CN111800372A - Data transmission method and equipment - Google Patents

Data transmission method and equipment Download PDF

Info

Publication number
CN111800372A
CN111800372A CN201910662837.5A CN201910662837A CN111800372A CN 111800372 A CN111800372 A CN 111800372A CN 201910662837 A CN201910662837 A CN 201910662837A CN 111800372 A CN111800372 A CN 111800372A
Authority
CN
China
Prior art keywords
data
information
packet header
indication information
indicate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910662837.5A
Other languages
Chinese (zh)
Inventor
鲍炜
杨晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to CN201910662837.5A priority Critical patent/CN111800372A/en
Publication of CN111800372A publication Critical patent/CN111800372A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/04Protocols for data compression, e.g. ROHC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a data transmission method and equipment, relates to the technical field of communication, and aims to solve the problem of data transmission failure in a sidelink data transmission process. The method comprises the following steps: according to the first information, first data is sent to the second UE; the first information is used for indicating whether a first UE executes a first operation; the first operation includes at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.

Description

Data transmission method and equipment
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data transmission method and device.
Background
Currently, in sidelink (sidelink) transmission, when data transmission is performed between User Equipments (UEs), a security protection function may be started, for example, operations such as encryption, packet header compression, and integrity protection are performed on the transmitted data, so as to improve the security of data transmission between UEs. In general, the security protection function between UEs is usually turned on at the UE level, that is, all data transmitted between two UEs is turned on or off.
However, since part of the communication system may turn on or off different security protection functions for different service data, when the sidelink needs to transmit the service data, it is likely to cause a failure in transmission of the sidelink data.
Disclosure of Invention
The embodiment of the invention provides a data transmission method and equipment, which are used for solving the problem of data transmission failure in the sidelink data transmission process.
In order to solve the technical problem, the present application is implemented as follows:
in a first aspect, an embodiment of the present invention provides a data transmission method, which is applied to a first UE, and the method includes:
according to the first information, first data is sent to the second UE;
the first information is used for indicating whether a first UE executes a first operation;
the first operation includes at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
In a second aspect, an embodiment of the present invention provides a data transmission method, which is applied to a second UE, and the method includes:
receiving first data from a first UE;
determining whether to execute a second operation according to the first information;
the first information is used for indicating whether a second UE executes a second operation on the first data; the second operation includes at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
In a third aspect, an embodiment of the present invention provides a first UE, including:
a sending module, configured to send first data to the second UE according to the first information;
the first information is used for indicating whether a first UE executes a first operation;
the first operation includes at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
In a fourth aspect, an embodiment of the present invention provides a second UE, including:
a receiving module, configured to receive first data from a first UE;
the determining module is used for determining whether to execute the second operation according to the first information;
the first information is used for indicating whether a second UE executes a second operation on the first data; the second operation includes at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
In a fifth aspect, an embodiment of the present invention provides a UE, including a processor, a memory, and a computer program stored on the memory and executable on the processor, where the computer program, when executed by the processor, implements the steps of the data transmission method according to the first aspect.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the data transmission method as described above.
In the embodiment of the present invention, the first UE sends the first data to the second UE based on the first information, and since the first information is used to indicate whether the first UE performs the first operation (i.e., performs the security and/or packet header compression operation on the first data), after the second UE receives the first data from the first UE, it may be determined whether to perform the second operation (i.e., performs the security and/or packet header decompression operation on the first data) according to the first information. Therefore, the first UE informs the second UE of which security and data packet header compression operations are adopted by different data through the first information, so that the second UE can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of the communication system is improved.
Drawings
Fig. 1 is a schematic diagram of a possible structure of a communication system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a data transmission method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a UE according to an embodiment of the present invention;
fig. 4 is a second schematic structural diagram of a UE according to the embodiment of the present invention;
fig. 5 is a schematic diagram of a hardware structure of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that "/" in this context means "or", for example, A/B may mean A or B; "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone.
It should be noted that, for the convenience of clearly describing the technical solutions of the embodiments of the present application, in the embodiments of the present application, the terms "first", "second", and the like are used to distinguish the same items or similar items with basically the same functions or actions, and those skilled in the art can understand that the terms "first", "second", and the like do not limit the quantity and execution order. For example, the first and second operations are for distinguishing between different operations and are not intended to describe a particular order of operations.
It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the embodiments of the present invention, "of", "corresponding" and "corresponding" may be mixed, and it should be noted that the intended meaning is consistent when the difference is not emphasized. The meaning of "a plurality" in the embodiments of the present application means two or more.
The technical scheme provided by the invention can be applied to various communication systems, such as a 5G communication system, a future evolution system or a plurality of communication convergence systems and the like. A variety of application scenarios may be included, for example, scenarios such as Machine to Machine (M2M), D2M, macro and micro Communication, enhanced Mobile Broadband (eMBB), ultra high reliability and ultra Low Latency Communication (urrllc), and mass internet of things Communication (mtc). These scenarios include, but are not limited to: communication between terminal devices, communication between network devices and terminal devices, and the like. The embodiment of the invention can be applied to the communication between the UE and the UE in a 5G communication system.
Fig. 1 shows a schematic diagram of a possible structure of a communication system according to an embodiment of the present invention. As shown in fig. 1, the communication system includes a network device 10, a UE11 to which the network device 10 is connected, and at least one UE12 (shown in fig. 1 as three UEs 12) connected with a UE 11.
The network device 10 may be a base station, a core network device, a transmission and Reception node (TRP), a relay station, an access Point, or the like. The network device 10 may be a Base Transceiver Station (BTS) in a Global System for Mobile communication (GSM) or Code Division Multiple Access (CDMA) network, or may be an nb (nodeb) in Wideband Code Division Multiple Access (WCDMA), or may be an eNB or enodeb (evolved nodeb) in LTE. The Network device 10 may also be a wireless controller in a Cloud Radio Access Network (CRAN) scenario. The network device 10 may also be a network device in a 5G communication system or a network device in a future evolution network. The words used are not to be construed as limitations of the invention.
The aforementioned UEs 11 and 12 may be wireless terminal devices or wired terminal devices, which may be devices that provide voice and/or other traffic data connectivity to a user, handheld devices with wireless communication capabilities, computing devices or other processing devices connected to wireless modems, vehicle mounted devices, wearable devices, terminal devices in future 5G networks or terminal devices in future evolved PLMN networks, and the like. A Wireless terminal device may communicate with one or more core networks via a Radio Access Network (RAN), and may be a mobile terminal device, such as a mobile phone (or "cellular" phone) and a computer with a mobile terminal device, for example, a portable, pocket, hand-held, computer-embedded or vehicle-mounted mobile device, which exchanges languages and/or data with the RAN, and Personal Communication Service (PCS) phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), and the like, and may also be a mobile device, a UE terminal device, an Access terminal device, a Wireless communication device, a terminal device unit, a terminal device, A Mobile Station (Mobile Station), a Mobile Station (Mobile), a Remote Station (Remote Station), a Remote Station, a Remote Terminal equipment (Remote Terminal), a Subscriber Unit (Subscriber Unit), a Subscriber Station (Subscriber Station), a User Agent (User Agent), a Terminal equipment device, and the like. As an example, in the embodiment of the present invention, fig. 1 illustrates that the UE is a mobile phone.
