CN110636507A - Communication method and device - Google Patents

Communication method and device Download PDF

Info

Publication number
CN110636507A
CN110636507A CN201810646081.0A CN201810646081A CN110636507A CN 110636507 A CN110636507 A CN 110636507A CN 201810646081 A CN201810646081 A CN 201810646081A CN 110636507 A CN110636507 A CN 110636507A
Authority
CN
China
Prior art keywords
message
drb
response
data packet
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810646081.0A
Other languages
Chinese (zh)
Inventor
张宏平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201810646081.0A priority Critical patent/CN110636507A/en
Priority to PCT/CN2019/092055 priority patent/WO2019242680A1/en
Publication of CN110636507A publication Critical patent/CN110636507A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/04Error control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/19Connection re-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a communication method and a communication device, which can determine the reason of the data packet integrity check failure, so that a receiving end can perform subsequent processing according to the reason of the data packet integrity check failure, and the normal operation of a service between a transmitting end and the receiving end is ensured. The method comprises the following steps: when determining that the integrity check of a first data packet on a Data Radio Bearer (DRB) fails, a receiving end sends a first message to a sending end, wherein the first message is used for indicating that the integrity check fails; and the receiving end determines the reason of the first data packet integrity check failure on the DRB according to whether the receiving end successfully receives the response to the first message from the transmitting end within the preset time, wherein the response is subjected to integrity protection.

