CN112423272A

CN112423272A - Data transmission method and device

Info

Publication number: CN112423272A
Application number: CN201910719009.0A
Authority: CN
Inventors: 黄曲芳; 徐小英
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2019-08-05
Filing date: 2019-08-05
Publication date: 2021-02-26
Also published as: WO2021023088A1

Abstract

The application provides a data transmission method and device, which can simplify a data transmission process, save signaling and resource expenses and improve data transmission safety. The method comprises the following steps: the first access network equipment acquires a first key parameter; the first access network equipment receives a first message from second access network equipment, wherein the first message is used for indicating that the terminal equipment has moved to the coverage area of the second access network equipment and data needs to be transmitted between the terminal equipment and the second access network equipment; the first access network equipment sends a first key to the second access network equipment according to the first message, wherein the first key is generated based on the first key parameter; the first access network equipment adopts the first key to assist the second access network equipment and the terminal equipment to carry out data transmission; the first access network device obtains a second key parameter, where the second key parameter is used for next data transmission of the terminal device.

Description

Data transmission method and device

Technical Field

The present application relates to the field of communications, and in particular, to a method and an apparatus for data transmission in the field of communications.

Background

With the development of communication technology, the types of terminal devices are increasing, such as Machine Type Communications (MTC), narrow-band internet of things (NB-IOT), and the like. Different types of terminal devices have different application scenes and different data transmission modes. Taking MTC-type terminal devices as an example, such terminal devices transmit very little data and move only within a limited range. In general, each time there is data transmission, a complete set of processes needs to be executed between the terminal device and the network device, which specifically includes: establishing Radio Resource Control (RRC) connection, establishing Core Network (CN) side connection, security authentication, establishing a service channel, establishing a data bearer of an air interface, and the like.

Due to the mobility of the terminal device, the base station transmitting data with the terminal device may be different each time, the source base station is required to delete the data channel between the source base station and the CN side each time, the new base station establishes the data channel between the source base station and the CN side, and the data transmission process is complicated. And because the number of the MTC type terminal devices is huge, a large amount of signaling overhead is caused, and a large amount of wireless resources are wasted.

Disclosure of Invention

The application provides a data transmission method and device, which can simplify a data transmission process, save signaling and resource expenses, improve data transmission safety and further improve system performance.

In a first aspect, a method for data transmission is provided, including: the first access network equipment acquires a first key parameter; the first access network equipment receives a first message from second access network equipment, wherein the first message is used for indicating that a terminal equipment has moved to the coverage area of the second access network equipment and data needs to be transmitted between the terminal equipment and the second access network equipment; the first access network equipment sends a first key to the second access network equipment according to the first message, wherein the first key is generated based on the first key parameter; the first access network equipment assists the second access network equipment and the terminal equipment to carry out data transmission; and the first access network equipment acquires a second key parameter, wherein the second key parameter is used for the next data transmission of the terminal equipment.

According to the data transmission method, the terminal device and the second access network device are assisted by the first access network device to perform data transmission, a data transmission channel between the second access network device and the core network device does not need to be reestablished, the existing data transmission channel between the first access network device and the core network device is directly adopted, the data transmission flow can be simplified, signaling and resource expenses are saved, meanwhile, the first access network device obtains key parameters again and distributes the key parameters to the terminal device for next data transmission, the safety of data transmission can be improved, and further the system performance is improved.

It should be understood that, since the first access network device performs data transmission with the terminal device, it indicates that the first access network device establishes a data transmission channel from the first access network device to the core network device, that is, the terminal device may receive downlink data from the core network device through the data transmission channel or send uplink data to the core network device.

The second message may carry an identifier of the first access network device. The "data" in the above "having data to be transmitted" may refer to uplink data, may also refer to downlink data, and may also include both uplink data and downlink data, which is not limited in this embodiment of the application.

With reference to the first aspect, in some implementation manners of the first aspect, the assisting, by the first access network device, the data transmission between the second access network device and the terminal device includes: the first access network equipment receives the decrypted uplink data from the terminal equipment from the second access network equipment; and the first access network equipment sends the decrypted uplink data to core network equipment.

For uplink data (from the terminal device, which needs to be sent to the core network device), the terminal device may send the encrypted uplink data to the second access network device, the second access network device receives the data from the terminal device, decrypts the data from the terminal device by using the first key, and sends the decrypted uplink data to the first access network device, and the first access network device sends the decrypted uplink data to the core network device through the established data transmission channel.

With reference to the first aspect, in some implementation manners of the first aspect, the assisting, by the first access network device, the data transmission between the second access network device and the terminal device includes: the first access network equipment receives downlink data from core network equipment; and the first access network equipment sends the downlink data to the second access network equipment.

For downlink data (from the core network device, which needs to be sent to the terminal device), because a data transmission channel is not established between the core network device and the second access network device, the core network device may send the downlink data to the first access network device, and the first access network device sends the downlink data to the second access network device. And the second access network equipment encrypts the received downlink data by adopting the first key and sends the encrypted downlink data to the terminal equipment.

With reference to the first aspect, in some implementation manners of the first aspect, the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is accessed, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is accessed.

Since the first message carries the identifier of the terminal device, the first access network device can determine the terminal device according to the first message after receiving the first message. Further, the first access network device may generate the first key according to the first key parameter and by combining the identifier of the cell of the second access network device currently accessed by the terminal device. And the first access network equipment sends the first key to the second access network equipment so that the second access network equipment adopts the first key to carry out data transmission with the terminal equipment.

Optionally, the first key may be generated by combining all or part of information in the first key parameter, a source key previously stored by the first access network device, an identifier of a cell of the second access network device accessed by the terminal device, a frequency point of the cell of the second access network device accessed by the terminal device, and the like, which is not limited in this embodiment of the present application.

With reference to the first aspect, in certain implementations of the first aspect, after the first access network device acquires the second key parameter, the method further includes: and the first access network equipment sends the second key parameter to the second access network equipment.

It should be understood that the first access network device acquires the second key parameter for the next data transmission of the terminal device, and since the terminal device is currently located in the coverage of the second access network device, the first access network device needs to send the acquired second key parameter to the second access network device, so that the second access network device sends the second key parameter to the terminal device.

With reference to the first aspect, in certain implementations of the first aspect, after the first access network device acquires the second key parameter, the method further includes: the first access network equipment updates the identification of the terminal equipment; and the first access network equipment sends the updated identifier of the terminal equipment to the second access network equipment.

In consideration of the security of data transmission, the first access network device may update the identifier of the terminal device, i.e., reallocate the identifier for the terminal device for the next data transmission of the terminal device. If the first access network device updates the identifier of the terminal device, the first access network device needs to send the updated identifier to the second access network device, and then the second access network device sends the updated identifier to the terminal device.

In a second aspect, another method for data transmission is provided, including: the method comprises the steps that a second access network device sends a first message to a first access network device, wherein the first message is used for indicating that a terminal device has moved to the coverage range of the second access network device and data needs to be transmitted between the terminal device and the second access network device; the second access network device receiving a first key from the first access network device, the first key generated based on the first key parameter; the second access network equipment adopts the first key to carry out data transmission with the terminal equipment with the assistance of the first access network equipment; and the second access network equipment receives a second key parameter from the first access network equipment, wherein the second key parameter is used for the next data transmission of the terminal equipment.

