CN114365522A

CN114365522A - Method and communication device for data security processing

Info

Publication number: CN114365522A
Application number: CN201980100287.6A
Authority: CN
Inventors: 许斌; 李秉肇
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2019-09-27
Filing date: 2019-09-27
Publication date: 2022-04-15
Also published as: WO2021056464A1

Abstract

The application provides a method for data security processing and a communication device, wherein the method comprises the following steps: determining a first transmission mode of first data, wherein the first transmission mode is a unicast transmission mode, a multicast transmission mode or at least one of the unicast and multicast transmission modes; and determining a safe processing mode of the first data according to the first transmission mode. The method provided by the application. Configuring one PDCP to be associated with one or more RLC entities, wherein the corresponding transmission mode of one RLC entity is a unicast or multicast transmission mode, and the plurality of RLC entities comprise RLC entities of the unicast transmission mode and the multicast transmission mode. When data transmission is carried out, corresponding safety processing is carried out on the data according to different data transmission modes in the same radio bearer. The data transmission safety is improved, different safety processing processes are realized in the same bearer, the respective safety requirements of data in different transmission modes can be met, and the safety processing flexibility is improved.

Description

Method and communication device for data security processing

Technical Field

The present application relates to the field of communications, and in particular, to a method and a communications apparatus for secure data processing.

Background

Devices that perform wireless communication (e.g., network devices and terminal devices) have a certain protocol stack structure. The protocol stack may include Radio Resource Control (RRC) layer, Packet Data Convergence Protocol (PDCP) layer, Radio Link Control (RLC) layer, Medium Access Control (MAC) layer, and physical layer (PHY) protocol layer. Each layer has a corresponding functional entity to perform a corresponding function, for example, the PDCP layer corresponds to the PDCP entity, the RLC layer corresponds to the RLC entity, and so on. When data transmission is performed between the network device and the terminal device, the data needs to sequentially pass through the protocol layers on the network device and the terminal device and perform corresponding processing on the protocol layers.

The multicast transmission technology is a technology in which a network device transmits data and a plurality of terminal devices simultaneously receive the data, that is, point-to-multipoint transmission. The unicast transmission technology (also referred to as a unicast transmission method) is a technology in which a network device transmits data and only one terminal device receives the data, that is, point-to-point transmission.

In the prior art, when data is transmitted between a network device and a terminal device by using a multicast transmission mode, neither the network device nor the terminal device can perform secure processing on the multicast data. Therefore, security problems may be caused during the transmission of the multicast data, which may cause the multicast data to be tampered or intercepted, thereby affecting the user experience.

Disclosure of Invention

The application provides a method for data security processing and a communication device. One or more RLC entities are associated by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode, and the plurality of RLC entities comprise RLC entities corresponding to the unicast transmission mode and RLC entities of the multicast transmission mode. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And after judging the transmission mode adopted by the data in the same radio bearer, carrying out corresponding safety processing on the data according to different transmission modes. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes are realized in the same bearer, so that respective safety requirements of data in different transmission modes can be met, and the flexibility of safety processing is improved.

In a first aspect, a method for processing data securely is provided, where an execution subject of the method may be either a first device or a second device, or a chip applied to the first device or the second device. Optionally, the first apparatus may be a network device, and the second apparatus may be a terminal device. In the protocol stacks of the first device and the second device, one PDCP entity is associated with one or more RLC entities. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the plurality of RLC entities comprise RLC entities corresponding to the unicast transmission mode and RLC entities corresponding to the multicast transmission mode. The method comprises the following steps: determining a first transmission mode of first data, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode for transmitting by using unicast and multicast; and determining a safe processing mode of the first data according to the first transmission mode.

The first aspect provides a method for data security processing, wherein one or more RLC entities are associated by configuring one PDCP entity. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And according to different transmission modes, corresponding safety processing is carried out on the data. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the first aspect, when the first transmission manner is a unicast transmission manner, the security processing manner of the first data is first security processing; or the like, or, alternatively,

when the first transmission mode is a multicast transmission mode, the security processing mode of the first data is second security processing; or the like, or, alternatively,

when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the security processing mode of the first data is first security processing, the security processing mode of the second data is second security processing, and the second data is obtained by copying the first data.