Description

Communication method and device
Technical Field
The present application relates to the field of communications, and more particularly, to a communication method and apparatus.
Background
In order to ensure the security of air interface communication and prevent the communication between the terminal device and the network device from being tampered or inserted, the network device may be configured to perform integrity protection on data transmitted over the air interface. A sender carries out integrity protection on a data packet to be sent, generates a media access control (MAC-I) according to a calculation parameter of an integrity message authentication code-integrity (MAC-I), and sends the MAC-I together with the MAC-I in a data packet header to a receiver. After receiving the data packet, the receiver performs integrity protection check on the content of the data packet, and the method comprises the following steps: and calculating the MAC-I of a received data packet by adopting the same method as the sender, comparing the MAC-I with the MAC-I in the received data packet header, if the MAC-I is the same as the MAC-I in the received data packet header, passing the check, and otherwise failing the check.
The reasons for the failure of the integrity protection check are mainly: attack of an attacker, for example, tampering the content of the data packet, or receiving a message received by a receiver, which is an insertion message (the integrity protection KEY is not consistent) sent by the attacker; or, the CRC check fails, that is, the air interface receives an error, but the CRC check does not identify the error, and the data packet with the error received by the air interface is delivered to the PDCP layer; or, the security parameters of the terminal device and the network device are out of synchronization.
In order to ensure normal service communication between the terminal device and the network device, the receiving party may adopt different processing modes for different reasons of failure of integrity protection check. Therefore, how to determine the reason for the failure of the packet integrity check is an urgent problem to be solved.
Disclosure of Invention
The application provides a communication method, which can determine the reason of the data packet integrity check failure, so that a receiving end can perform subsequent processing according to the reason of the data packet integrity check failure, and the normal operation of a service between a sending end and the receiving end is ensured.
In a first aspect, a communication method is provided, including: the receiving end determines that the integrity check of the first data packet on the data radio bearer DRB fails; the receiving end sends a first message to the sending end, wherein the first message is used for indicating that the integrity check fails;
and the receiving end determines the reason of the first data packet integrity check failure on the DRB according to whether the response to the first message is successfully received from the transmitting end on the DRB within the preset time, wherein the response is subjected to integrity protection.
Therefore, in this embodiment of the present application, when determining that the integrity check of the first data packet on the DRB fails, the receiving device sends a first message indicating that the integrity check failure occurs to the sending device, and after receiving the first message, the sending device sends a response to the first message to the receiving device, where the response is integrity-protected. And the receiving equipment determines the reason of the first data packet integrity check failure on the DRB according to whether the response to the first message is successfully received from the sending equipment on the DRB within the preset time or not, so that the receiving end can perform subsequent processing according to the reason of the data packet integrity check failure, and the normal operation of the service between the sending end and the receiving end is ensured.
In a possible manner, the first message is used to indicate that an integrity check failure occurs, and at the same time, the first message also implicitly requests the sending device to send a response to the first message to the receiving device; or the first message is used to request the sending device to send a response to the first message to the receiving device, that is to say implicitly indicates that an integrity check failure has occurred.
In a possible manner, the successful receiving of the response to the first message from the sending device means that the receiving device receives the integrity-protected response and the integrity check is successful, and if no response is received or the integrity check of the integrity-protected response fails, it indicates that the response to the first message is not successfully received from the sending device.
With reference to the first aspect, in certain implementations of the first aspect, the first message is a packet data convergence protocol, PDCP, control protocol data unit, PDU, associated with the DRB; or the first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
With reference to the first aspect, in certain implementation manners of the first aspect, the RRC message carries DRB information that the first packet integrity check fails.
At this time, the RRC message carries the DRB information that the first packet integrity check fails, and the sending device only needs to reply the response to the first message on the designated DRB, and does not need to reply the response to the first message on all DRBs of the terminal device, which can reduce signaling overhead.
With reference to the first aspect, in certain implementations of the first aspect, the first message includes a COUNT value of the first data packet or a PDCP sequence number SN of the first data packet.
At this time, the COUNT value of the first data packet or the PDCP SN of the first data packet is carried in the first message, so that the COUNT value or the PDCP SN of the response sent by the sending device to the first message is greater than the COUNT value or the PDCP SN of the first data packet.
With reference to the first aspect, in certain implementations of the first aspect, the response is a second data packet generated by the transmitting end, where the second data packet is in the same format as the PDCP data PDU of the DRB, and the second data packet includes first indication information, where the first indication information is used to indicate that the second data packet is the response; or the response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, and the second indication information is used for indicating that the RRC message is the response; or the response is a service data packet carried on the DRB.
With reference to the first aspect, in certain implementations of the first aspect, the second data packet includes a COUNT value or a PDCP SN, and the COUNT value or the PDCP SN included in the second data packet is greater than the COUNT value of the first data packet or the PDCP SN of the first data packet.
With reference to the first aspect, in certain implementations of the first aspect, the failure of the integrity check on the first data packet on the DRB includes: any first data packet integrity check on the data radio bearer fails; or the integrity check of the N consecutive first data packets on the data radio bearer fails; or M first data packet integrity checks on the data radio bearer fail within a first time period; wherein N >1 and M > 1.
At this time, when the receiving device fails to check the integrity of the N consecutive first data packets on the data radio bearer or when the receiving device fails to check the integrity of the M first data packets on the data radio bearer within the first time period, the receiving device sends the first message, which may reduce the number of times of sending the first message and reduce signaling overhead.
With reference to the first aspect, in some implementations of the first aspect, the specific value of N, M may be configured by the network device, may be pre-agreed by the receiving device and the sending device, and may also be specified by a protocol.
With reference to the first aspect, in some implementation manners of the first aspect, the determining, by the receiver, a reason for the failure of the integrity check of the first data packet on the DRB according to whether the response to the first message is successfully received from the sender within a preset time includes: when the receiving end successfully receives the response to the first message from the transmitting end within the preset time, the receiving end determines that the reason for the integrity check failure of the first data packet on the DRB is not the security parameter desynchronization; or when the receiving end does not successfully receive the response to the first message from the transmitting end within the preset time, the receiving end determines that the reason for the failure of the integrity check of the first data packet on the DRB is the security parameter desynchronization.
With reference to the first aspect, in certain implementations of the first aspect, after the receiving end sends the first message to the transmitting end when determining that the first packet integrity check on the data radio bearer DRB fails, the method further includes: and when the receiving end determines that the integrity check of a third data packet on the data radio bearer fails within the preset time, the receiving end does not send the first message to the sending end.
At this time, after the receiving end sends the first message to the sending end when determining that the integrity check of the first data packet on the data radio bearer DRB fails, the receiving end does not send the first message to the sending end when determining that the integrity check of the third data packet on the data radio bearer fails within the preset time, so that signaling overhead can be reduced.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: when the first message is sent to the sending end, the receiving end starts a timer, the timer is used for timing the preset time period, and when the receiving end receives the response during the running period of the timer, the timer is stopped to time; or when the receiving end does not receive the response during the running period of the timer, determining that the reason of the first data packet integrity check failure on the DRB is the security parameter desynchronization.
With reference to the first aspect, in some implementations of the first aspect, when it is determined that the reason for the failure of the integrity check of the first data packet on the DRB is that the security parameter is out of synchronization, the method further includes: when the receiving end is a terminal device, the receiving end initiates RRC reestablishment or sends the reason of the first data packet integrity check failure on the DRB to the sending end; or when the receiving end is the access network equipment, the receiving end triggers the transmitting end to perform RRC reestablishment or reconfigures the DRB.
In a second aspect, a communication method is provided, including: a sending end receives a first message from a receiving end, wherein the first message is used for indicating that integrity check failure occurs; and the sending end sends a response to the first message to the receiving end according to the first message, wherein the response is integrity protected.
With reference to the second aspect, in some implementations of the second aspect, the first message is a packet data convergence protocol PDCP control protocol data unit PDU associated with a data radio bearer DRB, and the first packet integrity check on the DRB fails; or the first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
With reference to the second aspect, in some implementations of the second aspect, the first message includes a COUNT value of the first data packet or a PDCP sequence number SN of the first data packet.