With reference to the second aspect, in some implementations of the second aspect, the performing, by the second access network device, data transmission with the terminal device with the assistance of the first access network device by using the first key includes: the second access network equipment receives the encrypted uplink data from the terminal equipment; the second access network equipment decrypts the encrypted uplink data by adopting the first key to obtain decrypted uplink data; and the second access network equipment sends the decrypted uplink data to the first access network equipment.

With reference to the second aspect, in some implementations of the second aspect, the performing, by the second access network device, data transmission with the terminal device with the assistance of the first access network device by using the first key includes: the second access network equipment receives downlink data from the first access network equipment; the second access network equipment encrypts the downlink data by using the first key to obtain encrypted downlink data; and the second access network equipment sends the encrypted downlink data to the terminal equipment.

With reference to the second aspect, in some implementation manners of the second aspect, the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is accessed, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is accessed.

With reference to the second aspect, in some implementations of the second aspect, after the second access network device receives the second key parameter from the first access network device, the method further includes: and the second access network equipment sends the second key parameter to the terminal equipment.

With reference to the second aspect, in certain implementations of the second aspect, the method further includes: the second access network equipment receives the updated identifier of the terminal equipment from the first access network equipment; and the second access network equipment sends the updated identifier of the terminal equipment to the terminal equipment.

In a third aspect, an apparatus for data transmission is provided, which is configured to perform the method in the foregoing aspects or any possible implementation manner of the aspects. In particular, the apparatus comprises means for performing the method in the above aspects or any possible implementation of the aspects.

In one design, the apparatus may include a module corresponding to one or more of the methods/operations/steps/actions described in the foregoing aspects, and the module may be a hardware circuit, a software circuit, or a combination of a hardware circuit and a software circuit.

In another design, the device is a communication chip that may include an input circuit or interface for sending information or data and an output circuit or interface for receiving information or data.

In another design, the apparatus is a communication device that may include a transmitter to transmit information or data and a receiver to receive information or data.

In another design, the apparatus is configured to perform the method in the foregoing aspects or any possible implementation manner of the aspects, and the apparatus may be configured in the foregoing first access network device or second access network device, or the apparatus itself is the foregoing first access network device or second access network device.

In a fourth aspect, a communication device is provided, which comprises a processor and a memory, wherein the memory is used for storing a computer program, and the processor is used for calling the computer program from the memory and running the computer program, so that the communication device executes the method in any one of the possible implementation modes of the above aspects.

Optionally, the number of the processors is one or more, and the number of the memories is one or more.

Alternatively, the memory may be integral to the processor or provided separately from the processor.

Optionally, the communication device further comprises a transmitter (transmitter) and a receiver (receiver), which may be separately arranged or integrated together, and are called transceivers (transceivers).

In a fifth aspect, there is provided a communication system comprising means for implementing the method of the first aspect or any possible implementation of the first aspect, and means for implementing the method of the second aspect or any possible implementation of the second aspect.

In a possible design, the communication system may further include other devices that interact with the first access network device and/or the second access network device in the solution provided in this embodiment of the present application.

In a sixth aspect, there is provided a computer program product comprising: computer program (also called code, or instructions), which when executed, causes a computer to perform the method of any of the possible implementations of any of the above aspects.

In a seventh aspect, a computer-readable medium is provided, which stores a computer program (which may also be referred to as code or instructions) that, when executed on a computer, causes the computer to perform the method of any one of the possible implementations of the above aspects.

In an eighth aspect, a chip system is provided, which includes a memory for storing a computer program and a processor for calling and running the computer program from the memory, so that a communication device in which the chip system is installed executes the method in any one of the possible implementation manners of the above aspects.

The system-on-chip may include, among other things, input circuitry or interfaces for transmitting information or data, and output circuitry or interfaces for receiving information or data.

Drawings

Fig. 1 is a schematic diagram of a communication system provided in an embodiment of the present application.

Fig. 2 is a schematic flow chart of a method for data transmission provided by an embodiment of the present application.

Fig. 3 is a schematic flow chart of another method for data transmission according to an embodiment of the present application.

Fig. 4 is a schematic flow chart of a method for further data transmission according to an embodiment of the present application.

Fig. 5 is a schematic flow chart of a method for further data transmission according to an embodiment of the present application.

Fig. 6 is a schematic block diagram of an apparatus for data transmission provided by an embodiment of the present application.

Fig. 7 is a schematic block diagram of another apparatus for data transmission provided in an embodiment of the present application.

Fig. 8 is a schematic structural diagram of an access network device according to an embodiment of the present application.

Detailed Description

The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Long Term Evolution (LTE) system, an LTE Frequency Division Duplex (FDD) system, an LTE Time Division Duplex (TDD) system, a Universal Mobile Telecommunications System (UMTS), a fifth generation (5G) system, a New Radio (NR) system, or other evolved communication systems.

The terminal device in the embodiment of the present application may also be referred to as: user Equipment (UE), Mobile Station (MS), Mobile Terminal (MT), access terminal, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user device, etc.

The terminal device may be a device providing voice/data connectivity to a user, e.g. a handheld device, a vehicle mounted device, etc. with wireless connection capability. Currently, some examples of terminals are: a mobile phone (mobile phone), a tablet computer, a notebook computer, a palm computer, a Mobile Internet Device (MID), a wearable device, a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote operation (remote local supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation security (transportation safety), a wireless terminal in city (city), a wireless terminal in smart home (smart home), a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a wireless local loop (wireless local) phone, a personal digital assistant (WLL) station, a handheld personal communication device with wireless communication function, a wireless terminal in industrial control (industrial control), a wireless terminal in transportation security (personal control), a wireless terminal in city (smart home), a wireless terminal in smart home (smart home), a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a wireless local loop (personal digital assistant (PDA) phone, a wireless local communication device with wireless communication function, a wireless communication device, a communication device, A computing device or other processing device connected to a wireless modem, a vehicle-mounted device, a wearable device, a terminal device in a 5G network, or a terminal device in a Public Land Mobile Network (PLMN) for future evolution, and the like, which are not limited in this embodiment of the present application.

By way of example and not limitation, in the embodiments of the present application, the terminal device may also be a wearable device. Wearable equipment can also be called wearable intelligent equipment, is the general term of applying wearable technique to carry out intelligent design, develop the equipment that can dress to daily wearing, like glasses, gloves, wrist-watch, dress and shoes etc.. A wearable device is a portable device that is worn directly on the body or integrated into the clothing or accessories of the user. The wearable device is not only a hardware device, but also realizes powerful functions through software support, data interaction and cloud interaction. The generalized wearable smart device includes full functionality, large size, and can implement full or partial functionality without relying on a smart phone, such as: smart watches or smart glasses and the like, and only focus on a certain type of application functions, and need to be used in cooperation with other devices such as smart phones, such as various smart bracelets for physical sign monitoring, smart jewelry and the like.

