratum root key and the associated NCC;
  • Step 3a the current serving node generates an RRC message to be sent to the terminal according to the context of the terminal.
  • the RRC message includes one or more of the following information:
  • the content of the root key update at the AS (access stratum) layer may include: directly instructing the UE to perform a horizontal key update process; or an NCC value, after the terminal receives the value, executes the key update process, and the specific process is the same as the current one.
  • the UE receives the NCC through other processes and operates similarly.
  • the RRC message may be an RRCResume (RRC recovery) message, or an RRCReconfiguration (RRC reconfiguration) message, or a newly defined RRC message.
  • Step 4a the current serving node transmits the RRC message as an RRC container (container) in an interface message to the anchor node in the form of plaintext.
  • RRC container container
  • Step 5a the anchor node performs PDCP processing on the received RRC message (including using the current key, encryption and integrity protection), generates a downlink PDU, and sends the downlink PDU to the current serving node.
  • Step 6a the current serving node transparently transmits the downlink PDU encapsulated with the RRC message to the terminal;
  • Step 7a the terminal receives the RRC message, and performs related operations according to the content of the RRC message, including one or more of the following:
  • the access layer root key K gNB According to the instructions and/or contents carried in the RRC message, update the access layer root key K gNB , and derive algorithm keys such as K RRCint , K RRCenc , K UPint and K UPenc from the new K gNB for subsequent SRB and DRB transmission;
  • the AS layer security algorithm configured by the application
  • Configuring the lower layer (ie, the PDCP layer) to use the new integrity protection key and algorithm means that the new integrity protection key and algorithm is applied to all subsequent processes involved.
  • Step 8a the terminal feeds back an RRC response message, and the response message is included in the uplink PDU;
  • the RRC response message uses a newly derived algorithm key for encryption and integrity protection;
  • the RRC response message can be RRCResumeComplete ( RRC recovery complete) message, or RRCReconfigurationComplete (RRC reconfiguration complete) message, or a newly defined response message to inform the network that the RRC configuration has been updated.
  • Step 9a after receiving the uplink PDU containing the RRC response message, the current serving node decrypts and performs integrity verification on the uplink PDU according to the new AS layer root key and the AS layer security algorithm. After success, the terminal and the current serving node can directly exchange RRC messages.
  • the network side also executes the anchor point transfer process, which step of the above steps is specifically performed in the anchor point transfer process, which is not limited here.
  • the current service node may decide to trigger the anchor transfer process based on its own decision, as shown in step 1b in Figure 6, the service node decides to execute the anchor transfer, for example, the current service node finds that there is currently non-small data.
  • the current serving node decides to trigger the anchor transfer process, and generates the RRC message to be sent to the terminal in step 3.
  • the access stratum root key update information carried in the RRC message generated by the current serving node at this time may be obtained from the AMF or the anchor node.
  • Example 2 as shown in Figure 7, the terminal remains in the inactive state, and sends/receives small data packets through the current serving node different from the anchor node, and no anchor transfer occurs on the network side:
  • Step 1a or step 1b are the same as the steps in Example 1.
  • the current serving node decides to trigger the anchor transfer process based on its own decision; or, step 1b, because the downlink non-access stratum message arrives, or the downlink non-small data packet arrives , or there are too many small data packets to be sent, or the request of the current service node, the anchor node decides to perform anchor transfer;
  • Step 2c - Step 7c are the same as Step 2a - Step 7a in Example 1, and will not be repeated here.
  • Step 8c the terminal feeds back an RRC response message, and the response message is included in the uplink PDU; optionally, the RRC response message uses the algorithm key before the update to perform encryption and integrity protection;
  • Step 9c after receiving the uplink PDU containing the RRC response message, the current serving node does not process it, but transparently forwards it to the anchor node.
  • Step 10c the anchor node decrypts the received PDU and performs integrity verification
  • Step 11c the anchor node performs one or more of the following actions:
  • Example 3 in the process of small data transmission on the same node, the anchor node needs to change its internal user plane node:
  • the terminal remains in a disconnected state and sends/receives small packets through the anchor node itself.
  • Step 1d since there are too many small data packets to be sent, the anchor node needs to replace its internal user plane node. In order to ensure the security isolation between the internal user plane nodes, the root key of the access layer also needs to be replaced. At this time, the anchor node generates an RRC message.
  • the RRC message includes one or more of the following information:
  • the content of the root key update at the AS (access stratum) layer may include: directly instructing the UE to perform a horizontal key update process; or an NCC value. After the terminal receives the value, it executes the key update process. The specific process is the same as the current one. The UE receives the NCC through other processes and operates similarly.
  • the RRC message may be an RRCResume (RRC recovery) message, or an RRCReconfiguration (RRC reconfiguration) message, or a newly defined RRC message.
  • Step 2d the anchor node directly sends the RRC message to the terminal