With reference to the second aspect, in certain implementations of the second aspect, the response is a second data packet generated by the transmitting end, where the second data packet is in the same format as the PDCP data PDU of the DRB, and the second data packet includes first indication information, where the first indication information is used to indicate that the second data packet is the response; or the response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, and the second indication information is used for indicating that the RRC message is the response; or the response is a service data packet carried on the DRB; wherein the first packet integrity check on the DRB fails.
With reference to the second aspect, in some implementations of the second aspect, the second data packet includes a COUNT value or a PDCP SN, and the COUNT value or the PDCP SN included in the second data packet is greater than the COUNT value of the first data packet or the PDCP SN of the first data packet.
In a third aspect, a communication apparatus is provided, including: a determining module, configured to determine that a first data packet integrity check on a data radio bearer DRB fails;
a sending module, configured to send a first message to a sending end, where the first message is used to indicate that an integrity check failure occurs;
the determining module is further configured to determine whether a response to the first message is successfully received from the sender on the DRB within a preset time, and determine a reason why the integrity check of the first data packet on the DRB fails, where the response is integrity protected.
With reference to the third aspect, in certain implementations of the third aspect, the first message is a packet data convergence protocol, PDCP, control protocol data unit, PDU associated with the DRB; or the first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
With reference to the third aspect, in certain implementations of the third aspect, the first message includes a COUNT value of the first data packet or a PDCP sequence number SN of the first data packet.
With reference to the third aspect, in certain implementations of the third aspect, the response is a second data packet generated by the transmitting end, where the second data packet is in the same format as the PDCP data PDU of the DRB, and the second data packet includes first indication information, where the first indication information is used to indicate that the second data packet is the response; or the response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, and the second indication information is used for indicating that the RRC message is the response; or the response is a service data packet carried on the DRB.
With reference to the third aspect, in certain implementations of the third aspect, the second data packet includes a COUNT value or a PDCP SN, and the COUNT value or the PDCP SN included in the second data packet is greater than the COUNT value of the first data packet or the PDCP SN of the first data packet.
With reference to the third aspect, in some implementations of the third aspect, the failure of the integrity check on the first packet on the DRB includes: any first data packet integrity check on the data radio bearer fails; or the integrity check of the N consecutive first data packets on the data radio bearer fails; or M first data packet integrity checks on the data radio bearer fail within a first time period; wherein N >1 and M > 1.
With reference to the third aspect, in some implementations of the third aspect, the processing module is specifically configured to: when a response to the first message is successfully received from the sender within a preset time, determining that the reason for the first packet integrity check failure on the DRB is not security parameter desynchronization; or when the response to the first message is not successfully received from the sender within the preset time, determining that the reason for the failure of the integrity check of the first data packet on the DRB is the loss of synchronization of the security parameters.
With reference to the third aspect, in certain implementations of the third aspect, after the receiving end sends the first message to the sending end when determining that the first packet integrity check on the data radio bearer DRB fails, the processing module is further configured to: and when the receiving end determines that the integrity check of a third data packet on the data radio bearer fails within the preset time, the receiving end does not send the first message to the sending end.
With reference to the third aspect, in certain implementations of the third aspect, the processing module is further configured to: when the first message is sent to the sending end, a timer is started, the timer is used for timing the preset time period, and when the receiving end receives the response during the running period of the timer, the timer is stopped to time; or when the receiving end does not receive the response during the running period of the timer, determining that the reason of the first data packet integrity check failure on the DRB is the security parameter desynchronization.
With reference to the third aspect, in some implementations of the third aspect, when it is determined that the reason for the first packet integrity check failure on the DRB is security parameter desynchronization, and when the receiving device is a terminal, the receiving device further includes a sending module, where the sending module is configured to initiate RRC reestablishment or send, to the sending end, the reason for the first packet integrity check failure on the DRB; or when the receiving device is a network side, the receiving device further includes a sending module, and the sending module is configured to trigger the sending end to perform RRC reestablishment or the processing module to reconfigure the DRB.
In a fourth aspect, a communication apparatus is provided, including:
a receiving module, configured to receive a first message from a receiving end, where the first message is used to indicate that an integrity check failure occurs;
a sending module, configured to send a response to the first message to the receiving end according to the first message, where the response is integrity protected.
With reference to the fourth aspect, in some implementations of the fourth aspect, the first message is a packet data convergence protocol PDCP control protocol data unit PDU associated with a data radio bearer DRB, and the integrity check of the first data packet on the DRB fails; or the first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
With reference to the fourth aspect, in some implementations of the fourth aspect, the first message includes a COUNT value of the first data packet or a PDCP sequence number, SN, of the first data packet.
With reference to the fourth aspect, in some implementations of the fourth aspect, the response is a second data packet generated by the sending end, where the second data packet is in the same format as the PDCP data PDU of the DRB, and the second data packet includes first indication information, where the first indication information is used to indicate that the second data packet is the response; or the response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, and the second indication information is used for indicating that the RRC message is the response; or the response is a service data packet carried on the DRB; wherein the first packet integrity check on the DRB fails.
With reference to the fourth aspect, in some implementations of the fourth aspect, the second data packet includes a COUNT value or a PDCP SN, and the COUNT value or the PDCP SN included in the second data packet is greater than the COUNT value or the PDCP SN of the first data packet.
In a fifth aspect, a communication apparatus is provided, including: at least one processor, a memory for storing instructions or application code, and a transceiver for implementing corresponding communication functions, the stored instructions or application code being directly or indirectly executable by the at least one processor such that the communication device may perform the method of the first aspect or any of the alternative implementations of the first aspect.
In a sixth aspect, a communication apparatus is provided, including: at least one processor, a memory for storing instructions or application code, and a transceiver for implementing corresponding communication functions, the stored instructions or application code being directly or indirectly executable by the at least one processor such that the communication device may perform the method of the second aspect or any of its alternative implementations.
In a seventh aspect, a chip system is provided, including: at least one processor configured to execute stored instructions such that a receiving end may perform the method of the first aspect or any optional implementation of the first aspect.
In an eighth aspect, a chip system is provided, which includes: at least one processor configured to execute stored instructions to enable a sender to perform the method of the second aspect or any optional implementation of the second aspect.
In a ninth aspect, a computer program product is provided, which comprises instructions that, when executed, enable a receiving end to perform the method of the first aspect or any optional implementation manner of the first aspect.
A tenth aspect provides a computer program product comprising instructions that, when executed, cause a sender to perform the method of the second aspect or any of the optional implementations of the second aspect.
In an eleventh aspect, a computer storage medium is provided, which stores program instructions, and when the instructions are executed, a receiving end may execute the method in the second aspect or any optional implementation manner of the second aspect.
In a twelfth aspect, a computer storage medium is provided, which stores program instructions that, when executed, a sender may perform the method of the second aspect or any of the optional implementations of the second aspect.
Drawings
Fig. 1 is a schematic block diagram of a communication system architecture according to a communication method and apparatus of the present application.
Fig. 2 is a schematic flow chart of a communication method of the present application.
Fig. 3 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.
Fig. 4 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.
Fig. 5 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.
Fig. 6 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a global system for mobile communications (GSM) system, a Code Division Multiple Access (CDMA) system, a Wideband Code Division Multiple Access (WCDMA) system, a General Packet Radio Service (GPRS), a long term evolution (long term evolution, LTE) system, a LTE Frequency Division Duplex (FDD) system, a LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a future fifth generation (5G) or New Radio (NR) system, and the like.
Terminal equipment in the embodiments of the present application may refer to user equipment, access terminals, subscriber units, subscriber stations, mobile stations, remote terminals, mobile devices, user terminals, wireless communication devices, user agents, or user devices. The terminal device may also be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication function, a computing device or other processing device connected to a wireless modem, a vehicle-mounted device, a wearable device, a terminal device in a future 5G network or a terminal device in a future evolved Public Land Mobile Network (PLMN), and the like, which are not limited in this embodiment.
The network device in this embodiment may be a device for communicating with a terminal device, where the network device may be a Base Transceiver Station (BTS) in a global system for mobile communications (GSM) system or a Code Division Multiple Access (CDMA) system, may also be a base station (NodeB) in a Wideband Code Division Multiple Access (WCDMA) system, may also be an evolved NodeB (eNB) or eNodeB) in an LTE system, may also be a wireless controller in a Cloud Radio Access Network (CRAN) scenario, or may be a relay station, an access point, a vehicle-mounted device, a wearable device, a network device in a future 5G network, or a network device in a future evolved PLMN network, and the like, and the present embodiment is not limited.