The first embodiment is as follows:
fig. 2 shows a schematic flowchart of a data transmission method according to an embodiment of the present invention, and as shown in fig. 2, the data transmission method may include:
step 201: and the first UE sends first data to the second UE according to the first information.
Step 202: the second UE receives the first data from the first UE.
Step 203: the second UE determines whether to perform a second operation according to the first information.
In this embodiment of the present invention, the first data may be a data packet, or may be a service data stream of one or more services, or may be data transmitted on one or more bearers (for example, may be all data transmitted on one or more bearers).
In an embodiment of the present invention, the first information is used to indicate whether the first UE performs the first operation. The first operation includes at least one of: the first data are encrypted, the integrity of the first data are protected, and the data packet header of the first data is compressed. Wherein, the integrity protection means: and in the data transmission and storage process, the operation of ensuring that the data is not tampered is carried out.
In this embodiment of the present invention, the first information is used to indicate whether the second UE performs the second operation; the second operation includes at least one of: decrypting the first data, verifying the integrity of the first data, and decompressing the data packet header of the first data. Wherein, the integrity verification means: and verifying whether the received data is tampered.
In the embodiment of the present invention, when a first UE encrypts first data, a corresponding second UE decrypts the first data, that is, when the first UE performs a first operation, the first operation includes an operation of encrypting the first data, and the corresponding second UE performs a second operation, the second operation includes an operation of decrypting the first data; when the first UE performs integrity protection on the first data, the corresponding second UE performs integrity verification on the first data, that is, when the first UE performs the first operation including an operation of integrity protection on the first data, the corresponding second UE performs the second operation including an operation of integrity verification on the first data; when the first UE compresses the packet header of the first data, the corresponding second UE decompresses the packet header of the first data, that is, when the first UE performs the first operation including an operation of compressing the packet header of the first data, the corresponding second UE performs the second operation including an operation of decompressing the packet header of the first data.
The above-mentioned packet header compression may also be simply referred to as: header compression, the above packet header decompression may also be referred to as: and (5) decompressing the header. In addition, the above-mentioned encrypting the first data and protecting the integrity of the first data may be collectively referred to as a security operation on the first data, and correspondingly, the above-mentioned decrypting the first data and verifying the integrity of the first data may be collectively referred to as a security-removing operation on the first data.
Optionally, in this embodiment of the present invention, for the first UE, the first information is used to indicate at least one of the following: whether to encrypt the first data, whether to protect the integrity of the first data, whether to compress the first data header, the mapping relationship between the data stream and the channel, the mapping relationship between the bearer and the channel, the security algorithm supported by the UE, the header compression algorithm supported by the UE, and the Maximum Context Identifier (MAX CID) of header compression supported by the UE.
Optionally, in this embodiment of the present invention, for the first UE, the first information may include at least one of the following: the information indicating whether the first UE encrypts the first data, the information indicating whether to protect the integrity of the first data, the information indicating whether to compress the first data header, the mapping relationship between the data stream and the channel, the mapping relationship between the bearer and the channel, the supported security algorithm, the supported header compression algorithm, and the MAX CID supporting header compression.
Optionally, in this embodiment of the present invention, for the second UE, the first information is used to indicate at least one of the following: whether the first data is decrypted or not, whether the integrity of the first data is verified or not, whether the first data is subjected to header decompression or not, a mapping relation between a data stream and a channel, a mapping relation between a load and a channel, a decompression security algorithm supported by the UE, a header decompression algorithm supported by the UE, and an MAX CID of header compression supported by the UE.
Optionally, in this embodiment of the present invention, for the second UE, the first information may include at least one of the following: the information indicating whether the first UE decrypts the first data, the information indicating whether the integrity of the first data is verified, the information indicating whether the first data is decapsulated and compressed, a mapping relationship between a data stream and a channel, a mapping relationship between a bearer and a channel, a supported decapsulation algorithm, a supported decapsulation compression algorithm, and a MAX that supports header compression.
For example, the mapping relationship between the data stream and the channel described above refers to: mapping relation between different security operations and different channels. Wherein, taking the data flow as granularity, different security operations are executed for different data flows.
For example, the mapping relationship between the bearers and the channels described above refers to: mapping relation between different security operations and different channels. The bearer is used as granularity, different security operations are configured for different bearers, that is, the same security operation is executed for all data transmitted on the same bearer.
Wherein the security operation in the present application comprises a third operation or a fourth operation, and the third operation comprises at least one of the following: whether to encrypt the data, whether to protect the integrity of the data, whether to compress the header of the data packet of the data, and a fourth operation including at least one of: whether to decrypt the data, whether to verify the integrity of the data, whether to decompress the packet header of the data.
It should be noted that, the mapping relationship between the data stream and the channel may also be pre-configured by the network device to the first UE and/or the second UE. Similarly, the mapping relationship between the bearers and the channels may also be pre-configured by the network device to the first UE and/or the second UE.
To illustrate, for whether the first UE encrypts data, whether it integrity protects data, and whether it compresses a data header, the following are some typical configuration examples:
example a 1: and carrying out encryption and integrity protection operations on data with high security level requirements.
Example a 2: the encryption operation is carried out on the data with general security level requirements, and the integrity protection operation is not carried out, so that the processing time delay can be reduced on one hand, and the overhead can be reduced on the other hand.
Example a 3: and when the data needing integrity protection operation exceeds the processing capability of the UE, performing integrity protection operation on the most important data and not performing integrity protection operation on other data.
Example a 4: for data without security requirement, such as broadcast advertisement service, it is desirable that as many UEs as possible can receive the data, and at this time, neither ciphering nor integrity protection is performed on the data.
Example a 5: for the IP data packet, whether to start header compression can be determined according to the service characteristics, for example, overhead is saved by performing header compression on the IP data packet with low latency requirement, and header compression does not need to be started for the IP data packet with very high latency requirement.
Example a 6: for the IP data packet, whether to start header compression can be determined according to the proportion of the effective load part and the header part of the IP data packet, when the ratio of the effective load to the header part is smaller, header compression operation is carried out on the IP data packet, and when the ratio of the effective load to the header part is larger, header compression operation is carried out on the IP data packet. For example, in the case of VoIP traffic, header compression efficiency is very high when the payload is several tens of bytes and the IP header is about 40 bytes, and the header compression can be performed on the IP packet, whereas in the case of TCP/IP traffic, the header compression efficiency is not high even when the payload is up to several kilobytes and the IP header is about 40 bytes, and the header compression may not be performed on the IP packet.