In addition, in the embodiment of the present application, the terminal device may also be a terminal device in an internet of things (IoT) system, where IoT is an important component of future information technology development, and a main technical feature of the present application is to connect an article with a network through a communication technology, so as to implement an intelligent network with interconnected human-computer and interconnected objects.

In addition, the access network device and the core network device in the embodiment of the present application may be collectively referred to as a network device. The access network device may be a device for communicating with a terminal device, may also be referred to as a radio access network device, and may be a Transmission Reception Point (TRP), an evolved Node B (eNB or eNodeB) in an LTE system, a home base station (e.g., home evolved NodeB, home Node B, HNB), a baseband unit (BBU), a radio controller in a Cloud Radio Access Network (CRAN) scenario, or an access network device in a relay station, an access point, a vehicle-mounted device, a wearable device, and an access network device in a 5G network or a Public Land Mobile Network (PLMN) network for future evolution, or the like, may be an Access Point (AP) in a WLAN, may be a new radio system (new radio network), NR) system, the embodiments of the present application are not limited.

In one network configuration, the access network device may include a Centralized Unit (CU) node, or a Distributed Unit (DU) node, or a RAN device including a CU node and a DU node, or a control plane CU node (CU-CP node) and a user plane CU node (CU-UP node), and a RAN device of a DU node.

The access network device provides service for a cell, and a terminal device communicates with the cell through a transmission resource (e.g., a frequency domain resource, or a spectrum resource) allocated by the access network device, where the cell may belong to a macro base station (e.g., a macro eNB or a macro gNB), or may belong to a base station corresponding to a small cell (small cell), where the small cell may include: urban cell (metro cell), micro cell (microcell), pico cell (pico cell), femto cell (femto cell), etc., and these small cells have the characteristics of small coverage and low transmission power, and are suitable for providing high-rate data transmission service.

The core network element in the embodiment of the present application may be a core network element in a 4G network, for example, a Mobile Management Entity (MME), a serving gateway (sGW), or a core network element in a 5G network, for example, an access and mobility management function (AMF) network element, a User Plane Function (UPF) network element, or a core network element with another name, which is not limited in this embodiment of the present application.

In the embodiment of the application, the terminal device or the network device includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a Central Processing Unit (CPU), a Memory Management Unit (MMU), and a memory (also referred to as a main memory). The operating system may be any one or more computer operating systems that implement business processing through processes (processes), such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system. The application layer comprises applications such as a browser, an address list, word processing software, instant messaging software and the like. Furthermore, the embodiment of the present application does not particularly limit the specific structure of the execution main body of the method provided by the embodiment of the present application, as long as the communication can be performed according to the method provided by the embodiment of the present application by running the program recorded with the code of the method provided by the embodiment of the present application, for example, the execution main body of the method provided by the embodiment of the present application may be a terminal device or a network device, or a functional module capable of calling the program and executing the program in the terminal device or the network device.

In addition, various aspects or features of the present application may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer-readable media may include, but are not limited to: magnetic storage devices (e.g., hard disk, floppy disk, or magnetic tape), optical disks (e.g., Compact Disk (CD), Digital Versatile Disk (DVD), etc.), smart cards, and flash memory devices (e.g., erasable programmable read-only memory (EPROM), card, stick, or key drive, etc.). In addition, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" can include, without being limited to, wireless channels and various other media capable of storing, containing, and/or carrying instruction(s) and/or data.

For the understanding of the embodiments of the present application, a detailed description will be given of a communication system suitable for the embodiments of the present application with reference to fig. 1.

Fig. 1 is a schematic diagram of a communication system suitable for use in embodiments of the present application. As shown in fig. 1, the communication system 100 may include a core network device 110, a first access network device 120, a second access network device 130, and a terminal device 140. The terminal device 140 may be wirelessly connected to the first access network device 120 within the coverage of the first access network device, and the first access network device 120 and the second access network device 130 may be wirelessly or wiredly connected to the core network device 110.

The core network device 110 and the first access network device 120 (or the second access network device 130) may be separate physical devices, or the function of the core network device 140 and the logical function of the access network device may be integrated on the same physical device, or a physical device in which the function of a part of the core network device and the function of a part of the access network device are integrated, which is not limited in this embodiment of the present application.

Further, in the present embodiment, the terminal device 140 may be movable. If the terminal device 140 moves to the coverage area of the first access network device 120, the terminal device 140 may transmit the uplink data packet to the first access network device 120, and the uplink data packet is sent to the core network device 110 by the first access network device 120. The first access network device 120 may also transmit the downlink data packet from the core network device 110 to the terminal device 140. If the terminal device 140 moves to the coverage area of the second access network device 130, the data transmission method is the same, and will not be described again.

The access network device (including the first access network device 120 and the second access network device 130) may include a baseband device and a radio frequency device, where the baseband device may be implemented by one node, or implemented by multiple nodes, and the radio frequency device may be implemented independently by being pulled away from the baseband device, or integrated into the baseband device, or partially pulled away and partially integrated into the baseband device. For example, in an LTE communication system, the access network equipment includes a baseband device and a radio frequency device, where the radio frequency device may be remotely arranged with respect to the baseband device, for example, a Remote Radio Unit (RRU) is remotely arranged with respect to the BBU.

Each of the communication devices, such as the core network device 110, the first access network device 120, the second access network device 130, or the terminal device 140 in fig. 1, may be configured with multiple antennas. The plurality of antennas may include at least one transmit antenna for transmitting signals and at least one receive antenna for receiving signals. Additionally, each communication device can additionally include a transmitter chain and a receiver chain, each of which can comprise a plurality of components associated with signal transmission and reception (e.g., processors, modulators, multiplexers, demodulators, demultiplexers, antennas, etc.), as will be appreciated by one skilled in the art. Therefore, the access network equipment and the terminal equipment can communicate through the multi-antenna technology.

It should be understood that fig. 1 is only a schematic diagram, and that other network devices, such as wireless relay devices and wireless backhaul devices, not shown in fig. 1, may also be included in the communication system 100. The embodiment of the present application does not limit the number of core network devices, access network devices, and terminal devices included in the communication system 100.

In view of this, the present application provides a data transmission method, which can simplify a data transmission process, save signaling and resource overhead, and improve data transmission security, thereby improving system performance.

Various embodiments provided herein will be described in detail below with reference to the accompanying drawings. The first, second, third and various numerical references in the embodiments shown below are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application. E.g. to distinguish different information, to distinguish different key parameters, etc.

Fig. 2 shows a schematic flow chart of a method 200 of data transmission of an embodiment of the application. The method 200 may be applied to the communication system 100 shown in fig. 1, but the embodiment of the present application is not limited thereto.

S210, after the data transmission between the first access network device and the terminal device is finished, the first access network device obtains the first key parameter, and at this time, the terminal device enters an idle state or an inactive state.

If the terminal device is in an idle state, it indicates that the terminal device is not connected with the access network device and is not connected with the core network device. If the terminal device is in the inactive state, it indicates that the terminal device is not connected with the access network device, but is connected with the core network device.