In the embodiment of the application, the terminal device or the network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a Central Processing Unit (CPU), a Memory Management Unit (MMU), and a memory (also referred to as a main memory). The operating system may be any one or more computer operating systems that implement business processing through processes (processes), such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system. The application layer comprises applications such as a browser, an address list, word processing software, instant messaging software and the like. Furthermore, the embodiment of the present application does not particularly limit the specific structure of the execution main body of the method provided by the embodiment of the present application, as long as the communication can be performed according to the method provided by the embodiment of the present application by running the program recorded with the code of the method provided by the embodiment of the present application, for example, the execution main body of the method provided by the embodiment of the present application may be a terminal device or a network device, or a functional module capable of calling the program and executing the program in the terminal device or the network device.
In addition, various aspects or features of the present application may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer-readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips, etc.), optical disks (e.g., Compact Disk (CD), Digital Versatile Disk (DVD), etc.), smart cards, and flash memory devices (e.g., erasable programmable read-only memory (EPROM), card, stick, or key drive, etc.). In addition, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" can include, without being limited to, wireless channels and various other media capable of storing, containing, and/or carrying instruction(s) and/or data.
Fig. 1 is a schematic diagram of a communication system 100 employing a communication method and apparatus of the present application. As shown in fig. 1, the communication system 100 includes a network device 102, and the network device 102 may include a plurality of antennas, e.g., antennas 104, 106, 108, 110, 112, and 114. Additionally, network device 102 can additionally include a transmitter chain and a receiver chain, each of which can comprise a plurality of components associated with signal transmission and reception (e.g., processors, modulators, multiplexers, demodulators, demultiplexers, antennas, etc.), as will be appreciated by one skilled in the art.
Network device 102 may communicate with a plurality of terminal devices, such as terminal device 116 and terminal device 122. However, it is understood that network device 102 may communicate with any number of standard terminal devices similar to terminal devices 116 or 122.
As shown in fig. 1, terminal device 116 is in communication with antennas 112 and 114, where antennas 112 and 114 transmit information to terminal device 116 over forward link 118 and receive information from terminal device 116 over reverse link 120. In addition, terminal device 122 is in communication with antennas 104 and 106, where antennas 104 and 106 transmit information to terminal device 122 over forward link 124 and receive information from terminal device 122 over reverse link 126.
In a Frequency Division Duplex (FDD) system, forward link 118 may utilize a different frequency band than reverse link 120, and forward link 124 may employ a different frequency band than reverse link 126, for example.
As another example, in Time Division Duplex (TDD) systems and Full Duplex (Full Duplex) systems, forward link 118 and reverse link 120 may utilize a common frequency band and forward link 124 and reverse link 126 may utilize a common frequency band.
Each antenna (or group of antennas consisting of multiple antennas) and/or area designed for communication is referred to as a sector of network device 102. For example, antenna groups may be designed to communicate to terminal devices in a sector of the areas covered by network device 102. During communication by network device 102 with terminal devices 116 and 122 over forward links 118 and 124, respectively, the transmitting antennas of network device 102 may utilize beamforming to improve signal-to-noise ratio of forward links 118 and 124. Moreover, mobile devices in neighboring cells can experience less interference when network device 102 utilizes beamforming to transmit to terminal devices 116 and 122 scattered randomly through an associated coverage area, as compared to a manner in which a network device transmits through a single antenna to all its terminal devices.
At a given time, network device 102, terminal device 116, or terminal device 122 may be a wireless communication transmitting apparatus and/or a wireless communication receiving apparatus. When sending data, the wireless communication sending device may encode the data for transmission. In particular, a wireless communication transmitting device may obtain (e.g., generate, receive from other communication devices, or save in memory, etc.) a number of scalar data bits to be transmitted over a channel to a wireless communication receiving device. Such data bits may be contained in a transport block (or transport blocks) of data, which may be segmented to produce multiple code blocks.
It should be understood that fig. 1 is a simplified schematic diagram of an example, and that other network devices, not shown in fig. 1, may also be included in the communication system.
It should be understood that, in the embodiments of the present application, a receiving end may be a generic term of a receiving device or a component (e.g., a chip or a circuit, etc.) that may be used for the receiving device, and a transmitting end may be a generic term of a transmitting device or a component (e.g., a chip or a circuit, etc.) that may be used for the transmitting device. Corresponding to downlink transmission, the receiving end can be terminal equipment, and the sending equipment can be network equipment; corresponding to the uplink transmission, the receiving device may be a network device, and the transmitting device may be a terminal device.
In the following, a receiving side is a receiving device, and a transmitting side is a transmitting device.
In order to ensure the security of air interface communication and prevent the communication between the terminal device and the network device from being tampered or inserted, the network device may be configured to perform integrity protection on data transmitted over the air interface. The sending equipment carries out integrity protection on a data packet to be sent, generates a MAC-I according to a calculation parameter of an integrity message authentication code-integrity (MAC-I), and sends the MAC-I and the MAC-I to the receiving equipment together in a data packet header. The calculation parameters of the integrity authentication code may include: data packet content, integrity protection KEY KEY (K)RRCint) An integrity protection algorithm, a BEARER ID to send the packet, a COUNT value, and a DIRECTION direct (indicating whether the packet is a downstream packet or an upstream packet). When the COUNT value is a data packet, the sending device first determines on which bearer the data packet is sent, and then assigns a COUNT value corresponding to the bearer to the data packet (the COUNT value may be understood as a COUNT of data packets sent on the bearer, and is assigned in a sequential accumulation manner). The COUNT is composed of two parts, the high-order part is a Hyper Frame Number (HFN), and the low-order part is a packet data convergence protocol sequence number (PDCP SN). The PDCP SN is the PDCP sequence number of the data packetThe HFN is carried in the packet header, is not transmitted over the air interface, and is maintained by the sending device and the receiving device respectively. The calculation parameters of the integrity authentication code only comprise the data packet content and the PDCP SN in the COUNT, which are transmitted in an air interface.
And after receiving the data packet, the receiving equipment performs integrity protection check on the content of the data packet. A MAC-I is calculated according to the same device method as above and compared with the MAC-I in the packet header, and if they are the same, the check is passed, otherwise the check fails. This requires that the parameters of the MAC-I calculated by the sending device and the receiving device must be completely identical in order to check for a pass. Because only the network device and the terminal device have the correct integrity protection KEY, only the sending device uses the correct KEY to generate the correct MAC-I, and if the data is tampered, the receiving device uses the same process to generate different MAC-I, thereby identifying the problem and achieving the purpose of integrity protection.
Optionally, the reasons for the failure of the integrity protection check mainly include the following three reasons:
1. attack by an attacker. For example, the attacker has tampered the content of the data packet, or the data packet received by the receiving device is an insertion message, that is, the data packet is sent by the attacker, and the sending device does not send the data packet.
2. When Cyclic Redundancy Check (CRC) fails, that is, the air interface receives an error, but the CRC does not identify the error, the data packet with the error received by the air interface is delivered to the PDCP layer.
3. The security parameters of the terminal device and the network device are out of synchronization. Mainly COUNT out of sync (PDCN SN in COUNT is sent in message, so there is no out of sync, mainly HFN out of sync).
One possible way to deal with the failure of the integrity protection check due to cause 1 and cause 2 is to directly discard the packet.
For the integrity protection check failure caused by the reason 3, except that the data packet is discarded, if the integrity protection check failure occurs on the terminal equipment side, a possible processing mode is to initiate an RRC reestablishment procedure (the COUNT value is reset to zero after reestablishment) to solve the out-of-step problem; if the integrity protection check fails on the network device side, one possible processing method is to trigger the terminal device to initiate an RRC reestablishment procedure.
If the reason for the integrity protection check failure is not distinguished, for example, when the integrity protection check fails, the receiving device generally adopts a method of directly discarding the data packet, and once the security parameters of the terminal device and the network device are out of synchronization, the data packet in the direction of the bearer between the terminal device and the network device will all fail to perform the integrity protection check, and the service on the bearer between the terminal device and the network device cannot be communicated.
If the integrity protection check fails, the receiving device uniformly adopts a reestablishment mode, if an attacker frequently sends attack packets, the terminal device will continuously perform a reestablishment process, and the reestablishment process will cause interruption of user services, thus causing the terminal device to be incapable of performing normal services.
In view of the above problems, embodiments of the present application provide a communication method and device, which can determine a reason for a failure of integrity check of a data packet, and further enable a receiving end to perform subsequent processing according to the reason for the failure of integrity check of the data packet, thereby ensuring that a service between the sending end and the receiving end is performed normally.
A communication method provided in the embodiment of the present application is described in detail below with reference to fig. 2. Fig. 2 is a schematic flow chart of a communication method 200 according to an embodiment of the present application, where the method 200 may be applied in the scenario shown in fig. 1, and of course, may also be applied in other communication scenarios, and the embodiment of the present application is not limited herein.
As shown in fig. 2, the method 200 may include the following.
In 210, the receiving device determines that the first data packet integrity check on the data radio bearer DRB fails.
At 220, the receiving device sends a first message to the sending device indicating that an integrity check failure occurred.