It should be noted that, when the first UE determines to perform header compression on the first data, configuration parameters of the header compression may be determined according to processing capabilities of the two UEs (i.e., the first UE and the second UE) regarding the header compression. By way of example, example 1: regarding the header compression algorithm, an algorithm with higher compression efficiency supported by both end UEs may be selected; example 2: regarding the maximum identification number of the header compression context, it is necessary to consider the processing capacity of both ends with respect to the compressed stream and the decompressed stream, and take a commonly supported part.
Optionally, in an embodiment of the present invention, the step 201 may specifically include a step 201a, and the step 202 may specifically include a step 202 a:
step 201 a: the first UE transmits first data to the second UE on a first channel.
Step 202 a: the second UE receives first data from the first UE on a first channel.
Illustratively, the first channel may be a logical channel.
For example, after determining what security operation is performed on the first data, the first UE determines a first channel corresponding to the first data according to the determined security operation and the mapping relationship between the security operation and the channel, then transmits the first data to the second UE on the first channel, and after receiving the first data from the first channel, the second UE determines what security operation is performed on the first data by the first UE based on the mapping relationship between the security operation and the channel, and performs a security relief on the first data by using the corresponding security operation.
For example, if a first UE performs integrity protection or ciphering on a certain data, the certain data is transmitted on logical channels with IDs of 1 to 5, if the first UE does not perform integrity protection or ciphering on the certain data, the certain data is transmitted on logical channels with IDs of 6 to 15, if the first UE performs header compression on the certain data, the certain data is transmitted on logical channels with IDs of 3 to 5, and if the first UE does not perform header compression on the certain data, the certain data is transmitted on logical channels with IDs of 6 to 9.
Optionally, in an embodiment of the present invention, the first information includes at least one of the following:
1) which security operation the first UE needs to perform on the data to be transmitted.
2) The respective processing capabilities of the first UE and the second UE.
3) And when certain safety operation is executed aiming at the data to be transmitted, configuring parameters of the certain safety operation.
The processing capability of the first UE may include: the encryption capacity of the data, the safety protection capacity of the data and the header compression capacity of the data. The processing capability of the second UE includes at least one of: the data decryption capability, the data security verification capability and the data de-header compression capability.
For example, the above security verification capability for data refers to whether the second UE has a maximum or minimum rate supporting an integrity protection function, the above decryption capability for data refers to whether a decryption function is supported, and the above header compression capability for data includes: the maximum context support capability of header compression, a supported compression algorithm list, and the like, and the header decompression capability of data refers to whether a header decompression function is supported or not and information such as a supported compression algorithm list.
In one example, when the first UE and the second UE are connected to a common server (e.g., a function server or a service server), the information may be uniformly coordinated by the server.
For example, when a first UE initiates a certain service, a request message is first sent to a server, and the server determines which security operation is to be performed on the service and configuration parameters of the security operation according to characteristics of the service, that is, the first UE performs the same security operation on all data in the service when sending the service. Then, when the server determines that the service executes a certain security operation, the server determines a configuration parameter of the certain security operation according to the acquired processing capabilities of the first UE and the second UE, and then configures the configuration parameter to the first UE and the second UE respectively. Thus, the first UE may perform a corresponding security operation on the service according to the configuration parameter of the certain security operation, and the second UE may also perform the certain security operation on the service according to the same configuration parameter.
In another example, when the first UE and the second UE are not connected to a common server, coordination and configuration of the first UE and the second UE by the server may not be achieved.
Example b1, the first UE or the second UE may obtain the configuration parameters in a pre-configured manner, e.g., protocol-specified (e.g., network-specified), or pre-defined (e.g., algorithm preset, etc.).
Example b2, when the first UE or the second UE can connect to the server, the configuration parameters may be obtained from the server and then sent to the UE on the other end, for example, the first UE may connect to the server, and then the first UE sends the configuration parameters to the second UE after obtaining the configuration parameters.
For example, when neither the first UE nor the second UE can be connected to the server, if the first UE is about to initiate a service, it is determined which security operation is performed on the service according to the service characteristics of the service, and the first UE may request the processing capability of the second UE from the second UE. The first UE determines a configuration parameter of certain security operation finally executed for the service through the processing capability of the UE at the two ends, and sends the configuration parameter to the second UE. Thus, the first UE may perform the certain security operation on the service according to the configuration parameter, and the second UE may also perform the corresponding security operation according to the same configuration parameter.
It should be noted that, for configuration parameters such as security algorithms and security keys supported by the UE, negotiation and interaction can be performed through Non-Access Stratum (NAS) signaling (similar to core network signaling) between the UEs. For other configuration parameters (e.g., MAX CID for header compression, header compression algorithm, etc.), when the sidelink transmission is in the form of unicast transmission, the interaction and configuration may also be performed through RRC signaling. In addition, when sidelink transmission is in the form of multicast and broadcast transmission, since the transmission form does not support RRC signaling, in this case, the other configuration parameters may be determined by a standard default or pre-configured manner, for example, the default MAX CID for header compression supports 15, and the header compression algorithm supports the minimum set. Of course, all the configuration parameters described above can be negotiated and interacted through core network signaling.
Optionally, in an embodiment of the present invention, before the step 201, the method further includes a step 201b, and before the step 202, the method further includes a step 202 b:
step 201 b: the first UE sends the first information to the second UE.
Step 202 b: the second UE receives the first information from the first UE.
In this way, the second UE may perform a correlation operation on the first data received later according to the information indicated by the first information.
For the above step 201a, the first UE may be implemented by the following three implementation manners:
in a first possible implementation:
illustratively, the step 201b specifically includes the following step a1, and the step 202b specifically includes the following step a 2:
step A1: and the first UE sends the first information to the second UE through core network signaling.
Step A2: and the second UE receives the first information from the first UE through core network signaling.
It should be noted that the interactive process based on core network signaling can only distinguish which security operation is performed based on UE level or service level. For example, after the UE at both ends coordinates, all the subsequently transmitted data all perform the same security operation, or perform the same security operation for a certain service, and after the service transmission is finished, the security operation performed for the next service needs to be reconfigured.
Illustratively, when the first information is transmitted through core network signaling, the first information includes a mapping relationship between the data stream and the channel.
For example, the core network signaling distinguishes the security and/or header compression operations of different services transmitted simultaneously or different data streams of the same service, for example, some data streams are integrity protected, and other data streams are not integrity protected; or, some data streams are subjected to header compression operation, other data streams are not subjected to header compression operation, and the data streams subjected to different operations are transmitted through different channels, that is, a mapping relation between the core network data stream and RAN-side parameters (for example, logical channels) is defined.
In a second possible implementation:
for example, the step 201B specifically includes the following step B1, and the step 202B specifically includes the following step B2:
step B1: the first UE sends the first information to the second UE through Radio Resource Control (RRC) signaling.
Step B2: the second UE receives the first information from the first UE through RRC signaling.
For example, before step B1, the second UE may report the processing capability of the second UE to the first UE.
Illustratively, the second UE sends the processing capability of the second UE to the first UE through RRC signaling.
Illustratively, when the first information is transmitted through RRC signaling, the first information includes a mapping relationship between the bearers and the channels.
For example, after the first UE and the second UE configure the security and/or header compression configuration parameters related to the bearer level, due to a fixed binding relationship between the bearer and the logical channel, when the first UE sends a data packet on a specific logical channel, the data packet carries the channel ID of the logical channel, and after the second UE receives the data on the logical channel, the second UE can learn the corresponding bearer through the logical channel ID.
In a third possible implementation:
for example, the step 201b specifically includes the following step C1, and the step 202b specifically includes the following step C2:
step C1: the first UE transmits the first information to the second UE through a control Protocol Data Unit (control pdu).
Step C2: the second UE receives the first information from the first UE through a control PDU.
For example, the control PDU may be a Packet Data Convergence Protocol (PDCP) layer control PDU. It should be noted that the PDCP layer is only an example, and in practical applications, the control PDU of another protocol layer may also be used to transmit the first information, which is not limited in the embodiment of the present invention.
It should be noted that before the first UE sends the first information to the second UE through the control PDU, configuration parameters related to the UE processing capability generally need to be configured to the two UEs.
Illustratively, one control PDU entity corresponds to one channel, i.e., the first information is transmitted on the channel corresponding to the control PDU.
For example, when a first UE sends a new service, a new bearer and a logical channel are established, and before the first UE sends target data (i.e., service data of the new service), first information is sent to a second UE via a control PDU, where the first information is used to indicate whether the first UE performs a third operation on the target data, and the third operation includes at least one of: whether to encrypt the data, whether to protect the integrity of the data, and whether to compress the packet header of the data. The target data includes first data, that is, the first data is part or all of the target data.
In an example, one control PDU corresponds to at least one bearer, that is, the target data is data transmitted on a target bearer, so that after receiving the control PDU, the second UE can accurately know which operations the first UE will perform on the data transmitted on the target bearer, and further can correctly process a data packet subsequently transmitted on the target bearer.
Illustratively, the first UE repeatedly transmits the first information to the second UE a plurality of times through the control PDU to improve the transmission reliability of the first information, thereby ensuring that the second UE can successfully receive the first information.
Illustratively, the first UE periodically transmits the first information to the second UE through the control PDU, so that the second UE joining later can also receive the first information.
Optionally, in this embodiment of the present invention, after the first information is changed, the first UE may resend the changed first information to the second UE through a control PDU.
It should be noted that, for the sake of security, the PDCP control PDU used for notification may also be integrity protected, and it is assigned a Sequence Number (SN) according to a Data protocol Data unit (Data PDU) for integrity protection and integrity verification, and only the content of the PDCP control PDU that passes the verification is valid. In one example, integrity protection is performed for PDCP control PDUs informing of security association or integrity protection, and integrity protection may not be performed for PDCP control PDUs informing of header compression.
Optionally, in an embodiment of the present invention, the first information is at least one of the following: and the information in the packet header of the first data is used for indicating the data format of the first data. For example, the first information may be information in a packet header of the first data, may also be information indicating a data format of the first data, and may also be information in a packet header of the first data and information indicating a data format of the first data.
Optionally, in this embodiment of the present invention, when the first information is information in a packet header of first data, the information in the packet header of the first data includes at least one of the following items: the first indication information in the data packet header of the first data, the second indication information in the data packet header of the first data, and the third indication information in the data packet header of the first data.
For example, for a first UE, the first indication information is used to indicate whether the first UE encrypts the first data; the second indication information is used to indicate whether the first UE is integrity protected for the first data; the third indication information is used to indicate whether the first UE compresses the header of the first data packet.
For example, for a second UE, the first indication information is used to indicate whether the second UE decrypts the first data; the second indication information is used to indicate whether the second UE verifies the integrity of the first data; the third indication information is used to indicate whether the second UE decompresses the packet header of the first data.
For example, for an example that the first data is a data packet, the embodiment of the present invention may add an indication of 1bit to each security operation in the header of each data PDU to indicate whether to start the security operation.
In one example, one 1-bit Data protocol Data unit header field (Data PDU header field) is used to indicate whether the ciphering function is turned on, another 1-bit Data PDU header field is used to indicate whether the integrity protection function is turned on, and yet another 1-bit Data PDU header field is used to indicate whether the header compression function is turned on. It should be noted that the 3 bit fields may be set in the protocol standard according to actual needs, specifically, may be set to support all 3 bits, may also be set to support 2 bits, and even support only 1 bit.
In another example, a header of a data PDU can indicate whether to initiate various security operations by adding 1bit field.
Illustratively, when a first UE sends a Data packet to a second UE, the first UE determines whether to start encryption, integrity protection, and header compression operations according to the Data, and assigns a value to a related domain corresponding to each security operation in a Data PDU header. When receiving the Data packet sent by the first UE, the second UE can explicitly know whether operations such as decryption, integrity verification, decompression, and the like are required to be performed on the Data according to the relevant field of the Data PDU header in the Data packet, so that the second UE can perform correct operations on the Data packet.
For example, since whether each packet is encrypted, integrity protected, and header compression is indicated independently, whether the security operations are enabled may be determined according to the granularity of each packet, respectively, at the granularity of the packet.
For example, when the first information indicates whether the first UE performs the first operation, the data format of the first data may be different. Specific examples are as follows:
example c 1: the data format of the first data in the case that the first information is specifically used to indicate that the first UE does not encrypt the first data is different from the data format of the first data in the case that the first information is specifically used to indicate that the first UE encrypts the first data.
For example, when the first information specifically indicates that the first UE is not encrypted with the first data, the first data does not have an encryption-related field.
For example, when the first data includes first indication information, and when the first indication information is specifically used to indicate that the first UE is not encrypted with the first data, the first data does not have an encryption-related field.
For example, when the first information specifically indicates that the first UE pair is the first data encryption, the first data has a domain related to encryption.
For example, when the first data includes first indication information, and when the first indication information is specifically used to indicate that the first UE pair is the first data encryption, the first data has a domain related to encryption.
Example c 2: the data format of the first data is different when the first information is specifically used for indicating that the first UE performs integrity protection on the first data from the data format of the first data when the first information is specifically used for indicating that the first UE does not perform integrity protection on the first data.
For example, when the first information is specifically used to instruct the first UE to perform integrity protection on the first data, the first data has an integrity protection Message Authentication Code (MAC-I) field.