In a possible implementation manner of the first aspect, the first security processing includes encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm. The second security process is not performed.

In a possible implementation manner of the first aspect, the first security processing includes encrypting and/or integrity protecting data by using a third parameter and/or a third algorithm. The second security process is not performed.

In a possible implementation manner of the first aspect, the first security process is a non-security process. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

In a possible implementation manner of the first aspect, the first security process is a non-security process. The second security process includes encrypting and/or integrity protecting the data using a fourth parameter and/or a fourth algorithm.

In a possible implementation manner of the first aspect, the first security processing includes encrypting and/or integrity protecting the data by using a first parameter and/or a first algorithm, or the first security processing includes decrypting and/or integrity verifying the data by using a third parameter and/or a third algorithm.

The second security process comprises encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm, or the second security process comprises decrypting and/or integrity verifying the data using a fourth parameter and/or a fourth algorithm.

The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different, or alternatively. The third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.

In a possible implementation manner of the first aspect, the first parameter includes a first key, and/or the second parameter includes a second key; alternatively, the third parameter comprises a third key, and/or the fourth parameter comprises a fourth key.

In a possible implementation manner of the first aspect, the first security process may be to encrypt the data by using the first parameter and/or the first algorithm, or the first security process may be to integrity-protect the data by using the first parameter and/or the first algorithm, or the first security process may be to encrypt the data by using the first algorithm and integrity-protect the data by using the first parameter.

In a possible implementation manner of the first aspect, the second security process may be to encrypt the data by using a second parameter and/or a second algorithm, or the second security process may be to integrity-protect the data by using the second parameter and/or the second algorithm, or the second security process may be to encrypt the data by using the second algorithm and integrity-protect the data by using the second parameter.

In a possible implementation manner of the first aspect, the third security process may be to decrypt the data by using a third parameter and/or a third algorithm, or the first security process may be to perform integrity verification on the data by using the third parameter and/or the third algorithm, or the third security process may be to decrypt the data by using the third algorithm and perform integrity verification on the data by using the third parameter.

In a possible implementation manner of the first aspect, the fourth security process may be to decrypt the data by using a fourth parameter and/or a fourth algorithm, or the fourth security process may be to perform integrity verification on the data by using the fourth parameter and/or the fourth algorithm, or the fourth security process may be to decrypt the data by using the fourth algorithm and perform integrity verification on the data by using the fourth parameter.

In a possible implementation manner of the first aspect, the non-security processing may be understood as not decrypting and/or verifying the integrity of the data, but processing the data in another manner. Alternatively, the non-security processing may be no security processing of the data.

In a second aspect, a method for processing data securely is provided, where an execution subject of the method may be the first device or a chip applied to the first device. Optionally, the first apparatus may be a network device, and one PDCP entity is associated with one or more RLC entities in a protocol stack of the first apparatus. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the plurality of RLC entities comprise RLC entities corresponding to the unicast transmission mode and RLC entities corresponding to the multicast transmission mode. The method comprises the following steps: performing first security processing on the first data; performing second security processing on second data, the second data being obtained by copying the first data; and sending the first data after the first security processing according to a first transmission mode of data, and/or sending the second data after the second security processing, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode which uses unicast and multicast for transmission.

The second aspect provides a method for data security processing, wherein one or more RLC entities are associated by configuring one PDCP entity. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is carried out, corresponding safety processing processes are respectively carried out on all possible transmission modes of the data, multiple pieces of data after safety processing are respectively submitted to RLC entities of corresponding transmission modes, finally, the transmission mode adopted by the data is determined through the RLC entities, and the data is sent by utilizing the determined transmission mode. The safety of data transmission is improved. Moreover, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the second aspect, sending the first data after the first security processing and/or sending the second data after the second security processing according to the first transmission manner of the data includes:

when the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

when the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

and when the first data transmission mode is a unicast transmission mode or a multicast transmission mode, sending the first data subjected to the first security processing and the second data subjected to the second security processing.