It should also be understood that the first access network device obtaining the first key parameter may refer to the first access network device obtaining the first key parameter from a core network device, for example, the first access network device may obtain the first key parameter from a Mobility Management Entity (MME), or the first access network device may obtain the first key parameter from an access and mobility management function network element (AMF).

Optionally, the first access network device may send the first key parameter, the identifier of the terminal device, and the identifier of the first access network device to the terminal device. For example, the first access network device sends an RRC release message to the terminal device, where the RRC release message carries the first key parameter, the identifier of the terminal device, and the identifier of the first access network device. After receiving the RRC release message, the terminal device may store the parameters, the identifier, and the source key used in the cell where the first access network device is located, and then enter idle state or inactive state.

S220, the terminal device moves to the coverage area of a second access network device, and if data needs to be transmitted between the terminal device and the core network device, the terminal device sends a second message to the second access network device, wherein the second message is used for requesting to transmit the data with the second access network device; correspondingly, the second access network device receives the second message sent by the terminal device.

It should be appreciated that the second message may carry an identification of the first access network device. The "data" in the above "having data to be transmitted" may refer to uplink data, may also refer to downlink data, and may also include both uplink data and downlink data, which is not limited in this embodiment of the application.

Optionally, the terminal device may obtain a cell identifier and a frequency point of a currently accessed second access network device, and generate a new key (i.e., a first key) used for this data transmission by combining the stored first key parameter and the source key.

S230, the second access network device sends a first message to the first access network device according to the second message, wherein the first message is used for indicating that the terminal device has moved into the coverage area of the second access network device and data needs to be transmitted between the terminal device and the second access network device; correspondingly, the first access network device receives the first message sent by the second access network device.

Because the second message carries the identifier of the first access network device, the second access network device may determine, according to the second message, that the last data transmission of the terminal device is completed through the first access network device, that is, the context information of the terminal device is retained at the first access network device, and a data transmission channel exists between the first access network device and the core network device. Therefore, the second access network device sends the first message to the first access network device to request the key of the terminal device. In one possible implementation, the first message may be a context request message for requesting a context of the terminal device.

Optionally, the first message may carry an identifier of the terminal device and an identifier of a cell of a second access network device to which the terminal device is currently accessed.

S240, the first access network equipment generates a first key according to the first message and by combining with the first key parameter, and sends the first key to the second access network equipment; the second access network device receives the first key, correspondingly. In a possible implementation manner, the first key may be carried in a context response message sent by the first access network device to the second access network device.

Optionally, the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is accessed, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is accessed.

S250, the first access network device assists the terminal device and the second access network device to transmit data, in other words, because a data transmission channel exists between the first access network device and the core network device, the second access network device may send uplink data to the core network device through the first access network device, or receive downlink data from the core network device. It should be understood that the uplink data is from the terminal device and the downlink data is sent to the terminal device.

As an optional embodiment, the assisting, by the first access network device, the second access network device and the terminal device to perform data transmission includes: the first access network equipment receives the decrypted uplink data from the terminal equipment from the second access network equipment; and the first access network equipment sends the decrypted uplink data to core network equipment.

As an optional embodiment, the assisting, by the first access network device, the second access network device and the terminal device to perform data transmission includes: the first access network equipment receives downlink data from core network equipment; and the first access network equipment sends the downlink data to the second access network equipment.

S260, the first access network device obtains the second key parameter.

And the first access network equipment determines that the terminal equipment does not enter a connected (connected) state, and then the first access network equipment acquires the second key parameter. The first access network device may determine that the terminal device does not enter the connected state according to multiple ways, for example, the first access network device may determine that the terminal device does not enter the connected state according to information such as a service type and a type of the terminal device, or may determine that the terminal device does not enter the connected state according to a request of the terminal device, an indication of the second access network device, or an indication of an application layer, which is not limited in this embodiment of the present application.

It should be understood that the first access network device obtaining the second key parameter means that the first access network device obtains the second key parameter from the core network device, for example, the first access network device may obtain the second key parameter from the MME or the AMF.

It should also be understood that the first access network device may obtain the second key parameter after determining that the terminal device does not enter the connected state. For example, the first access network device may obtain the second key parameter in a data transmission process between the terminal device and the second access network device, or the first access network device may obtain the second key parameter after the data transmission between the terminal device and the second access network device is finished, which is not limited in this embodiment of the present application.

As an optional embodiment, after the first access network device acquires the second key parameter, the method further includes: and the first access network equipment sends the second key parameter to the second access network equipment. Correspondingly, the second access network device receives the second key parameter from the first access network device and sends the second key parameter to the terminal device.

For example, the first access network device may directly send the second key parameter to the second access network device, or may send the second key parameter to the second access network device by carrying the second key parameter in an existing message (for example, an RRC release message), which is not limited in this embodiment of the present application.

As an optional embodiment, the method further comprises: the first access network equipment updates the identification of the terminal equipment; and the first access network equipment sends the updated identifier of the terminal equipment to the second access network equipment.

For example, the first access network device may directly send the updated identifier to the second access network device, or may send the updated identifier to the second access network device by carrying the updated identifier in an existing message (for example, an RRC release message), which is not limited in this embodiment of the present application.

In the following, taking a terminal device as a UE, a first access network device as a source eNB, a second access network device as a new eNB, and a core network device including an MME and an sGW as an example, the embodiments of the present application are described in detail with reference to fig. 3 to 5.

Fig. 3 shows a schematic flow chart of another method 300 of data transmission of an embodiment of the present application. The method 300 may be applied to the system architecture 100 shown in fig. 1, but the embodiment of the present application is not limited thereto.

S301, after the data transmission between the source eNB and the UE is finished, the source eNB acquires a first Ncc from the MME, where the Ncc is a key parameter and is used to generate a key used for data transmission.

S302, the source eNB sends an RRC release message to the UE, where the RRC release message carries a first identifier (also referred to as resume ID) and a first Ncc. Illustratively, the first identifier may be divided into two parts, wherein one part of bits is used for identifying the UE and the other part of bits is used for identifying the source eNB. The UE correspondingly receives the RRC release message.

S303, the UE stores the source key KeNB (key between the UE and the cell of the source eNB) used for the last data transmission, and the first identifier and the first Ncc in the RRC release message, and enters an idle (idle) state or an inactive (inactive) state.

And S304, the UE moves to a cell covered by the new eNB and has uplink data transmission, the UE can acquire information such as the cell identification (cell ID) of the new eNB, the frequency point of the cell and the like, and a new key KeNB is generated by combining the first Ncc and the source key KeNB, wherein the KeNB is used for the UE to use in the cell of the currently accessed new eNB. Further, the UE may generate a key K _ sec for ciphering and a key K _ int for integrity protection from the new key KeNB.

S305, the UE sends an RRC recovery request message and uplink data to the new eNB, wherein the RRC recovery request message carries the first identifier. Further, the RRC recovery request message may also carry a reason for sending the request, for example, uplink data needs to be transmitted. It should be understood that, before sending the RRC recovery request message and the uplink data, the UE may perform integrity protection on the RRC recovery request message by using the key K _ inte for integrity protection, and then encrypt the uplink data by using the key K _ sec for encryption. The new eNB receives the RRC recovery request message and uplink data, correspondingly.