  • Step 3d the terminal receives the RRC message, and performs related operations according to the content of the RRC message, including one or more of the following:
  • the access layer root key K gNB According to the instructions and/or contents carried in the RRC message, update the access layer root key K gNB , and derive algorithm keys such as K RRCint , K RRCenc , K UPint and K UPenc from the new K gNB for subsequent SRB and DRB transmission;
  • Step 4d the terminal feeds back an RRC response message, and the response message is included in the uplink PDU; optionally, the RRC response message uses a newly derived algorithm key for encryption and integrity protection; the RRC response message can be RRCResumeComplete ( RRC recovery complete) message, or RRCReconfigurationComplete (RRC reconfiguration complete) message, or a newly defined response message, used to inform the network that the RRC configuration has been updated.
  • RRCResumeComplete RRC recovery complete
  • RRCReconfigurationComplete RRC reconfiguration complete
  • Step 5d after receiving the uplink PDU containing the RRC response message, the anchor node decrypts and performs integrity verification on the uplink PDU according to the new AS layer root key and the AS layer security algorithm. After success, the terminal and the anchor node can directly exchange RRC messages.
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • an embodiment of the present disclosure further provides a message processing apparatus, which is applied to a terminal in an inactive state, including:
  • a first receiving unit 901 configured to receive a first radio resource control RRC message, where the first RRC message is used to indicate at least one of the following:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following items;
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the device further includes:
  • the third sending unit is used for sending the first uplink protocol data unit PDU, and the first uplink PDU carries the second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is a feedback message of the first RRC message.
  • the device includes:
  • An execution unit configured to perform at least one of the following operations according to the first RRC message:
  • a dedicated random access procedure is performed with the second network side device.
  • the second network side device is the current serving node of the terminal.
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the message processing apparatus provided by the embodiments of the present disclosure is an apparatus capable of executing the above message processing method, and all the above message processing method embodiments are applicable to the apparatus, and can achieve the same or similar beneficial effects.
  • an embodiment of the present disclosure further provides a terminal, where the terminal is an inactive terminal, including a memory 120, a transceiver 110, a processor 100, and a user interface 130;
  • the memory 120 is used to store computer programs; the transceiver 110 is used to send and receive data under the control of the processor; the processor 100 is used to read the computer programs in the memory 120 and perform the following operations:
  • the terminal is instructed to perform a dedicated random access procedure.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following:
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the processor 100 is further configured to read the computer program in the memory 120 and perform the following operations:
  • the second RRC message is a feedback message of the first RRC message.
  • the processor 100 is further configured to read the computer program in the memory 120 and perform the following operations:
  • a dedicated random access procedure is performed with the second network side device.
  • the second network side device is the current serving node of the terminal.
  • the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 100 and various circuits of memory represented by memory 120 are linked together.
  • the bus architecture can also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and therefore will not be described further herein.
  • the bus interface provides the interface.
  • Transceiver 110 may be a number of elements, including a transmitter and a receiver, providing a means for communicating with various other devices over transmission media including wireless channels, wired channels, fiber optic cables, and the like Transmission medium.
  • the user interface 130 may also be an interface capable of externally connecting the required equipment, and the connected equipment includes but is not limited to a keypad, a display, a speaker, a microphone, a joystick, and the like.
  • the processor 100 is responsible for managing the bus architecture and general processing, and the memory 120 may store data used by the processor 100 in performing operations.
  • the processor 100 may be a CPU (central processor), an ASIC (Application Specific Integrated Circuit, an application-specific integrated circuit), an FPGA (Field-Programmable Gate Array, a field programmable gate array) or a CPLD (Complex Programmable Logic Device) , complex programmable logic devices), the processor can also use a multi-core architecture.
  • CPU central processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • CPLD Complex Programmable Logic Device
  • complex programmable logic devices complex programmable logic devices
  • the processor is configured to execute any one of the methods provided by the embodiments of the present disclosure according to the obtained executable instructions by invoking the computer program stored in the memory.
  • the processor and memory may also be physically separated.
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the terminal provided by the embodiments of the present disclosure is a terminal capable of executing the above message processing method, and all the above message processing method embodiments are applicable to the terminal, and can achieve the same or similar beneficial effects.
  • an embodiment of the present disclosure further provides a message processing apparatus, which is applied to a first network-side device, including:
  • a first sending unit 1101 configured to send a first RRC message to a terminal in an inactive state or a second network side device; wherein the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following:
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the device further includes:
  • a first generating unit configured to generate the first RRC message when it is determined to replace a user plane node inside the first network side device for small data transmission.
  • the device further includes:
  • a second receiving unit configured to receive the first RRC message sent by the second network side device
  • the first sending unit includes:
  • a first subunit configured to encrypt and integrity protect the first RRC message by using the access stratum root key before updating, and generate a first downlink PDU; the first downlink PDU carries the first RRC information;
  • the second subunit is configured to send the first downlink PDU to the second network side device, so that the second network side device sends the first downlink PDU to a terminal in an inactive state.
  • the device further includes:
  • a fourth sending unit configured to send a first interface message to the second network side device when it is determined to perform an anchor point transfer, so that the second network side device generates the first RRC message; wherein,
  • the first interface message includes: the context information of the terminal and/or the update related information of the access stratum root key.
  • the second receiving unit includes:
  • the receiving subunit is configured to receive the first RRC message sent when the second network side device determines to perform the anchor point transfer.
  • the device further includes:
  • a fifth sending unit configured to send the updated access stratum root key to the second network side device.
  • the device further includes:
  • the third receiving unit is configured to receive the first uplink PDU of the terminal forwarded by the second network side device, wherein the first uplink PDU carries the first uplink PDU encrypted and integrity protected by using the access layer root key before the update.
  • a first decryption and verification unit configured to decrypt and integrity check the first RRC message by using the access stratum root key before updating to obtain the second RRC message.
  • the device further includes:
  • a first feedback unit configured to send a second RRC message and/or anchor transfer success indication information to the second network side device.
  • the device further includes:
  • a fourth receiving unit configured to receive the second uplink PDU sent by the terminal; wherein, the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key;
  • the second decryption and verification unit is configured to decrypt and verify the integrity of the second RRC message according to the updated access stratum root key.
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the message processing apparatus provided by the embodiments of the present disclosure is an apparatus capable of executing the above message processing method, and all the above message processing method embodiments are applicable to the apparatus, and can achieve the same or similar beneficial effects.
  • an embodiment of the present disclosure further provides a network-side device, where the network-side device is a first network-side device, including a memory 1220 , a transceiver 1210 , and a processor 1200 :
  • the memory 1220 is used to store computer programs; the transceiver 1210 is used to send and receive data under the control of the processor; the processor 1200 is used to read the computer programs in the memory 1220 and perform the following operations:
  • the first RRC message is used to indicate at least one of the following:
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following:
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on other messages except the second RRC message according to the updated access stratum root key.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the first RRC message is generated when it is determined to replace the user plane node inside the first network side device to perform small data transmission.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the first downlink PDU carries the first RRC message
  • the first network-side device is the anchor node of the terminal
  • the second network-side device is the current serving node of the terminal.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • a first interface message is sent to the second network side device, so that the second network side device generates the first RRC message; wherein the first interface message includes : Context information of the terminal and/or update related information of the access stratum root key.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • a first RRC message sent when the second network-side device determines to perform an anchor point transfer is received.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the first uplink PDU carries the second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the first RRC message is decrypted and integrity checked by using the access stratum root key before updating to obtain the second RRC message.
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the processor 1200 is further configured to read the computer program in the memory 1220 and perform the following operations:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 1200 and various circuits of memory represented by memory 1220 are linked together.
  • the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein.
  • the bus interface provides the interface.
  • Transceiver 1210 may be a number of elements, including a transmitter and a receiver, that provide means for communicating with various other devices over transmission media including wireless channels, wired channels, fiber optic cables, and the like.
  • the processor 1200 is responsible for managing the bus architecture and general processing, and the memory 1220 may store data used by the processor 1200 in performing operations.
  • the processor 1200 may be a central processor (CPU), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or a complex programmable logic device (Complex Programmable Logic Device). , CPLD), the processor can also use a multi-core architecture.