For example, in a case that the first information is specifically used to indicate that the first UE does not perform integrity protection on the first data, the first data does not have a MAC-I field.
For example, when the second indication information is specifically used to indicate that the first UE performs integrity protection on the first data, the first data has a MAC-I field.
For example, in a case that the second indication information is specifically used to indicate that the first UE does not perform integrity protection on the first data, the first data does not have a MAC-I field.
Example c 3: the data format of the first data in the case that the first information is specifically used to indicate that the first UE does not encrypt and perform integrity protection on the first data is different from the data format of the first data in the case that the first information is specifically used to indicate that the first UE encrypts and performs integrity protection on the first data.
For example, in a case where the first information is specifically used to indicate that the first UE does not encrypt and perform integrity protection on the first data, the first data does not have an SN field.
For example, in a case where the first information is specifically used to instruct the first UE to encrypt and perform integrity protection on the first data, the first data has an SN domain.
For example, when the first indication information is specifically used to indicate that the first UE does not encrypt the first data, and the second indication information is specifically used to indicate that the first UE does not perform integrity protection on the first data, the first data does not have an SN domain.
For example, when the first indication information is specifically used to indicate the first UE to encrypt the first data, and the second indication information is specifically used to indicate the first UE to perform integrity protection on the first data, the first data has an SN domain.
For example, when the first information is used to indicate whether the second UE performs the second operation on the first data, the data format of the first data may be different, and the different data format corresponds to the different second operation. Specific examples are as follows:
example d 1: in a case where the first data does not include an encryption-related field, the first information is specifically used to instruct the second UE not to decrypt the first data.
Example d 2: in a case that the first data includes a MAC-I field, the first information is specifically used to instruct the second UE to perform integrity verification on the first data.
Example d 3: in a case that the first data does not include the MAC-I field, the first information is specifically used to instruct the second UE not to perform integrity verification on the first data.
Example d 4: in a case that the first data does not include the SN field, the first information is specifically used to instruct the second UE not to decrypt and perform integrity verification on the first data.
Illustratively, the first UE and the second UE decide which format to adopt for data transmission and reception through a security indication field (i.e. the first indication information, the second indication information, and the third indication information mentioned above) in the packet header. The same data format may be adopted, but only when the security is opened, the first UE sets the relevant domain according to the function requirement, and the second UE also reads the relevant domain (for example, MAC-I and SN) to perform the corresponding security operation, when the security operation is not opened, the first UE directly assigns the relevant domain to 0, and the second UE does not need to read and directly ignores the domain.
It should be noted that, for the integrity protection function, since the security requirement is unique, in order to prevent a false packet in which an attacker inserts a header format indicating that integrity protection is not opened in a data packet in which integrity protection is opened in order, a logical channel in which integrity protection is opened needs to be specified, all data must be integrity protected, and once a data packet in which integrity protection is not opened is displayed in a header format in the middle is encountered, direct packet deletion processing is adopted, and optionally, such an error condition may be reported.
In the data transmission method provided in the embodiment of the present invention, the first UE sends the first data to the second UE based on the first information, and since the first information is used to indicate whether the first UE performs the first operation (i.e., security and/or packet header compression operation), after the second UE receives the first data from the first UE, it may be determined whether to perform the second operation (i.e., security and/or packet header decompression operation) according to the first information. Therefore, the first UE informs the second UE of which security and data packet header compression operations are adopted by different data through the first information, so that the second UE can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of the communication system is improved.
Example two:
fig. 3 is a schematic diagram of a possible structure of a first UE according to an embodiment of the present invention, and as shown in fig. 3, the first user equipment 400 includes:
a sending module 401, configured to send first data to the second UE according to the first information.
The first information is used for indicating whether a first UE executes a first operation; the first operation includes at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
Optionally, the sending module 401 is further configured to send the first information to the second UE through radio resource control RRC signaling or core network signaling.
Optionally, the sending module 401 is further configured to send the first information to the second UE through a control protocol data unit PDU.
Optionally, the first information includes information in a packet header of the first data.
Optionally, the information in the packet header of the first data includes at least one of the following: first indication information in a packet header of the first data, second indication information in a packet header of the first data, and third indication information in a packet header of the first data; wherein the first indication information is used for indicating whether the first UE encrypts the first data; the second indication information is used for indicating whether the first UE protects the integrity of the first data; the third indication information is used to indicate whether the first UE compresses the header of the first data packet.
Optionally, the data format of the first data when the first information is specifically used to indicate that the first UE does not encrypt the first data is different from the data format of the first data when the first information is specifically used to indicate that the first UE encrypts the first data.
Optionally, the data format of the first data when the first information is specifically used to indicate that the first UE performs integrity protection on the first data is different from the data format of the first data when the first information is specifically used to indicate that the first UE does not perform integrity protection on the first data.
Optionally, the data format of the first data when the first information is specifically used to indicate that the first UE does not encrypt and perform integrity protection on the first data is different from the data format of the first data when the first information is specifically used to indicate that the first UE encrypts and performs integrity protection on the first data.
In the first UE provided in the embodiment of the present invention, the first UE sends the first data to the second UE based on the first information, and since the first information is used to indicate whether the first UE performs the first operation (i.e., performs the security and/or header compression operation on the first data), after the second UE receives the first data from the first UE, it may be determined whether to perform the second operation (i.e., performs the security and/or header decompression operation on the first data) according to the first information. Therefore, the first UE informs the second UE of which security and data packet header compression operations are adopted by different data through the first information, so that the second UE can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of the communication system is improved.
The first UE according to the embodiment of the present invention can implement the process shown in fig. 2 in the foregoing method embodiment, and is not described here again to avoid repetition.
Example three:
fig. 4 is a schematic diagram of a possible structure of a second UE according to an embodiment of the present invention, and as shown in fig. 4, the second user equipment 500 includes:
a receiving module 501, configured to receive first data from a first UE.
A determining module 502, configured to determine whether to perform the second operation according to the first information. The first information is used for indicating whether a second UE executes a second operation on the first data; the second operation includes at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
Optionally, the receiving module 501 is further configured to receive the first information from the first UE through radio resource control RRC signaling or core network signaling.
Optionally, the receiving module 501 is further configured to receive the first information from the first UE through a control protocol data unit PDU.
Optionally, the first information includes information in a packet header of the first data.