In a possible manner, the first message is used to indicate that an integrity check failure has occurred, which means that the first message may also implicitly request the sending device to send a response to the first message to the receiving device; or the first message is used to request the sending device to send a response to the first message to the receiving device, that is to say implicitly indicates that an integrity check failure has occurred.
In 230, the sending device receives the first message from the receiving device.
In 240, the sending device sends a response to the first message to the receiving device based on the first message, wherein the response is integrity protected.
It will be appreciated that the response is integrity protected i.e. the sending device integrity protects the response, and the sending device generates a MAC-I based on the calculated parameters of the integrity message authentication code and sends it together with the response to the receiving device.
At 250, the receiving device determines a reason for the failure of the integrity check of the first data packet on the DRB according to whether the response to the first message is successfully received on the DRB from the sending device within a preset time.
In one possible approach, successful receipt of the response to the first message from the sending device means that the receiving device receives an integrity-protected response and the integrity check is successful, and if no response is received or the integrity check of the response fails, it indicates that the response to the first message was not successfully received from the sending device.
Therefore, in this embodiment of the present application, when determining that the integrity check of the first data packet on the DRB fails, the receiving device sends a first message indicating that the integrity check failure occurs to the sending device, and after receiving the first message, the sending device sends a response to the first message to the receiving device, where the response is integrity protected. The receiving device determines the reason of the first data packet integrity check failure on the DRB according to whether the response to the first message is successfully received from the sending device within the preset time, so that the receiving device can perform subsequent processing according to the reason of the data packet integrity check failure, and the normal operation of the service between the sending device and the receiving device is ensured.
Optionally, the first message is a packet data convergence protocol PDCP control protocol data unit PDU associated with the DRB; or the first message is a radio resource control, RRC, message for indicating that an integrity check failure has occurred.
Specifically, the first message is a packet data convergence protocol PDCP control protocol data unit PDU associated with the DRB, that is, when the receiving device determines that the first packet integrity check on the data radio bearer DRB fails, the receiving device triggers a PDCP control PDU corresponding to the DRB (the PDCP control PDU is a new PDCP control PDU), where the PDCP control PDU is used to indicate that the integrity check failure occurs, and since the PDCP control PDU corresponds to the DRB where the first packet integrity check failure occurs, that is, the PDCP control PDU is sent by being carried on the DRB, it is not necessary to indicate a DRB identification ID in the PDCP control PDU. The transmitting device transmits a response to the first message on the DRB after receiving the first message.
When the first message is a radio resource control, RRC, message, the first message is sent over a signaling bearer, that is, an RRC message is sent. Optionally, the RRC message carries DRB information that the first packet integrity check fails, such as DRBID, the sending device needs to reply the response to the first message on the specified DRB, or the RRC message does not carry DRB information, and the sending device needs to reply the response to the first message on all DRBs of the terminal device.
Optionally, the first message includes a COUNT value of the first data packet or a PDCP sequence number SN of the first data packet.
Specifically, when the first message is a packet data convergence protocol PDCP control protocol data unit PDU associated with the DRB or the first message is a radio resource control RRC message, the first message may carry a COUNT value or a PDCP SN sequence number of the first data packet in which the integrity check fails. And enabling the sending equipment to send the response to the first message, wherein the COUNT value or the PDCP SN sequence number of the response to the first message is larger than that of the first data packet.
Optionally, the response is a second data packet generated by the transmitting end, where the second data packet has the same format as the PDCP data PDU of the DRB, and the second data packet includes first indication information, where the first indication information is used to indicate that the second data packet is the response; or
The response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, and the second indication information is used for indicating that the RRC message is the response; or
The response is a service data packet carried on the DRB.
Specifically, after receiving the first message, the sending device generates a response, where the response is a second data packet generated by the sending device, where the second data packet is a data packet constructed by the sending device after receiving the first message, and the second data packet does not belong to a service data packet between the sending device and the receiving device. The response may use the PDCP data PDU format of the DRB, i.e. the response "spoofs" a normal user data packet, but carries the first indication information indicating that this is a response, e.g. using a bit to indicate. The data portion of the response may be the sending device itself generated, such as randomly generated data, or the received first message, etc. The response is encrypted and integrity protected as normal user data packets. The receiving device knows from the first indication that the response is not a normal user data packet and does not deliver the response to higher layers.
Optionally, the second packet includes a COUNT value or a PDCP SN, and the COUNT value or the PDCP SN of the second packet is greater than the COUNT value or the PDCP SN of the first packet.
In particular, when the response is the second packet, the sending device will assign the next COUNT value or PDCP SN sequence number on the bearer (which is no longer assigned to other packets) to the response, i.e. the response "spoofs" a normal user packet. The next COUNT value or PDCP SN sequence number is the next COUNT value or PDCP SN sequence number of the COUNT value or PDCP SN sequence number currently allocated by the transmitting device. Taking the PDCP SN sequence number as an example, the receiving device already allocates the PDCP SN sequence number 6 to a data packet, and when the transmitting device constructs the second data packet, the PDCP SN sequence number of the second data packet is 7.
In the current prior art, the following two PDCP data PDU formats of different PDCP SN lengths are defined as shown in table 1 and table 2. Table 1 shows a format of PDCP data PDU containing 12 bits of PDCP SN, and Table 2 shows a format of PDCP data PDU containing 18 bits of PDCP SN, which is a bit string having a length arranged in bytes, i.e., an integer multiple of 8 bits. The bit sequence of each parameter field in the PDCP PDU is that the leftmost bit is the highest bit and the rightmost bit is the lowest bit. Wherein the first bit D/C on the left is used to indicate whether the PDU is a control PDU or a data PDU; r is a reserved bit; cont. in the table indicates continuity, and as in table 1, the PDCP SN is 12 bits, the last four bits of byte 1 and 8 bits of byte 2 (the PDCP SN (cont.) of byte 2 indicates connection with the PDCP SN of byte 1); optional in the table indicates that the MAC-I value is optional.
TABLE 1 PDCP data PDU format containing 12-bit PDCP SN
TABLE 2 PDCP data PDU format containing 18-bit PDCP SN
In the prior art, no indication information is included in two PDCP data PDU formats with different PDCP SN lengths, and when the response is a data packet constructed by the sending device after receiving the first message, since the response uses the PDCP data PDU format of the DRB, that is, the response "spoofs" a normal user data packet, but the response is not a service data packet between the sending device and the receiving device, the response may carry the first indication information, and the first indication information is used to indicate that the data packet is a "response". For example, the F field may be newly defined, indicated using a bit (e.g., an R bit as shown in tables 3 and 4), for indicating that the packet is a response.
TABLE 3 PDCP data PDU format of 12-bit PDCP SN containing indication information
TABLE 4 PDCP data PDU format of 18-bit PDCP SN containing indication information
It should be understood that tables 3 and 4 only show one PDCP data PDU format containing the first indication information, and the PDCP data PDU containing the first indication information may also be in other formats, such as the first indication information is represented by two bits, and the application is not limited to the PDCP data PDU format containing the first indication information.
It should be appreciated that the response may also use a new PDCP control PDU format, which carries a PDCP SN on the DRB, which is integrity protected based on the PDCP SN.
When the response is an RRC message, the RRC message is carried on the DRB and has the same format as the PDCP data PDU of the DRB, the RRC message includes second indication information, where the second indication information is used to indicate that the RRC message is the response, so that the receiving device identifies the special "data" in the PDCP layer and delivers the special "data" to the RRC layer instead of delivering the special "data" to a higher layer of the user plane, and the second indication information, for example, 1bit, is introduced into the data PDU format of the PDCP layer to indicate that the RRC message is a response.
When the response is a service data packet carried on the DRB, that is, the response is not a special message but a service data packet whose integrity check is successfully received on the DRB. That is, after the receiving device sends the first message, the receiving device receives a data packet with successful integrity check on the DRB, i.e., the data packet is considered as a response to the first message.
Optionally, the response may also be encrypted in order to secure the communication between the receiving device and the sending device.
Optionally, the COUNT value of the service packet for which the integrity check is successful is greater than the COUNT value of the first packet for which the integrity check fails.
In the embodiment of the present application, the COUNT value of the service packet whose integrity check is successful is greater than the COUNT value of the first packet whose integrity check is unsuccessful, so that it is possible to avoid generating an erroneous "response" due to non-sequential reception. That is, due to the transmission of the bottom layer, the failed data packet arrives at the receiving end first, and the data packet before the failed data packet (with smaller COUNT value) arrives later, so as to avoid that these later arriving data packets are mistakenly regarded as "response".
Optionally, the failure of the integrity check on the first data packet on the DRB includes: any one of the first data packet integrity checks on the data radio bearer fails; or the integrity check of N consecutive first data packets on the data radio bearer fails; or M first data packet integrity checks on the data radio bearer fail within a first time period; wherein N >1 and M > 1.