S306, the new eNB determines that the context of the UE is stored in the source eNB according to the first identifier carried in the RRC recovery request message, and then sends a UE context request message to the source eNB, wherein the UE context request message can carry the first identifier and the identifier (cell ID) of the cell accessed by the UE in the new eNB. The source eNB receives the UE context request message sent by the new eNB, correspondingly. It should be understood that the UE context request message may correspond to the first message in the method 200 described above.

And S307, the source eNB determines the UE according to the first identifier carried in the UE context request message, and then generates a first key used by the UE in the new cell, namely a new key KeNB, according to the stored source key KeNB, and information such as the identifier, cell frequency point and the like of the cell accessed by the UE in the new eNB.

S308, the source eNB sends a UE context response message to the new eNB, where the UE context response message carries the context information of the UE and the new key KeNB. The new eNB receives the UE context response sent by the source eNB, correspondingly.

S309, the new eNB generates a key K _ sec for ciphering and a key K _ int for integrity protection according to the new key KeNB. And the new eNB adopts the key K _ inte to carry out integrity verification on the RRC recovery request message and adopts the key K _ sec to decrypt the uplink data.

S310, the new eNB sends the decrypted uplink data to the source eNB. Correspondingly, the source eNB receives the decrypted uplink data transmitted by the new eNB.

S311, the source eNB sends the decrypted uplink data to the sGW through the existing data transmission channel on the core network side. Correspondingly, the sGW receives the decrypted uplink data.

S312, the source eNB determines that the UE does not enter connected (connected) state, and the source eNB acquires a second Ncc from the MME.

S313, the source eNB sends an RRC release message to the new eNB, where the RRC release message carries the second Ncc. Correspondingly, the new eNB receives the RRC release message sent by the source eNB. Further, the RRC release message may also carry the first identifier and a reason for releasing the connection (e.g., no data transmission).

And S314, the new eNB forwards the RRC release message to the UE. Correspondingly, the UE receives the RRC release message sent by the new eNB.

It should be understood that, in the above S312, the source eNB may further reallocate the identity information to the UE, that is, update the above first identity, and the updated first identity may be carried in an RRC release message and sent to the new eNB, and then forwarded to the UE by the new eNB, which is not limited in this embodiment of the application.

It should also be understood that the source eNB may directly send the second Ncc to the new eNB, and the new eNB generates an RRC release message after receiving the second Ncc, and sends the second Ncc, the updated first identifier, the reason for releasing the connection, and the like to the UE by being carried in the RRC release message. In other words, the RRC release message received by the UE may be generated by the source eNB or generated by the new eNB, which is not limited in this embodiment of the present application.

According to the data transmission method, the UE only transmits uplink data through the new eNB, and after the uplink data transmission is completed, the source eNB updates the key parameters for the UE so as to facilitate the next data transmission.

Optionally, the network element in this embodiment of the present application may be replaced with a network element in 5G, for example, the source eNB may be a gNB, the new eNB may be a new gNB, the MME may be an AMF, and the sGW may be an UPF, which is not limited in this embodiment of the present application.

Fig. 4 shows a schematic flow chart of another method 400 of data transmission of an embodiment of the present application. The method 400 may be applied to the system architecture 100 shown in fig. 1, but the embodiment of the present application is not limited thereto.

S401 to S411 are the same as S301 to S311, and are not described herein again.

S412, the sGW transmits downlink data to the source eNB, and accordingly, the source eNB receives the downlink data.

S413, the source eNB determines that the UE does not enter connected (connected) state, and the source eNB acquires the second Ncc from the MME.

S414, the source eNB sends an RRC release message and the downlink data to the new eNB, where the RRC release message carries the second Ncc. Correspondingly, the new eNB receives the RRC release message sent by the source eNB. Further, the RRC release message may also carry the first identifier and a reason for releasing the connection (e.g., no data transmission).

S415, the new eNB encrypts the downlink data by using the key K _ sec for encryption, and performs integrity protection on the RRC release message by using the key K _ inte for integrity protection.

S416, the new eNB sends the RRC release message and the encrypted downlink data to the UE, and accordingly, the UE receives the RRC release message and the encrypted downlink data. The RRC release message carries a second Ncc. Further, the RRC release message may also carry the first identifier and a reason for releasing the connection (e.g., no data transmission).

S417, the UE saves the second Ncc, adopts the key K _ inte to carry out integrity verification on the RRC release message, and adopts the key K _ sec to decrypt the encrypted downlink data, thereby obtaining the downlink data from the SGW. Further, if the RRC release message carries the first identifier, the UE stores the first identifier.

It should be understood that, in the above S413, the source eNB may further reallocate the identity information to the UE, that is, update the above first identity, and the updated first identity may be carried in an RRC release message and sent to the new eNB, and then forwarded to the UE by the new eNB, which is not limited in this embodiment of the application.

According to the data transmission method, the UE transmits uplink data and downlink data through the new eNB, and after data transmission is completed, the source eNB updates key parameters for the UE so as to facilitate next data transmission.

Fig. 5 shows a schematic flow chart of another method 500 of data transmission of an embodiment of the present application. The method 500 may be applied to the system architecture 100 shown in fig. 1, but the embodiment of the present application is not limited thereto.

S501, after the data transmission between the source eNB and the UE is finished, the source eNB acquires a first Ncc from the MME, where the Ncc is a key parameter and is used to generate a key used for data transmission.

S502, the source eNB sends an RRC release message to the UE, where the RRC release message carries a first identifier (also referred to as resume ID) and a first Ncc. Illustratively, the first identifier may be divided into two parts, wherein one part of bits is used for identifying the UE and the other part of bits is used for identifying the source eNB. The UE correspondingly receives the RRC release message.

S503, the UE stores the source key KeNB (key between the UE and the cell of the source eNB) used for the last data transmission, and the first identifier and the first Ncc in the RRC release message, and enters an idle (idle) state or an inactive (inactive) state.

S504, UE moves to a cell covered by a new eNB, if downlink data transmission exists, an sGW triggers a paging process, namely the sGW notifies an MME to initiate paging, the MME generates a paging message, and sends the paging message to all eNBs in a paging area, wherein the paging message carries an identifier of the UE. The source eNB receives the paging message accordingly.

S505, the source eNB sends a paging message to the new eNB and indicates in which cells to send the paging message. The new eNB receives the paging message transmitted by the source eNB, correspondingly.

S506, the new eNB initiates paging in the indicated cell, so that the UE can receive the paging message sent by the new eNB because the UE is in the cell of the new eNB, thereby knowing that downlink data is to be transmitted.

S507, the UE acquires information such as a cell ID (cell ID) of the new eNB, a frequency point of the cell, and generates a new key KeNB in combination with the first Ncc and the source key KeNB, where the KeNB is used by the UE in the currently accessed cell of the new eNB. Further, the UE may generate a key K _ sec for ciphering and a key K _ int for integrity protection from the new key KeNB.