Optionally, the information in the packet header of the first data includes at least one of the following: first indication information in a packet header of the first data, second indication information in a packet header of the first data, and third indication information in a packet header of the first data; wherein the first indication information is used for indicating whether the second UE decrypts the first data; the second indication information is used for indicating whether the second UE verifies the integrity of the first data; the third indication information is used to indicate whether the first UE decompresses the packet header of the first data.
Optionally, in a case that the first data does not include an encryption-related domain, the first information is specifically used to instruct the second UE not to decrypt the first data.
Optionally, when the first data includes an integrity protection message authentication code field, the first information is specifically used to instruct the second UE to perform integrity verification on the first data; or, in a case that the first data does not include an integrity protection message authentication code field, the first information is specifically used to indicate that the second UE does not perform integrity verification on the first data.
Optionally, in a case that the first data does not include a sequence number SN field, the first information is specifically used to indicate that the second UE does not decrypt and integrity-verify the first data.
In the second UE provided in the embodiment of the present invention, after receiving the first data, the second UE may determine whether to perform the second operation (i.e., perform a depreciation and/or a depopulation operation on the first data) based on the first information. Therefore, the first UE informs the second UE of which security and data packet header compression operations are adopted by different data through the first information, so that the second UE can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of the communication system is improved.
The second UE provided in the embodiment of the present invention can implement the process shown in fig. 2 in the foregoing method embodiment, and is not described here again to avoid repetition.
Example four:
take the first UE and the second UE as terminal devices as an example. Fig. 5 is a schematic diagram of a hardware structure of a terminal device for implementing various embodiments of the present invention, where the terminal device 100 includes, but is not limited to: radio frequency unit 101, network module 102, audio output unit 103, input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the configuration of the terminal device 100 shown in fig. 5 does not constitute a limitation of the terminal device, and that the terminal device 100 may include more or less components than those shown, or combine some components, or arrange different components. In the embodiment of the present invention, the terminal device 100 includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal device, a wearable device, a pedometer, and the like.
In the case that the terminal device 100 is a first UE, the radio frequency unit 101 is configured to send first data to a second UE according to the first information; the first information is used for indicating whether a first UE executes a first operation; the first operation includes at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
In the terminal device provided in the embodiment of the present invention, the terminal device sends the first data to the second UE based on the first information, and since the first information is used to indicate whether the terminal device performs the first operation (i.e., performs the security and/or header compression operation on the first data), after the second UE receives the first data from the terminal device, it may be determined whether to perform the second operation (i.e., performs the security and/or header decompression operation on the first data) according to the first information. Therefore, the terminal equipment informs the second UE of which security and data packet header compression operations are adopted by different data through the first information, so that the second UE can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of a communication system is improved.
And/or the presence of a gas in the gas,
in the case that the terminal device 100 is a second UE, a radio frequency unit 101 configured to receive first data from a first UE; a processor 110 for determining whether to perform a second operation according to the first information; the first information is used for indicating whether a second UE executes a second operation on the first data; the second operation includes at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
In the terminal device provided by the embodiment of the present invention, after receiving the first data, the terminal device may determine whether to perform the second operation (i.e., perform the security decoding and/or header decoding compression operation on the first data) based on the first information. Therefore, the first UE informs the terminal equipment of which security and data packet header compression operations are adopted by different data through the first information, so that the terminal equipment can correctly perform security decoding and data packet header decompression operations on the received data, and the energy efficiency of a communication system is improved.
It should be understood that, in the embodiment of the present invention, the radio frequency unit 101 may be used for receiving and sending signals during a message transmission or call process, and specifically, after receiving downlink data from a base station, the downlink data is processed by the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through a wireless communication system.
The terminal device 100 provides the user with wireless broadband internet access via the network module 102, such as helping the user send and receive e-mails, browse web pages, and access streaming media.
The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the network module 102 or stored in the memory 109 into an audio signal and output as sound. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the terminal device 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 includes a speaker, a buzzer, a receiver, and the like.
The input unit 104 is used to receive an audio or video signal. The input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, and the Graphics processor 1041 processes image data of a still picture or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the network module 102. The microphone 1042 may receive sound and may be capable of processing such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode.
The terminal device 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or the backlight when the terminal device 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the terminal device posture (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration identification related functions (such as pedometer, tapping), and the like; the sensors 105 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.
The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the terminal device 100. Specifically, the user input unit 107 includes a touch panel 1071 and other input devices 1072. Touch panel 1071, also referred to as a touch screen, may collect touch operations by a user on or near the touch panel 1071 (e.g., operations by a user on or near touch panel 1071 using a finger, stylus, or any suitable object or attachment). The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and receives and executes commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. Specifically, other input devices 1072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.
Further, the touch panel 1071 may be overlaid on the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although in fig. 5, the touch panel 1071 and the display panel 1061 are two independent components to implement the input and output functions of the terminal device 100, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the terminal device 100, and is not limited herein.
The interface unit 108 is an interface for connecting an external device to the terminal apparatus 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the terminal apparatus 100 or may be used to transmit data between the terminal apparatus 100 and the external device.
The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 110 is a control center of the terminal device 100, connects various parts of the entire terminal device 100 by various interfaces and lines, and performs various functions of the terminal device 100 and processes data by running or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the terminal device 100. Processor 110 may include one or more processing units; alternatively, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.
The terminal device 100 may further include a power supply 111 (such as a battery) for supplying power to each component, and optionally, the power supply 111 may be logically connected to the processor 110 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.
In addition, the terminal device 100 includes some functional modules that are not shown, and are not described in detail here.
Example five:
optionally, an embodiment of the present invention further provides a terminal device, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, where the computer program, when executed by the processor, implements the process of the data transmission method in the foregoing embodiment, and can achieve the same technical effect, and details are not described here to avoid repetition.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements multiple processes of the data transmission method in the foregoing embodiments, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium includes a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that many more modifications and variations can be made without departing from the spirit of the invention and the scope of the appended claims.