Specifically, the receiving device sends the first message when the integrity check of any one of the first data packets on the data radio bearer fails; or the receiving device fails to check the integrity of the continuous N first data packets on the data radio bearer; or the receiving device sends the first message when the integrity check of the M first data packets on the data radio bearer fails in the first time period. The receiving device sends the first message when the integrity check of the N consecutive first data packets on the data radio bearer fails or when the integrity check of the M first data packets on the data radio bearer fails within a first time period, which can reduce the sending times of the first message and reduce signaling overhead.
It should be understood that the specific values of N and M may be configured by the network device, may be predetermined by the receiving device and the sending device, and may also be specified by the protocol.
Optionally, the determining, by the receiver, a reason for the failure of the integrity check of the first data packet on the DRB according to whether the response to the first message is successfully received from the sender within a preset time includes:
when the receiving end successfully receives the response to the first message from the transmitting end within the preset time, the receiving end determines that the reason why the integrity check of the first data packet on the DRB fails is not the security parameter desynchronization; or when the receiver does not successfully receive the response to the first message from the sender within the preset time, the receiver determines that the reason for the failure of the integrity check of the first data packet on the DRB is the security parameter desynchronization.
Specifically, if the DRB successfully receives the response to the first message from the sender within the preset time, it indicates that the security parameter is not out of synchronization, which may be caused by an attack or a CRC failure, and the receiving device discards the first data packet with the integrity check failure.
If the response is the second packet, the receiving device does not deliver the data portion of the second packet to higher layers, but directly discards the response, since the response is not a normal user data; or
If the response is the RRC message, the receiving device transfers the RRC message to the RRC layer, and the RR layer processes the RRC message, such that the response is discarded; or if the response message is the service data packet sent by the sending device on the DRB, the receiving device submits the data part of the service data packet to a higher layer for processing.
Optionally, after the receiving end sends the first message to the sending device when determining that the integrity check of the first data packet on the data radio bearer DRB fails, the method further includes:
and when the receiving end determines that the integrity check of the third data packet on the data radio bearer fails within the preset time, the receiving end does not send the first message to the sending end.
Specifically, after the receiving end determines that the integrity check of the first data packet on the data radio bearer DRB fails, the receiving end sends the first message to the sending device, and within the preset time, if the integrity check of the bearer data fails again, the receiving end directly discards the data packet without triggering the first message, or does not send the first message any more within a first time period (the first time period is less than or equal to the preset time) after sending the first message, so as to reduce the signaling overhead.
Optionally, the method further comprises: when the first message is sent to the sending end, the receiving end starts a timer, the timer is used for timing the preset time period,
stopping the timer to time when the receiving end receives the response during the running period of the timer; or
And when the receiving end does not receive the response during the running of the timer, determining that the reason for the failure of the integrity check of the first data packet on the DRB is the loss of synchronization of the security parameters.
Specifically, when the first message is sent to the sending end, the receiving end starts a timer, a timing duration of the timer is the preset time, the timer is of a bearer level, and each DRB may correspond to one timer. During the timer running, even if the packet integrity check failure occurs again, the first message is not triggered for the DRB any more. And during the running period of the timer, when the receiving end receives the response, determining that the reason of the first data packet integrity check failure on the DRB is not the security parameter desynchronization, and stopping the timer for timing, or during the running period of the timer, when the receiving end does not receive the response, determining that the reason of the first data packet integrity check failure on the DRB is the security parameter desynchronization.
Optionally, when it is determined that the reason for the failure of the integrity check of the first data packet on the DRB is that the security parameters are out of synchronization, the method further includes: when the receiving end is a terminal device, the receiving end initiates RRC reestablishment or the receiving end sends the reason of the integrity check failure of the first data packet on the DRB to the sending end; or when the receiving end is the access network device, the receiving end triggers the transmitting end to perform RRC reestablishment or the receiving end reconfigures the DRB.
Specifically, if the receiving device is a terminal device, the terminal device initiates RRC re-establishment, or the terminal device notifies the access network device of security parameter desynchronization by sending an RRC message (to notify the access network device to reconfigure the DRB, such as release and add the DRB again), and so on; and if the receiving equipment is access network equipment, releasing and increasing the DRB again, or triggering the UE to perform RRC reestablishment, or releasing the UE to enter an idle state and the like.
Therefore, the receiving device can execute different operations according to the determined reason of the failure of the integrity check, namely whether the reason is caused by the loss of the safety parameters, thereby ensuring that the service between the sending device and the receiving device is normally carried out.
Fig. 3 is a schematic block diagram of a communication device 300 according to the present application. The communication device correspondingly implements the corresponding operations or steps of the receiving end in the foregoing embodiments, as shown in fig. 3, the communication device 300 includes the following modules.
A determining module 310, configured to determine that the first data packet integrity check on the data radio bearer DRB fails;
a sending module 320, configured to send a first message to a sending end, where the first message is used to indicate that an integrity check failure occurs;
the determining module 310 is further configured to determine a reason for the failure of the integrity check of the first data packet on the DRB according to whether a response to the first message is successfully received from the sender within a preset time, where the response is integrity protected.
Optionally, the determining module 310 and the sending module 320 are configured to execute each operation of a receiving device in the communication method 200 of the present application, and further refer to corresponding descriptions in method embodiments, which are not described herein again for brevity.
It is to be understood that the communication apparatus 300 may be a receiving device, or may be a component (e.g., a chip or a circuit) that can be used in the receiving device, and this is not limited in this embodiment of the application.
Fig. 4 is a schematic block diagram of a communication device 400 according to the present application. As shown in fig. 4, the communication apparatus 400 includes the following modules.
A receiving module 410, configured to receive a first message from a receiving end, where the first message is used to indicate that an integrity check failure occurs.
A sending module 420, configured to send, to the receiving end, a response to the first message according to the first message, where the response is integrity protected.
Optionally, the receiving module 410 and the sending module 420 are configured to execute each operation of a sending device in the communication method 200 of the present application, and further refer to corresponding descriptions in the method embodiments, which are not described herein again for brevity.
It is to be understood that the communication apparatus 400 may be a sending device, or may be a component (e.g., a chip or a circuit) that can be used in a sending device, and this is not limited in this embodiment of the application.
Fig. 5 shows a schematic block diagram of a communication apparatus 500 provided by the present application, the communication apparatus 500 comprising:
a memory 510 for storing a program, the program comprising code;
a transceiver 520 for implementing a corresponding communication function;
a processor 530 for executing the program code in memory 510.
Optionally, when the code is executed, the processor 530 may implement the operations of the method 200, which are not described herein for brevity. The transceiver 520 is used to perform specific signal transceiving under the driving of the processor 530.
The communication device 500 may perform the operations of the determining module for any one of the receiving device and the sending device, and the transceiver may include a transmitter and/or a receiver, and perform the corresponding steps of the sending module and the receiving module, respectively.
An embodiment of the present application further provides a communication apparatus 600, as shown in fig. 6. The communication device 600 may include a transceiver 601. Optionally, at least one processor 602 may also be included. Optionally, a memory 603 may also be included.
The processor 602, the memory 603 and the communication interface transceiver 601 may be connected via a communication line.
The processor 602 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more Digital Signal Processors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
The memory 603 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to include or store desired program code in the form of instructions or data structures and that can be accessed by a computer. In one possible design, the memory 603 may exist separately from the processor 602, and in this case, the memory 603 may be connected to the processor 602 through a communication line. In yet another possible design, the memory 603 may also be integrated with the processor 602.
The memory 603 may be used for storing execution instructions or application program codes, and is controlled by the processor 602 to execute, so as to implement the communication method provided by the above-mentioned embodiment of the present application; and/or may be used to temporarily store some data and instruction information, etc. In one possible approach, the memory 603 may be, for example, a cache.
It should be noted that, in a specific implementation process, the apparatus 600 may also include other hardware devices, which are not listed herein.
In an example of the present application, the determining module 310 of fig. 3 may be implemented by the processor 602, the transmitting module 320 of fig. 3 may be implemented by the transceiver 601, and the receiving module 410 and the transmitting module 420 of fig. 4 may be implemented by the transceiver 601.
It will be apparent to those skilled in the art that all or part of the steps of the above method may be performed by hardware associated with program instructions, and the program may be stored in a computer readable storage medium such as ROM, RAM, optical disk, etc.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer. The computer may be a general purpose computer, a special purpose computer, a computer network, a network appliance, a user device, or other programmable apparatus. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or can comprise one or more data storage devices, such as a server, a data center, etc., that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., Digital Video Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (19)