In a possible implementation manner of the second aspect, the first security processing includes encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm; the second security process is not performed.

In a possible implementation manner of the second aspect, the first security processing is not security processing; the second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

In a possible implementation manner of the second aspect, the first security processing includes encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm; the second security process comprises encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm; the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

In a possible implementation manner of the second aspect, the first parameter includes a first key, and/or the second parameter includes a second key.

In a third aspect, a method for processing data securely is provided, where an execution subject of the method may be the first device or a chip applied to the first device. Optionally, the first apparatus may be a network device, and one PDCP entity in a protocol stack of the first apparatus is associated with one or more RLC entities. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the plurality of RLC entities comprise RLC entities corresponding to the unicast transmission mode and RLC entities corresponding to the multicast transmission mode. The method comprises the following steps: performing first security processing on the first data; determining a first transmission mode of the first data after the first security processing, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode for transmitting by using unicast and multicast; when the first transmission mode is a unicast transmission mode, the first data after the first security processing is sent by utilizing the unicast transmission mode; when the first transmission mode is a multicast transmission mode, the first data after the first security processing is sent by utilizing the multicast transmission mode; when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the unicast transmission mode is used for sending the first data after the first safety processing, and the multicast transmission mode is used for sending third data, wherein the third data is obtained by copying the first data after the first safety processing.

The third aspect provides a method for data security processing, wherein one or more RLC entities are associated by configuring one PDCP entity. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. Moreover, the security processing modes corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device firstly carries out security processing on the data and then sends the data after the security processing according to the transmission mode that the data are not used. The safety of data transmission is improved. The data security processing process in the same bearer can be realized, the security requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the third aspect, the first security processing includes encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm; alternatively, the first security process is not performed.

In a possible implementation manner of the third aspect, the first parameter includes a first key.

It should be understood that, in the data security processing method provided in various aspects of the present application, for the same radio bearer, the unicast transmission manner, the multicast transmission manner, the unicast transmission manner, and the multicast transmission manner may all be understood that one radio bearer supports different transmission manners, or data in one bearer may be transmitted using different transmission manners. This radio bearer may be an existing radio bearer or a new type of radio bearer.

In a fourth aspect, a communication apparatus, which may be a network device or a terminal device, is provided, where one PDCP entity is associated with one or more RLC entities in a protocol stack of the communication apparatus. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

the processing unit is configured to determine a first transmission mode of the first data, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast transmission mode and a multicast transmission mode, and the unicast transmission mode and the multicast transmission mode are transmission modes using unicast and multicast. The processing unit is further configured to determine a secure processing manner for the first data according to the first transmission manner.

The fourth aspect provides a communications apparatus that associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And according to different transmission modes, corresponding safety processing is carried out on the data. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the fourth aspect, when the first transmission manner is a unicast transmission manner, the processing unit determines that the security processing manner of the first data is first security processing; or

When the first transmission mode is a multicast transmission mode, the processing unit determines that the security processing mode of the first data is second security processing; or the like, or, alternatively,

when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the processing unit determines that the security processing mode of the first data is first security processing, the security processing mode of the second data is second security processing, and the second data is obtained by copying the first data.

In a possible implementation manner of the fourth aspect, the first security processing includes encrypting and/or integrity protecting data by using the first parameter and/or the first algorithm. The second security process is not performed.

In a possible implementation manner of the fourth aspect, the first security processing includes encrypting and/or integrity protecting data by using a third parameter and/or a third algorithm. The second security process is not performed.

In a possible implementation manner of the fourth aspect, the first security process is a security process. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

In a possible implementation manner of the fourth aspect, the first security process is a security process. The second security process includes encrypting and/or integrity protecting the data using a fourth parameter and/or a fourth algorithm.

In a possible implementation manner of the fourth aspect, the first security processing includes encrypting and/or integrity protecting the data by using a first parameter and/or a first algorithm, or the first security processing includes decrypting and/or integrity verifying the data by using a third parameter and/or a third algorithm;

The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or the third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.