Claims (34)

1. A data transmission method is applied to a first User Equipment (UE), and comprises the following steps:
according to the first information, first data is sent to the second UE;
wherein the first information is used for indicating whether a first UE performs a first operation;
the first operation comprises at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
2. The method of claim 1, wherein before sending the first data to the second UE according to the first information, the method further comprises:
and sending the first information to the second UE through Radio Resource Control (RRC) signaling or core network signaling.
3. The method of claim 1, wherein before sending the first data to the second UE according to the first information, the method further comprises:
transmitting the first information to the second UE through a control Protocol Data Unit (PDU).
4. The method of claim 1, wherein the first information comprises information in a packet header of the first data.
5. The method of claim 4, wherein the information in the packet header of the first data comprises at least one of: first indication information in a data packet header of the first data, second indication information in the data packet header of the first data, and third indication information in the data packet header of the first data;
wherein the first indication information is used for indicating whether the first UE encrypts the first data; the second indication information is used for indicating whether the first UE is used for protecting the first data integrity; the third indication information is used for indicating whether the first UE compresses a data packet header of the first data.
6. The method according to claim 1, 4 or 5, wherein a data format of the first data in case the first information is specifically used to indicate that the first UE does not encrypt the first data is different from a data format of the first data in case the first information is specifically used to indicate that the first UE encrypts the first data.
7. The method according to claim 1, 4 or 5, wherein a data format of the first data in case the first information is specifically used for indicating that the first UE performs integrity protection on the first data is different from a data format of the first data in case the first information is specifically used for indicating that the first UE does not perform integrity protection on the first data.
8. The method according to claim 1, 4 or 5, wherein the data format of the first data in case the first information is specifically used for indicating that the first UE does not cipher and perform integrity protection on the first data is different from the data format of the first data in case the first information is specifically used for indicating that the first UE ciphers and performs integrity protection on the first data.
9. A data transmission method is applied to a second User Equipment (UE), and comprises the following steps:
receiving first data from a first UE;
determining whether to execute a second operation according to the first information;
wherein the first information is used for indicating whether a second UE performs a second operation on the first data; the second operation comprises at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
10. The method of claim 9, wherein prior to receiving the first data from the first UE, the method further comprises:
receiving the first information from the first UE through Radio Resource Control (RRC) signaling or core network signaling.
11. The method of claim 9, wherein prior to receiving the first data from the first UE, the method further comprises:
receiving the first information from the first UE through a control Protocol Data Unit (PDU).
12. The method of claim 9, wherein the first information comprises: information in a packet header of the first data.
13. The method of claim 12, wherein the information in the packet header of the first data comprises at least one of: first indication information in a data packet header of the first data, second indication information in the data packet header of the first data, and third indication information in the data packet header of the first data;
wherein the first indication information is used for indicating whether the second UE decrypts the first data; the second indication information is used for indicating whether the second UE verifies the integrity of the first data; the third indication information is used to indicate whether the first UE decompresses a packet header of the first data.
14. The method according to claim 9, 12 or 13, wherein the first information is specifically used to indicate to the second UE not to decrypt the first data in case the first data does not comprise a ciphering related field.
15. The method according to claim 9, 12 or 13, wherein in case the first data comprises an integrity protection message authentication code field, the first information is specifically used to instruct the second UE to perform integrity verification on the first data;
alternatively, the first and second electrodes may be,
the first information is specifically used to indicate that the second UE does not perform integrity verification on the first data, when the first data does not include an integrity protection message authentication code field.
16. The method according to claim 9 or 12 or 13, wherein the first information is specifically used to instruct the second UE not to decrypt and perform integrity verification on the first data, in case the first data does not comprise a sequence number, SN, field.
17. A first User Equipment (UE), comprising:
a sending module, configured to send first data to the second UE according to the first information;
wherein the first information is used for indicating whether a first UE performs a first operation;
the first operation comprises at least one of: encrypting the first data, protecting the integrity of the first data, and compressing the data packet header of the first data.
18. The first UE of claim 17,
the sending module is further configured to send the first information to the second UE through radio resource control RRC signaling or core network signaling.
19. The first UE of claim 17,
the sending module is further configured to send the first information to the second UE through a control protocol data unit PDU.
20. The UE of claim 17, wherein the first information comprises: information in a packet header of the first data.
21. The first UE of claim 20, wherein the information in the packet header of the first data comprises at least one of: first indication information in a data packet header of the first data, second indication information in the data packet header of the first data, and third indication information in the data packet header of the first data;
wherein the first indication information is used for indicating whether the first UE encrypts the first data; the second indication information is used for indicating whether the first UE is used for protecting the first data integrity; the third indication information is used for indicating whether the first UE compresses a data packet header of the first data.
22. The first UE of claim 17 or 21, wherein a data format of the first data in a case where the first information is specifically used to indicate that the first UE does not encrypt the first data is different from a data format of the first data in a case where the first information is specifically used to indicate that the first UE encrypts the first data.
23. The first UE according to claim 17 or 21, wherein a data format of the first data in a case where the first information is specifically used to indicate that the first UE performs integrity protection on the first data is different from a data format of the first data in a case where the first information is specifically used to indicate that the first UE does not perform integrity protection on the first data.
24. The first UE according to claim 17 or 21, wherein a data format of the first data in a case where the first information is specifically used to indicate that the first UE does not cipher and perform integrity protection on the first data is different from a data format of the first data in a case where the first information is specifically used to indicate that the first UE ciphers and performs integrity protection on the first data.
25. A second user equipment, UE, comprising:
a receiving module, configured to receive first data from a first UE;
the determining module is used for determining whether to execute the second operation according to the first information;
wherein the first information is used for indicating whether a second UE performs a second operation on the first data; the second operation comprises at least one of: and decrypting the first data, verifying the integrity of the first data, and decompressing the packet header of the first data.
26. The second UE of claim 25,
the receiving module is further configured to receive the first information from the first UE through radio resource control RRC signaling or core network signaling.
27. The second UE of claim 25,
the receiving module is further configured to receive the first information from the first UE through a control protocol data unit PDU.
28. The second UE of claim 25, wherein the first information comprises: information in a packet header of the first data.
29. The second UE of claim 28, wherein the information in the packet header of the first data comprises at least one of: first indication information in a data packet header of the first data, second indication information in the data packet header of the first data, and third indication information in the data packet header of the first data;
wherein the first indication information is used for indicating whether the second UE decrypts the first data; the second indication information is used for indicating whether the second UE verifies the integrity of the first data; the third indication information is used to indicate whether the first UE decompresses a packet header of the first data.
30. Second UE according to claim 25 or 28 or 29, wherein the first information is specifically adapted to indicate to the second UE not to decrypt the first data in case the first data does not comprise a cipher related field.
31. The second UE according to claim 25, 28 or 29, wherein the first information is specifically configured to instruct the second UE to perform integrity verification on the first data in case the first data comprises an integrity protection message authentication code field;
alternatively, the first and second electrodes may be,
the first information is specifically used to indicate that the second UE does not perform integrity verification on the first data, when the first data does not include an integrity protection message authentication code field.
32. Second UE according to claim 25 or 28 or 29, wherein the first information is specifically adapted to instruct the second UE not to decrypt and perform integrity verification of the first data, in case the first data does not comprise a sequence number, SN, field.
33. A user equipment, UE, comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the data transmission method according to any of claims 1 to 8 or 9 to 16.
34. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the data transmission method according to any one of claims 1 to 8 or 9 to 16.
CN201910662837.5A 2019-07-22 2019-07-22 Data transmission method and equipment Pending CN111800372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910662837.5A CN111800372A (en) 2019-07-22 2019-07-22 Data transmission method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910662837.5A CN111800372A (en) 2019-07-22 2019-07-22 Data transmission method and equipment