  • CPU central processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • CPLD complex programmable logic device
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the network-side device provided by the embodiments of the present disclosure is a network-side device capable of executing the above-mentioned message processing method, and all embodiments of the above-mentioned message processing method are applicable to the network-side device, and can achieve the same or similar beneficial effect.
  • an embodiment of the present disclosure further provides a message processing apparatus, which is applied to a second network-side device, including:
  • the second sending unit 1301 is configured to send a first RRC message to a terminal in an inactive state; wherein the first RRC message is used to indicate at least one of the following:
  • the second network side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following:
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on other messages except the second RRC message according to the updated access stratum root key.
  • the second sending unit includes:
  • a fifth subunit configured to send the first RRC message to the first network side device
  • the sixth subunit is configured to receive the first downlink PDU sent by the first network side device, where the first downlink PDU carries the first RRC encrypted and integrity protected by using the access layer root key before the update information;
  • a seventh subunit configured to send the first downlink PDU to the terminal in the inactive state
  • the first network side device is the anchor node of the terminal.
  • the device further includes:
  • a fifth receiving unit configured to receive a first interface message sent when the first network-side device determines to perform an anchor point transfer, where the first interface message includes: context information of the terminal and an access layer root key update relevant information;
  • a second generating unit configured to generate the first RRC message according to the first interface message.
  • the fifth subunit is further used for:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key is obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • the device further includes:
  • a sixth receiving unit configured to receive the second uplink PDU sent by the terminal; wherein, the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key;
  • the third decryption and verification unit is configured to decrypt and verify the integrity of the second RRC message according to the updated access stratum root key.
  • the device further includes:
  • a seventh receiving unit configured to receive the first uplink PDU sent by the terminal, wherein the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before updating;
  • a tenth sending unit configured to send the first uplink PDU to the first network side device, so that the first network side device uses the access stratum root key before updating to pair the first uplink PDU Decryption and integrity check are performed.
  • the device further includes:
  • a feedback receiving unit configured to receive the second RRC message and/or anchor transfer success indication information sent by the first network side device.
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the message processing apparatus provided by the embodiments of the present disclosure is an apparatus capable of executing the above message processing method, and all the above message processing method embodiments are applicable to the apparatus, and can achieve the same or similar beneficial effects.
  • an embodiment of the present disclosure further provides a network-side device, where the network-side device is a second network-side device, including a memory 1420, a transceiver 1410, and a processor 1400;
  • the memory 1420 is used to store computer programs; the transceiver 1410 is used to send and receive data under the control of the processor 1400; the processor 1400 is used to read the computer program in the memory 1420 and perform the following operations:
  • the first RRC message is used to indicate at least one of the following:
  • the second network side device is the current serving node of the terminal.
  • the first RRC message includes at least one of the following information:
  • the update-related information of the access stratum root key includes at least one of the following:
  • the first RRC message is further used to indicate at least one of the following:
  • the terminal Instructing the terminal to perform encryption and integrity protection on the second RRC message according to the updated access stratum root key; wherein, the second RRC message is a feedback message of the first RRC message;
  • the terminal is instructed to perform encryption and integrity protection and/or decryption and integrity verification on messages other than the second RRC message according to the updated access stratum root key.
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the first network side device is the anchor node of the terminal.
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the first interface message includes: context information of the terminal and update-related information of the access stratum root key;
  • the first RRC message is generated according to the first interface message.
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the first RRC message is generated according to the context information of the terminal and/or the update related information of the access stratum root key;
  • the context information of the terminal and/or the update related information of the access stratum root key are obtained by the second network side device from the access and mobility management AMF network element or obtained from the first network side device .
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the second uplink PDU carries a second RRC message encrypted and integrity protected by using the updated access stratum root key
  • the second RRC message is decrypted and integrity checked according to the updated access stratum root key.