S508, the UE sends an RRC recovery request message to the new eNB, wherein the RRC recovery request message carries the first identifier. Further, the RRC recovery request message may also carry a reason for sending the request, for example, downlink data needs to be transmitted. It should be understood that the UE may perform integrity protection on the RRC recovery request message by using the above-mentioned key K _ inte for integrity protection before sending the RRC recovery request message. The new eNB receives the RRC recovery request message accordingly.

S509, the new eNB determines, according to the first identifier carried in the RRC recovery request message, that the context of the UE is stored in the source eNB, and sends a UE context request message to the source eNB, where the UE context request message may carry the first identifier and an identifier (cell ID) of a cell to which the UE is accessed in the new eNB. The source eNB receives the UE context request message sent by the new eNB, correspondingly.

And S510, the source eNB determines the UE according to the first identifier carried in the UE context request message, and then generates a first key used by the UE in the new cell, namely a new key KeNB, according to the stored source key KeNB, and information such as the identifier, cell frequency point and the like of the cell accessed by the UE in the new eNB.

S511, the source eNB sends a UE context response message to the new eNB, where the UE context response message carries the context information of the UE and the new key KeNB. The new eNB receives the UE context response sent by the source eNB, correspondingly.

S512, the sGW transmits downlink data to the source eNB, and accordingly, the source eNB receives the downlink data.

S513, the source eNB determines that the UE does not enter connected (connected) state, and the source eNB acquires the second Ncc from the MME.

S514, the source eNB sends an RRC release message and the downlink data to the new eNB, where the RRC release message carries the second Ncc. Correspondingly, the new eNB receives the RRC release message sent by the source eNB. Further, the RRC release message may also carry the first identifier and a reason for releasing the connection (e.g., no data transmission).

S515, the new eNB generates the key K _ sec for ciphering and the key K _ int for integrity protection according to the new key KeNB. And the new eNB encrypts the downlink data by adopting a secret key K _ sec for encryption, and performs integrity protection on the RRC release message by adopting a secret key K _ inte for integrity protection.

S516, the new eNB sends an RRC release message and encrypted downlink data to the UE, and accordingly, the UE receives the RRC release message and encrypted downlink data. The RRC release message carries a second Ncc. Further, the RRC release message may also carry the first identifier and a reason for releasing the connection (e.g., no data transmission).

S517, the UE stores the second Ncc, adopts the key K _ inte to carry out integrity verification on the RRC release message, and adopts the key K _ sec to decrypt the encrypted downlink data, thereby obtaining the downlink data from the SGW. Further, if the RRC release message carries the first identifier, the UE stores the first identifier.

It should be understood that, in the above S513, the source eNB may further reallocate the identity information to the UE, that is, update the above first identity, and the updated first identity may be carried in an RRC release message and sent to the new eNB, and then forwarded to the UE by the new eNB, which is not limited in this embodiment of the application.

According to the data transmission method, the UE only transmits downlink data through the new eNB, and after the downlink data transmission is completed, the source eNB updates the key parameters for the UE so as to facilitate the next data transmission.

It should be understood that the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

The method for data transmission according to the embodiment of the present application is described in detail above with reference to fig. 1 to 5, and the apparatus for data transmission and the access network device according to the embodiment of the present application are described in detail below with reference to fig. 6 to 8.

Fig. 6 is a schematic block diagram of an apparatus for data transmission provided by an embodiment of the present application. The apparatus 600 for data transmission may implement the steps or processes executed by the first access network device in the above method embodiments, for example, the apparatus 600 may be the first access network device, or a chip or circuit configured in the first access network device. As shown, the apparatus 600 may include: an acquisition unit 610, a receiving unit 620 and a transmitting unit 630.

The obtaining unit 610 is configured to: acquiring a first key parameter;

the receiving unit 620 is configured to: receiving a first message from a second access network device, wherein the first message is used for indicating that a terminal device has moved into the coverage area of the second access network device and data needs to be transmitted between the terminal device and the second access network device;

the sending unit 630 is configured to: sending a first key to the second access network device according to the first message, wherein the first key is generated based on the first key parameter;

the receiving unit 620 and/or the sending unit 630 are further configured to: assisting the second access network device and the terminal device to perform data transmission;

the obtaining unit 610 is further configured to: and acquiring a second key parameter, wherein the second key parameter is used for next data transmission of the terminal equipment.

Optionally, the receiving unit 620 is specifically configured to: receiving the decrypted uplink data from the terminal equipment from the second access network equipment; the sending unit 630 is specifically configured to: and sending the decrypted uplink data to core network equipment.

Optionally, the receiving unit 620 is specifically configured to: receiving downlink data from core network equipment; the sending unit 630 is specifically configured to: and sending the downlink data to the second access network equipment.

Optionally, the sending unit 630 is further configured to: and after acquiring the second key parameter, sending the second key parameter to the second access network equipment.

Optionally, the apparatus further comprises: the processing unit is used for updating the identifier of the terminal equipment after the second key parameter is acquired; the sending unit 630 is further configured to: and sending the updated identifier of the terminal equipment to the second access network equipment.

It should be appreciated that the apparatus 600 herein is embodied in the form of a functional unit. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, it may be understood by those skilled in the art that the apparatus 600 may be specifically a first access network device in the foregoing embodiment, and the apparatus 600 may be configured to perform each procedure and/or step corresponding to the first access network device in the foregoing method embodiment, and details are not described herein again to avoid repetition.

Fig. 7 is a schematic block diagram of another apparatus for data transmission provided in an embodiment of the present application. The apparatus 700 for data transmission may implement various steps or processes executed by the second access network device in the above method embodiments, for example, the apparatus 700 may be the second access network device, or a chip or circuit configured in the second access network device. As shown, the apparatus 700 may include: a transmitting unit 710 and a receiving unit 720.

The sending unit 710 is configured to: sending a first message to a first access network device, wherein the first message is used for indicating that a terminal device has moved to the coverage area of the device and data needs to be transmitted between the terminal device and the device;

the receiving unit 720 is configured to: receiving a first key from the first access network device, the first key generated based on the first key parameter;

the sending unit 710 and/or the receiving unit 720 are further configured to: adopting the first key to perform data transmission with the terminal equipment with the assistance of the first access network equipment;

the receiving unit 720 is further configured to: and receiving a second key parameter from the first access network device, wherein the second key parameter is used for the next data transmission of the terminal device.

Optionally, the receiving unit 720 is specifically configured to: receiving encrypted uplink data from the terminal equipment; the device further comprises: the processing unit is used for decrypting the encrypted uplink data by adopting the first secret key to obtain decrypted uplink data; the sending unit 710 is specifically configured to: and sending the decrypted uplink data to the first access network equipment.

Optionally, the receiving unit 720 is specifically configured to: receiving downlink data from the first access network device; the device further comprises: the processing unit is used for encrypting the downlink data by adopting the first secret key to obtain encrypted downlink data; the sending unit 710 is specifically configured to: and sending the encrypted downlink data to the terminal equipment.

Optionally, the first message carries an identifier of the terminal device and an identifier of a cell of the apparatus to which the terminal device is accessed, and the first key is generated according to the first key parameter and the identifier of the cell of the apparatus to which the terminal device is accessed.