Publications (1)

Publication Number Publication Date
CN111800372A true CN111800372A (en) 2020-10-20

Family

ID=72805391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910662837.5A Pending CN111800372A (en) 2019-07-22 2019-07-22 Data transmission method and equipment

Country Status (1)

Country Link
CN (1) CN111800372A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023005929A1 (en) * 2021-07-27 2023-02-02 华为技术有限公司 Communication method and apparatus

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103974234A (en) * 2007-03-19 2014-08-06 华为技术有限公司 User equipment capacity information transmission method, user equipment and network device
CN105704641A (en) * 2014-11-06 2016-06-22 中兴通讯股份有限公司 Device-to-device D2D data transmission method, D2D data transmission apparatus and D2D UE
CN107529159A (en) * 2016-06-22 2017-12-29 中兴通讯股份有限公司 The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method
US20180332051A1 (en) * 2015-10-30 2018-11-15 Telefonaktiebolaget Lm Ericsson (Publ) Management of integrity protection of a logical link control packet data unit
CN109246705A (en) * 2017-06-15 2019-01-18 维沃移动通信有限公司 A kind of Data Radio Bearer integrity protection configuration method, terminal and the network equipment
CN109586899A (en) * 2017-09-29 2019-04-05 电信科学技术研究院 Signaling manipulation and its indicating means, device and computer storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103974234A (en) * 2007-03-19 2014-08-06 华为技术有限公司 User equipment capacity information transmission method, user equipment and network device
CN105704641A (en) * 2014-11-06 2016-06-22 中兴通讯股份有限公司 Device-to-device D2D data transmission method, D2D data transmission apparatus and D2D UE
US20180332051A1 (en) * 2015-10-30 2018-11-15 Telefonaktiebolaget Lm Ericsson (Publ) Management of integrity protection of a logical link control packet data unit
CN107529159A (en) * 2016-06-22 2017-12-29 中兴通讯股份有限公司 The Access Layer encryption of broadband cluster DSCH Downlink Shared Channel, decryption, completeness protection method and device, safety implementation method
CN109246705A (en) * 2017-06-15 2019-01-18 维沃移动通信有限公司 A kind of Data Radio Bearer integrity protection configuration method, terminal and the network equipment
CN109586899A (en) * 2017-09-29 2019-04-05 电信科学技术研究院 Signaling manipulation and its indicating means, device and computer storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023005929A1 (en) * 2021-07-27 2023-02-02 华为技术有限公司 Communication method and apparatus

Similar Documents

Publication Publication Date Title
CN109257740B (en) Profile downloading method, mobile terminal and readable storage medium
RU2697645C1 (en) Method of protecting messages and corresponding device and system
CN110944406B (en) Link establishment method of sidelink and terminal
CN109033801B (en) Method for verifying user identity by application program, mobile terminal and storage medium
CN107147656B (en) Method and system for establishing remote control and readable storage medium
JP7179087B2 (en) Bearer setting method for re-establishing RRC connection, terminal and network equipment
CN108616878B (en) Encryption and decryption method, equipment and computer storage medium
CN110677851B (en) Terminal network access method and network access equipment access method
CN109547396B (en) Integrity protection method, terminal and base station
CN111818630A (en) State variable maintenance method and device and user equipment
US20080120728A1 (en) Method and apparatus for performing integrity protection in a wireless communications system
CN110769418B (en) Key updating method, terminal and network side equipment
CN112788783A (en) Relay connection establishing method and equipment
US20080181149A1 (en) Method and apparatus for handling packets in a wireless communications system
EP1942625B1 (en) Method and apparatus for performing ciphering in a wireless communications system
JP2023535839A (en) DATA TRANSMISSION METHOD, TERMINAL AND NETWORK SIDE DEVICE
CN111800372A (en) Data transmission method and equipment
CN113381966A (en) Information reporting method, information receiving method, terminal and network side equipment
CN105577631B (en) data transmission method and terminal
CN110971357B (en) Information indication method, indication receiving method, terminal and network side equipment
CN109347837B (en) Bluetooth data encryption transmission method, Bluetooth device and computer readable storage medium
US9237441B2 (en) Method and apparatus for configuring signaling radio bearer in a wireless communications system
CN113329322A (en) Data transmission method, device, terminal and network side equipment
WO2018228444A1 (en) Method and terminal for connection management and radio access network device
CN107948972B (en) Data service recovery method and related product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201020