1. A method of communication, comprising:
the receiving end determines that the integrity check of the first data packet on the data radio bearer DRB fails;
the receiving end sends a first message to the sending end, wherein the first message is used for indicating that the integrity check fails;
and the receiving end determines the reason of the first data packet integrity check failure on the DRB according to whether the response to the first message is successfully received from the transmitting end on the DRB within the preset time, wherein the response is subjected to integrity protection.
2. The method of claim 1, wherein the first message is a packet data convergence protocol, PDCP, control protocol data unit, PDU, associated with the DRB; or
The first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
3. The method of claim 2, wherein the first message comprises a COUNT value of the first packet or a PDCP sequence number, SN, of the first packet.
4. The method according to any of claims 1 to 3, wherein the response is a second data packet generated by the transmitting end, the second data packet having the same format as the PDCP data PDU of the DRB, the second data packet comprising first indication information for indicating that the second data packet is the response; or
The response is an RRC message, the RRC message is carried on the DRB and has the same format with a PDCP data PDU of the DRB, the RRC message comprises second indication information, and the second indication information is used for indicating that the RRC message is the response; or
The response is a service data packet carried on the DRB.
5. The method of claim 4, wherein the second packet comprises a COUNT value or a PDCP SN that is greater than the COUNT value or the PDCP SN of the first packet.
6. The method of any of claims 1 to 5, wherein the failure of the first packet integrity check on the DRB comprises:
any first data packet integrity check on the data radio bearer fails; or
The integrity check of the N consecutive first data packets on the data radio bearer fails; or
M first data packet integrity checks on the data radio bearer fail within a first time period;
wherein N >1 and M > 1.
7. The method according to any of claims 1 to 6, wherein the determining, by the receiving end, a reason for the first packet integrity check failure on the DRB according to whether the response to the first message is successfully received from the transmitting end within a preset time includes:
when the receiving end successfully receives the response to the first message from the transmitting end within the preset time, the receiving end determines that the reason for the integrity check failure of the first data packet on the DRB is not the security parameter desynchronization; or
When the receiving end does not successfully receive the response to the first message from the transmitting end within the preset time, the receiving end determines that the reason for the failure of the integrity check of the first data packet on the DRB is the security parameter desynchronization.
8. The method according to any of claims 1 to 7, wherein after the receiving end sends a first message to a sending end when determining that the first packet integrity check on the Data Radio Bearer (DRB) fails, the method further comprises:
and when the receiving end determines that the integrity check of a third data packet on the data radio bearer fails within the preset time, the receiving end does not send the first message to the sending end.
9. The method of claim 8, further comprising:
when the first message is sent to the sending end, the receiving end starts a timer, the timer is used for timing the preset time period,
stopping the timer for timing when the receiving end receives the response during the running period of the timer; or
And when the receiving end does not receive the response during the running period of the timer, determining that the reason for the failure of the integrity check of the first data packet on the DRB is the loss of synchronization of the security parameters.
10. The method according to any of claims 1 to 9, wherein upon determining that the reason for the first packet integrity check failure on the DRB is a security parameter loss of synchronization, the method further comprises:
when the receiving end is a terminal device, the receiving end initiates RRC reestablishment or sends the reason of the first data packet integrity check failure on the DRB to the sending end; or
When the receiving end is an access network device, the receiving end triggers the transmitting end to perform RRC reestablishment or the receiving end reconfigures the DRB.
11. A method of communication, comprising:
a sending end receives a first message from a receiving end, wherein the first message is used for indicating that integrity check failure occurs;
and the sending end sends a response to the first message to the receiving end according to the first message, wherein the response is integrity protected.
12. The method of claim 11, wherein the first message is a packet data convergence protocol PDCP control protocol data unit, PDU, associated with a data radio bearer, DRB, wherein a first packet integrity check on the DRB fails; or
The first message is a Radio Resource Control (RRC) message, and the RRC message is used for indicating that the integrity check failure occurs.
13. The method of claim 12, wherein the first message comprises a COUNT value of the first packet or a PDCP sequence number, SN, of the first packet.
14. The method according to any one of claims 11 to 13,
the response is a second data packet generated by the transmitting end, the format of the second data packet is the same as that of the PDCP data PDU of the DRB, the second data packet comprises first indication information, and the first indication information is used for indicating that the second data packet is the response; or
The response is an RRC message, the RRC message is carried on the DRB and has the same format with a PDCP data PDU of the DRB, the RRC message comprises second indication information, and the second indication information is used for indicating that the RRC message is the response; or
The response is a service data packet carried on the DRB;
wherein the first packet integrity check on the DRB fails.
15. The method of claim 14, wherein the second packet comprises a COUNT value or a PDCP SN that is greater than the COUNT value or the PDCP SN of the first packet.
16. A communications device, characterized in that it comprises means for performing the method of any of claims 1 to 10.
17. A communications device, characterized in that it comprises means for performing the method of any of claims 10 to 15.
18. A computer storage medium storing program instructions that, when executed, cause a communication device to perform the method of any one of claims 1 to 10.
19. A computer storage medium storing program instructions that, when executed, cause a communication device to perform the method of any one of claims 11 to 15.
CN201810646081.0A 2018-06-21 2018-06-21 Communication method and device Pending CN110636507A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810646081.0A CN110636507A (en) 2018-06-21 2018-06-21 Communication method and device
PCT/CN2019/092055 WO2019242680A1 (en) 2018-06-21 2019-06-20 Communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810646081.0A CN110636507A (en) 2018-06-21 2018-06-21 Communication method and device