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the terminal receiving the first uplink PDU sent by the terminal, wherein the first uplink PDU carries a second RRC message encrypted and integrity protected by using the access stratum root key before the update;
  • the processor 1400 is further configured to read the computer program in the memory 1420 and perform the following operations:
  • the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by processor 1400 and various circuits of memory represented by memory 1420 are linked together.
  • the bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and therefore will not be described further herein.
  • the bus interface provides the interface.
  • Transceiver 1410 may be multiple elements, ie, including transmitters and receivers, providing means for communicating with various other devices over transmission media including wireless channels, wired channels, fiber optic cables, and the like.
  • the processor 1400 is responsible for managing the bus architecture and general processing, and the memory 1420 may store data used by the processor 1400 in performing operations.
  • the processor 1400 may be a central processor (CPU), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or a complex programmable logic device (Complex Programmable Logic Device). , CPLD), the processor can also use a multi-core architecture.
  • CPU central processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • CPLD complex programmable logic device
  • the network side device if there is a need to transfer the anchor point or replace the user plane node during the inactive small data transmission process, the network side device instructs the terminal to update the access layer root key and execute the anchor point through the first RRC message. At least one of transferring, performing a synchronous reconfiguration process, and performing a dedicated random access process ensures the timely transfer of the anchor point and the security isolation between the security access network nodes.
  • the network-side device provided by the embodiments of the present disclosure is a network-side device capable of executing the above-mentioned message processing method, and all embodiments of the above-mentioned message processing method are applicable to the network-side device, and can achieve the same or similar beneficial effect.
  • each functional unit in each embodiment of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a processor-readable storage medium.
  • the technical solutions of the present disclosure essentially or the part that contributes to the related technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium.
  • a computer device which may be a personal computer, a server, or a network-side device, etc.
  • a processor processor
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes .
  • Embodiments of the present disclosure further provide a processor-readable storage medium, where a computer program is stored in the processor-readable storage medium, and the computer program is used to cause the processor to execute the above method embodiments.
  • the processor-readable storage medium can be any available medium or data storage device that can be accessed by a processor, including, but not limited to, magnetic storage (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (eg, CD, DVD, BD, HVD, etc.), and semiconductor memory (eg, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid-state disk (SSD)), etc.
  • magnetic storage eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.
  • optical storage eg, CD, DVD, BD, HVD, etc.
  • semiconductor memory eg, ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH
  • embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.
  • processor-executable instructions may also be stored in a processor-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the processor-readable memory result in the manufacture of means comprising the instructions product, the instruction means implements the functions specified in the flow or flow of the flowchart and/or the block or blocks of the block diagram.
  • processor-executable instructions can also be loaded onto a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process that Execution of the instructions provides steps for implementing the functions specified in the flowchart or blocks and/or the block or blocks of the block diagrams.
  • modules can all be implemented in the form of software calling through processing elements; they can also all be implemented in hardware; some modules can also be implemented in the form of calling software through processing elements, and some modules can be implemented in hardware.
  • the determination module may be a separately established processing element, or may be integrated into a certain chip of the above-mentioned device to be implemented, in addition, it may also be stored in the memory of the above-mentioned device in the form of program code, and a certain processing element of the above-mentioned device may Call and execute the function of the above determined module.
  • the implementation of other modules is similar. In addition, all or part of these modules can be integrated together, and can also be implemented independently.
  • the processing element described here may be an integrated circuit with signal processing capability. In the implementation process, each step of the above-mentioned method or each of the above-mentioned modules can be completed by an integrated logic circuit of hardware in the processor element or an instruction in the form of software.
  • each module, unit, sub-unit or sub-module may be one or more integrated circuits configured to implement the above method, such as: one or more Application Specific Integrated Circuit (ASIC), or, one or Multiple microprocessors (digital signal processors, DSP), or, one or more field programmable gate arrays (Field Programmable Gate Array, FPGA), etc.
  • ASIC Application Specific Integrated Circuit
  • DSP digital signal processors
  • FPGA Field Programmable Gate Array
  • the processing element may be a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or other processors that can call program codes.
  • CPU central processing unit
  • these modules can be integrated together and implemented in the form of a system-on-a-chip (SOC).
  • SOC system-on-a-chip