Optionally, the sending unit 710 is further configured to: after receiving the second key parameter from the first access network device, sending the second key parameter to the terminal device.

Optionally, the receiving unit 720 is further configured to: receiving the updated identifier of the terminal device from the first access network device; the sending unit 710 is further configured to: and sending the updated identifier of the terminal equipment to the terminal equipment.

It should be appreciated that the apparatus 700 herein is embodied in the form of a functional unit. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, it may be understood by those skilled in the art that the apparatus 700 may be specifically the second access network device in the foregoing embodiment, and the apparatus 600 may be configured to perform each procedure and/or step corresponding to the second access network device in the foregoing method embodiment, and details are not described here again to avoid repetition.

The apparatus 600 has a function of implementing corresponding steps executed by the first access network device in the method; the apparatus 700 has the function of implementing the corresponding steps executed by the second access network device in the method. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions. For example, the transmitting unit may be replaced by a transmitter, and the receiving unit may be replaced by a receiver, which respectively perform the receiving and transmitting operations and the related processing operations in the respective method embodiments. The transmitting unit and the receiving unit may be collectively referred to as a transceiving unit, and accordingly, the receiver and the transmitter may be collectively referred to as a transceiver. It should be understood that the processing unit in the above embodiments may be implemented by a processor or processor-related circuits, and the receiving unit and the transmitting unit may be implemented by a transceiver or transceiver-related circuits or interface circuits.

Optionally, in each of the above possibly designed apparatuses, a storage unit may be further included, and the storage unit is configured to store a computer program, and the processing unit may call and execute the computer program from the storage unit, so that the apparatus 600 performs the method of the first access network device in the above method embodiment, or so that the apparatus 700 performs the method of the second access network device in the above method embodiment.

The units in the above embodiments may also be referred to as modules or circuits or components, etc.

Fig. 8 is a schematic structural diagram of an access network device 3000 provided in this embodiment of the present application, which may be a schematic structural diagram of a base station, for example. The access network device 3000 may be applied to the communication system shown in fig. 1, and implement the steps or processes executed by the first access network device in the foregoing method embodiment, or implement the steps or processes executed by the second access network device in the foregoing method embodiment.

As shown in the figure, the access network device 3000 may include one or more radio frequency units, such as a Remote Radio Unit (RRU) 3100 and one or more baseband units (BBUs) 3200, where the BBUs 3200 may also be referred to as Digital Units (DUs), and the RRU 3100 may be referred to as a transceiver unit, which corresponds to the receiver unit and the transmitter unit in fig. 6 and 7. Alternatively, the RRU 3100 may also be referred to as a transceiver, transceiving circuitry, or a transceiver, etc., which may include at least one antenna 3101 and a radio frequency unit 3102. Optionally, the RRU 3100 may include a receiving unit and a sending unit, where the receiving unit may correspond to a receiver (or receiver, receiving circuit), and the sending unit may correspond to a transmitter (or transmitter, transmitting circuit). The RRU 3100 part is mainly used for transceiving and converting radio frequency signals to baseband signals, for example, for sending indication information to a terminal device. The BBU3200 part is mainly used for performing baseband processing, controlling access network equipment and the like. The RRU 3100 and the BBU3200 may be physically located together or may be physically located separately, for example, in a distributed base station.

The BBU3200 is a control center of an access network device, and may also be referred to as a processing unit, and may correspond to the processing unit in the foregoing apparatus, and is mainly used for performing baseband processing functions, such as channel coding, multiplexing, modulation, spreading, and the like. For example, the BBU3200 may be configured to control the access network device to perform an operation procedure related to the access network device in the foregoing method embodiment, for example, to generate the foregoing handover condition, or to send the handover condition.

In an example, the BBU3200 may be formed by one or more boards, and the boards may collectively support a radio access network of a single access system (e.g., an LTE network), or may respectively support radio access networks of different access systems (e.g., an LTE network, a 5G network, or other networks). The BBU3200 also includes a memory 3201 and a processor 3202. The memory 3201 is used to store necessary instructions and data. The processor 3202 is configured to control the access network device to perform necessary actions, for example, to control the access network device to perform the operation procedures related to the access network device in the above method embodiments. The memory 3201 and processor 3202 may serve one or more boards. That is, the memory and processor may be provided separately on each board. Multiple boards may share the same memory and processor. In addition, each single board can be provided with necessary circuits.

It should be understood that the access network device 3000 shown in fig. 8 is capable of implementing various processes involving the access network device in the method embodiments of fig. 2-5. The operations and/or functions of the modules in the access network device 3000 are respectively to implement the corresponding flows in the above method embodiments. Specifically, reference may be made to the description of the above method embodiments, and the detailed description is appropriately omitted herein to avoid redundancy.

BBU3200 as described above may be used to perform actions described in previous method embodiments that are implemented internally by the access network device, while RRU 3100 may be used to perform actions described in previous method embodiments that the access network device sends to or receives from the terminal device. Please refer to the description of the previous embodiment of the method, which is not repeated herein.

The embodiment of the application also provides a processing device which comprises a processor and an interface. The processor may be adapted to perform the method of the above-described method embodiments.

It should be understood that the processing means may be a chip. For example, the processing device may be a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a Microcontroller (MCU), a Programmable Logic Device (PLD), or other integrated chips.

In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor. To avoid repetition, it is not described in detail here.

It should be noted that the processor in the embodiments of the present application may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor described above may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), double data rate SDRAM, enhanced SDRAM, SLDRAM, Synchronous Link DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.

According to the method provided by the embodiment of the present application, the present application further provides a computer program product, which includes: computer program code which, when run on a computer, causes the computer to perform a method corresponding to any one of the network elements in any one of the above embodiments.

According to the method provided by the embodiment of the present application, a computer-readable medium is further provided, where the computer-readable medium stores program codes, and when the program codes are run on a computer, the computer is caused to execute a method corresponding to any one of the network elements in any one of the embodiments shown in fig. 2 to 5.

According to the method provided by the embodiment of the present application, the present application further provides a system, which includes the foregoing one or more terminal devices and one or more access network devices.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a Digital Video Disk (DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), among others.

The network device in the foregoing various apparatus embodiments corresponds to the terminal device or the network device in the terminal device and method embodiments, and the corresponding module or unit executes the corresponding steps, for example, the communication unit (transceiver) executes the steps of receiving or transmitting in the method embodiments, and other steps besides transmitting and receiving may be executed by the processing unit (processor). The functions of the specific elements may be referred to in the respective method embodiments. The number of the processors may be one or more.

As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from a component associated with a local system, distributed system, and/or across a network).

In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a alone, both A and B, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c or a-b-c, wherein a, b and c can be single or multiple.

Those of ordinary skill in the art will appreciate that the various illustrative logical blocks and steps (step) described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of data transmission, comprising:

the first access network equipment acquires a first key parameter;

the first access network equipment receives a first message from second access network equipment, wherein the first message is used for indicating that a terminal equipment has moved to the coverage area of the second access network equipment and data needs to be transmitted between the terminal equipment and the second access network equipment;

the first access network equipment sends a first key to the second access network equipment according to the first message, wherein the first key is generated based on the first key parameter;

the first access network equipment assists the second access network equipment and the terminal equipment to carry out data transmission;

and the first access network equipment acquires a second key parameter, wherein the second key parameter is used for the next data transmission of the terminal equipment.