Publications (1)

Publication Number Publication Date
CN110636507A true CN110636507A (en) 2019-12-31

Family

ID=68966343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810646081.0A Pending CN110636507A (en) 2018-06-21 2018-06-21 Communication method and device

Country Status (2)

Country Link
CN (1) CN110636507A (en)
WO (1) WO2019242680A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333773A (en) * 2020-11-24 2021-02-05 展讯半导体(成都)有限公司 Communication processing method, device, apparatus and storage medium
WO2021238668A1 (en) * 2020-05-28 2021-12-02 华为技术有限公司 Communication method and apparatus
WO2023041016A1 (en) * 2021-09-18 2023-03-23 维沃移动通信有限公司 Method and device for indicating state variable of multicast service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010121408A1 (en) * 2009-04-20 2010-10-28 深圳华为通信技术有限公司 Processing method, device and system for message integrity protection checking failure
CN102714794A (en) * 2010-02-02 2012-10-03 Lg电子株式会社 Method of selectively applying a pdcp function in wireless communication system
EP2288195A3 (en) * 2009-08-20 2014-08-20 Samsung Electronics Co., Ltd. Method and apparatus for reducing overhead for integrity check of data in wireless communication system
EP3331314A1 (en) * 2016-12-02 2018-06-06 HTC Corporation Handling data transmissions after detecting a failure in a wireless communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010121408A1 (en) * 2009-04-20 2010-10-28 深圳华为通信技术有限公司 Processing method, device and system for message integrity protection checking failure
EP2288195A3 (en) * 2009-08-20 2014-08-20 Samsung Electronics Co., Ltd. Method and apparatus for reducing overhead for integrity check of data in wireless communication system
CN102714794A (en) * 2010-02-02 2012-10-03 Lg电子株式会社 Method of selectively applying a pdcp function in wireless communication system
EP3331314A1 (en) * 2016-12-02 2018-06-06 HTC Corporation Handling data transmissions after detecting a failure in a wireless communication system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021238668A1 (en) * 2020-05-28 2021-12-02 华为技术有限公司 Communication method and apparatus
CN112333773A (en) * 2020-11-24 2021-02-05 展讯半导体(成都)有限公司 Communication processing method, device, apparatus and storage medium
CN112333773B (en) * 2020-11-24 2023-11-03 展讯半导体(成都)有限公司 Communication processing method, device, apparatus and storage medium
WO2023041016A1 (en) * 2021-09-18 2023-03-23 维沃移动通信有限公司 Method and device for indicating state variable of multicast service

Also Published As

Publication number Publication date
WO2019242680A1 (en) 2019-12-26

Similar Documents

Publication Publication Date Title
WO2018224013A1 (en) Beam failure processing method, terminal and network device
US11818701B2 (en) Apparatus and method for decoding a PDSCH using pre-emption
CN111034343A (en) Method and system for handling packet repetition and recovery of RBs in wireless communication system
CN108631951B (en) Retransmission processing method and equipment
CN110463239B (en) Data transmission method, terminal equipment and network equipment
EP3637892B1 (en) Data transmission method, terminal device, and network device
CN110636507A (en) Communication method and device
CN109150413B (en) Method and device for sending and receiving feedback information
WO2018137563A1 (en) Method for sending and receiving feedback information, access network device and terminal device
CN113660692B (en) Protocol data unit generation method, configuration method, device and electronic equipment
CN111556506B (en) Abnormal link processing method and equipment
US11553382B2 (en) Key change procedure
EP3550909B1 (en) Method for transmitting data in multi-carrier based communication, terminal device and network device
CN109392045B (en) Apparatus and method for handling handover
CN115552940A (en) Partial integrity protection in a telecommunications system
EP3576328B1 (en) Data transmission method and apparatus
WO2019090626A1 (en) Data retransmission method and device
CN108184234A (en) Handle the device and method of data transmission
EP3860209B1 (en) Data transmission method and device
CN114205874A (en) Communication method and device
KR20200084002A (en) Information transmission method, network device and terminal device
WO2020164510A1 (en) Communication method, communication apparatus, and computer-readable storage medium
CN116783986A (en) Method and device for data transmission processing
CN111684747B (en) Method and terminal equipment for transmitting information
CN105376740B (en) safe reconstruction method, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191231