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente divulgation concerne un procédé et un appareil de traitement de message, un terminal et un dispositif côté réseau. Le procédé consiste : à recevoir, par un terminal dans un état inactif, un premier message de commande de ressource radio (RRC), le premier message RRC étant utilisé pour indiquer : la mise à jour par le terminal d'une clé racine de strate d'accès, et/ou la survenue d'un transfert d'ancrage, et/ou la réalisation par le terminal d'un processus de reconfiguration synchrone, et/ou la réalisation par le terminal d'une procédure d'accès aléatoire dédiée.
PCT/CN2021/139100 2021-01-15 2021-12-17 Procédé et appareil de traitement de message, terminal et dispositif côté réseau Ceased WO2022151917A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110055683.0 2021-01-15
CN202110055683.0A CN114765502A (zh) 2021-01-15 2021-01-15 消息处理方法、装置、终端及网络侧设备

Publications (1)

Publication Number Publication Date
WO2022151917A1 true WO2022151917A1 (fr) 2022-07-21

Family

ID=82363351

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/139100 Ceased WO2022151917A1 (fr) 2021-01-15 2021-12-17 Procédé et appareil de traitement de message, terminal et dispositif côté réseau

Country Status (2)

Country Link
CN (1) CN114765502A (fr)
WO (1) WO2022151917A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024046176A1 (fr) * 2022-08-30 2024-03-07 华为技术有限公司 Procédé de communication et appareil de communication

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115623483B (zh) * 2022-12-16 2023-04-18 深圳中宝新材科技有限公司 键合丝设备的工作信息的完整性保护方法及装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018143769A1 (fr) * 2017-02-06 2018-08-09 Samsung Electronics Co., Ltd. Procédé et dispositif de commande de transmission de données, procédé et appareil de commande de continuité d'ue
CN109644338A (zh) * 2018-03-19 2019-04-16 Oppo广东移动通信有限公司 一种获取密钥的方法及装置、计算机存储介质
CN109729524A (zh) * 2017-10-31 2019-05-07 华为技术有限公司 一种rrc连接恢复方法及装置
CN110636499A (zh) * 2018-06-22 2019-12-31 电信科学技术研究院有限公司 一种无线接入网通知区域更新方法、装置、终端及基站
CN111586735A (zh) * 2019-02-15 2020-08-25 华为技术有限公司 一种通信方法及装置
CN111937436A (zh) * 2018-04-05 2020-11-13 三星电子株式会社 在下一代移动通信系统中操作非激活模式下的终端的协议层的方法和装置