2. The method of claim 1, wherein the first access network device assisting the second access network device and the terminal device in data transmission comprises:

the first access network equipment receives the decrypted uplink data from the terminal equipment from the second access network equipment;

and the first access network equipment sends the decrypted uplink data to core network equipment.

3. The method of claim 1 or 2, wherein the first access network device assisting the second access network device and the terminal device in data transmission comprises:

the first access network equipment receives downlink data from core network equipment;

and the first access network equipment sends the downlink data to the second access network equipment.

4. The method according to any one of claims 1 to 3, wherein the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is connected, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is connected.

5. The method of any of claims 1 to 4, wherein after the first access network device obtains the second key parameter, the method further comprises:

and the first access network equipment sends the second key parameter to the second access network equipment.

6. The method of any of claims 1 to 5, wherein after the first access network device obtains the second key parameter, the method further comprises:

the first access network equipment updates the identification of the terminal equipment;

and the first access network equipment sends the updated identifier of the terminal equipment to the second access network equipment.

7. A method of data transmission, comprising:

the method comprises the steps that a second access network device sends a first message to a first access network device, wherein the first message is used for indicating that a terminal device has moved to the coverage range of the second access network device and data needs to be transmitted between the terminal device and the second access network device;

the second access network device receiving a first key from the first access network device, the first key generated based on the first key parameter;

the second access network equipment adopts the first key to carry out data transmission with the terminal equipment with the assistance of the first access network equipment;

and the second access network equipment receives a second key parameter from the first access network equipment, wherein the second key parameter is used for the next data transmission of the terminal equipment.

8. The method of claim 7, wherein the second access network device performs data transmission with the terminal device with the aid of the first access network device using the first key, and the method comprises:

the second access network equipment receives the encrypted uplink data from the terminal equipment;

the second access network equipment decrypts the encrypted uplink data by adopting the first key to obtain decrypted uplink data;

and the second access network equipment sends the decrypted uplink data to the first access network equipment.

9. The method according to claim 7 or 8, wherein the second access network device performs data transmission with the terminal device with the aid of the first access network device by using the first key, and includes:

the second access network equipment receives downlink data from the first access network equipment;

the second access network equipment encrypts the downlink data by using the first key to obtain encrypted downlink data;

and the second access network equipment sends the encrypted downlink data to the terminal equipment.

10. The method according to any one of claims 7 to 9, wherein the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is connected, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is connected.

11. The method of any of claims 7-10, wherein after the second access network device receives the second key parameter from the first access network device, the method further comprises:

and the second access network equipment sends the second key parameter to the terminal equipment.

12. The method according to any one of claims 7 to 11, further comprising:

the second access network equipment receives the updated identifier of the terminal equipment from the first access network equipment;

and the second access network equipment sends the updated identifier of the terminal equipment to the terminal equipment.

13. An apparatus for data transmission, comprising:

an acquisition unit configured to acquire a first key parameter;

a receiving unit, configured to receive a first message from a second access network device, where the first message is used to indicate that a terminal device has moved into a coverage area of the second access network device and data needs to be transmitted between the terminal device and the second access network device;

a sending unit, configured to send a first key to the second access network device according to the first message, where the first key is generated based on the first key parameter;

the receiving unit and/or the sending unit are further configured to:

assisting the second access network device and the terminal device to perform data transmission;

the acquisition unit is further configured to:

and acquiring a second key parameter, wherein the second key parameter is used for next data transmission of the terminal equipment.

14. The apparatus according to claim 13, wherein the receiving unit is specifically configured to:

receiving the decrypted uplink data from the terminal equipment from the second access network equipment;

the sending unit is specifically configured to:

and sending the decrypted uplink data to core network equipment.

15. The apparatus according to claim 13 or 14, wherein the receiving unit is specifically configured to:

receiving downlink data from core network equipment;

the sending unit is specifically configured to:

and sending the downlink data to the second access network equipment.

16. The apparatus according to any one of claims 13 to 15, wherein the first message carries an identifier of the terminal device and an identifier of a cell of the second access network device to which the terminal device is connected, and the first key is generated according to the first key parameter and the identifier of the cell of the second access network device to which the terminal device is connected.

17. The apparatus according to any of claims 13 to 16, wherein the sending unit is further configured to:

and after acquiring the second key parameter, sending the second key parameter to the second access network equipment.

18. The apparatus of any one of claims 13 to 17, further comprising:

the processing unit is used for updating the identifier of the terminal equipment after the second key parameter is acquired;

the sending unit is further configured to:

and sending the updated identifier of the terminal equipment to the second access network equipment.

19. An apparatus for data transmission, comprising:

a sending unit, configured to send a first message to a first access network device, where the first message is used to indicate that a terminal device has moved into a coverage area of the apparatus and data needs to be transmitted between the terminal device and the apparatus;

a receiving unit, configured to receive a first key from the first access network device, where the first key is generated based on the first key parameter;

the sending unit and/or the receiving unit are further configured to:

adopting the first key to perform data transmission with the terminal equipment with the assistance of the first access network equipment;

the receiving unit is further configured to:

and receiving a second key parameter from the first access network device, wherein the second key parameter is used for the next data transmission of the terminal device.

20. The apparatus according to claim 19, wherein the receiving unit is specifically configured to:

receiving encrypted uplink data from the terminal equipment;

the device further comprises:

the processing unit is used for decrypting the encrypted uplink data by adopting the first secret key to obtain decrypted uplink data;

the sending unit is specifically configured to:

and sending the decrypted uplink data to the first access network equipment.

21. The apparatus according to claim 19 or 20, wherein the receiving unit is specifically configured to:

receiving downlink data from the first access network device;

the device further comprises:

the processing unit is used for encrypting the downlink data by adopting the first secret key to obtain encrypted downlink data;

the sending unit is specifically configured to:

and sending the encrypted downlink data to the terminal equipment.

22. The apparatus according to any of claims 19 to 21, wherein the first message carries an identity of the terminal device and an identity of a cell of the apparatus to which the terminal device is connected, and wherein the first key is generated according to the first key parameter and the identity of the cell of the apparatus to which the terminal device is connected.

23. The apparatus according to any of claims 19 to 22, wherein the sending unit is further configured to:

after receiving the second key parameter from the first access network device, sending the second key parameter to the terminal device.

24. The apparatus according to any one of claims 19 to 23, wherein the receiving unit is further configured to:

receiving the updated identifier of the terminal device from the first access network device;

the sending unit is further configured to:

and sending the updated identifier of the terminal equipment to the terminal equipment.

25. A communication system comprising the apparatus of any of claims 13 to 18 and the apparatus of any of claims 19 to 24.

26. A computer-readable storage medium, having stored thereon a computer program which, when run on a computer, causes the computer to perform the method of any one of claims 1 to 12.

27. A chip system, comprising: a processor for calling and running a computer program from a memory so that a communication device in which the system-on-chip is installed performs the method of any one of claims 1 to 12.