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11553550B2 (en) * 2018-07-04 2023-01-10 Lg Electronics Inc. Method and apparatus for supporting security in RRC inactive state in wireless communication system
EP3912376A1 (fr) * 2019-01-18 2021-11-24 Lenovo (Singapore) Pte. Ltd. Rafraîchissement de clé pour trafic de petites données

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018143769A1 (fr) * 2017-02-06 2018-08-09 Samsung Electronics Co., Ltd. Procédé et dispositif de commande de transmission de données, procédé et appareil de commande de continuité d'ue
CN109729524A (zh) * 2017-10-31 2019-05-07 华为技术有限公司 一种rrc连接恢复方法及装置
CN109644338A (zh) * 2018-03-19 2019-04-16 Oppo广东移动通信有限公司 一种获取密钥的方法及装置、计算机存储介质
CN111937436A (zh) * 2018-04-05 2020-11-13 三星电子株式会社 在下一代移动通信系统中操作非激活模式下的终端的协议层的方法和装置
CN110636499A (zh) * 2018-06-22 2019-12-31 电信科学技术研究院有限公司 一种无线接入网通知区域更新方法、装置、终端及基站
CN111586735A (zh) * 2019-02-15 2020-08-25 华为技术有限公司 一种通信方法及装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024046176A1 (fr) * 2022-08-30 2024-03-07 华为技术有限公司 Procédé de communication et appareil de communication

Also Published As

Publication number Publication date
CN114765502A (zh) 2022-07-19

Similar Documents

Publication Publication Date Title
KR102460648B1 (ko) 이용되는 보안 키들에 영향을 주는 연결 재구성의 일부로서 베어러 특정 변경들을 구현하기 위한 방법 및 장치
CN109246696B (zh) 密钥处理方法以及相关装置
US12363047B2 (en) Timer processing method, apparatus and storage medium
WO2016119243A1 (fr) Procédé de communication, dispositif de réseau, équipement utilisateur et système de communication
CN108366369A (zh) 一种数据安全传输的方法及接入网、终端、核心网设备
CN114827920B (zh) 一种通信方法、装置、设备和可读存储介质
WO2022156439A1 (fr) Procédé et dispositif de transmission d'informations, station de base et support
EP3520452A1 (fr) Mise à jour d'une clé de sécurité
WO2023041027A1 (fr) Procédé, appareil et dispositif de traitement de données
WO2018166338A1 (fr) Procédé et appareil de mise à jour de clé
CN119605315A (zh) 用于控制用户设备的方法和装置
WO2022151917A1 (fr) Procédé et appareil de traitement de message, terminal et dispositif côté réseau
WO2019158117A1 (fr) Système et procédé pour assurer la sécurité dans un système de communication sans fil avec séparation de plan utilisateur
WO2023131044A1 (fr) Procédé et dispositif d'authentification et de sécurité, et support de stockage
CN115915490A (zh) 建立数据传输路径的方法、装置、设备以及存储介质
CN114585110B (zh) 终端进入非激活态的控制方法和装置
WO2023197799A1 (fr) Procédé de transmission de données de service, terminal, nœud de réseau et support de stockage
WO2022117054A1 (fr) Procédé et appareil de récupération de connexion rrc de terminal
CN114599120A (zh) 终端rrc连接恢复的方法和装置
WO2020164510A1 (fr) Procédé de communication, appareil de communication et support de stockage lisible par ordinateur
CN114071796A (zh) 一种中继链路连接控制方法及装置
EP3793317A1 (fr) Procédé de mise à jour de clé, dispositif, et support de stockage
US20240073762A1 (en) Communication method, apparatus, and system
WO2025066649A1 (fr) Procédé et appareil de protection de sécurité de message nas, support de stockage
CN118785151A (zh) Sl定位消息的发送方法、接收方法、装置及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21919104

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21919104

Country of ref document: EP

Kind code of ref document: A1