In a possible implementation manner of the fourth aspect, the first parameter includes a first key, and/or the second parameter includes a second key; alternatively, the third parameter comprises a third key, and/or the fourth parameter comprises a fourth key.

In a fifth aspect, a communications apparatus, which may be a network device, is provided, where one PDCP entity is associated with one or more RLC entities in a protocol stack of the communications apparatus. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

and the processing unit is used for carrying out first safety processing on the first data.

The processing unit is further configured to perform a second security process on second data, where the second data is obtained by copying the first data.

A transceiving unit, configured to send the first data after the first security processing and/or send the second data after the second security processing according to a first transmission mode of data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.

The fifth aspect provides a communications apparatus that associates one or more RLC entities by configuring one PDCP entity. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is carried out, corresponding safety processing processes are respectively carried out on all possible transmission modes of the data, multiple pieces of data after safety processing are respectively submitted to RLC entities of corresponding transmission modes, finally, the transmission mode adopted by the data is determined through the RLC entities, and the data is sent by utilizing the determined transmission mode. The safety of data transmission is improved. Moreover, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the fifth aspect, the transceiver unit is further configured to;

In one possible implementation manner of the fifth aspect, the first security process includes encrypting and/or integrity protecting data by using the first parameter and/or the first algorithm. The second security process is not performed.

In a possible implementation manner of the fifth aspect, the first security process is a non-security process. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

In one possible implementation manner of the fifth aspect, the first security process includes encrypting and/or integrity protecting data by using the first parameter and/or the first algorithm. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm. The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

In a possible implementation manner of the fifth aspect, the first parameter includes a first key, and/or the second parameter includes a second key.

In a sixth aspect, a communications apparatus is provided, which can be a network device, and a PDCP entity is associated with one or more RLC entities in a protocol stack of the communications apparatus. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

and the processing unit is used for carrying out first safety processing on the first data. The processing unit is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.

And the transceiver unit is used for sending the first data after the first security processing by utilizing the unicast transmission mode when the first transmission mode is the unicast transmission mode. The transceiver unit is further configured to send the first data after the first security processing by using a multicast transmission mode when the first transmission mode is the multicast transmission mode.

The transceiver unit is further configured to send the first data after the first security processing by using the unicast transmission method and send third data by using the multicast transmission method when the first transmission method is a unicast and multicast transmission method, where the third data is obtained by copying the first data after the first security processing.

A sixth aspect provides a communications apparatus that associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. Moreover, the security processing modes corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device firstly carries out security processing on the data and then sends the data after the security processing according to the transmission mode that the data are not used. The safety of data transmission is improved. The data security processing process in the same bearer can be realized, the security requirements of data in different transmission modes are met, and the communication efficiency is improved.

In a possible implementation manner of the sixth aspect, the first security processing includes encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm; alternatively, the first security process is not performed.

In one possible implementation of the sixth aspect, the first parameter includes a first key.

In a seventh aspect, a communication device is provided, which includes at least one processor and a memory, the at least one processor being configured to perform the method of the first aspect above or any possible implementation manner of the first aspect.

In an eighth aspect, there is provided a communications apparatus comprising at least one processor and a memory, the at least one processor being configured to perform the method of any possible implementation manner of the above first to third aspects, or the first to third aspects.

In a ninth aspect, there is provided a communications apparatus comprising at least one processor configured to perform the method of the first aspect above or any possible implementation manner of the first aspect, and an interface circuit.

In a tenth aspect, there is provided a communications apparatus comprising at least one processor configured to perform the method of the first to third aspects above, or any possible implementation manner of the first to third aspects, and an interface circuit.

In an eleventh aspect, a terminal device is provided, where the terminal device includes the communication apparatus provided in the fourth aspect, or the terminal device includes the communication apparatus provided in the seventh aspect, or the terminal device includes the communication apparatus provided in the ninth aspect.

In a twelfth aspect, a network device is provided, where the network device includes the communication apparatus provided in the fourth aspect to the sixth aspect, or the network device includes the communication apparatus provided in the eighth aspect, or the network device includes the communication apparatus provided in the tenth aspect.

In a thirteenth aspect, a computer program product is provided, the computer program product comprising a computer program for performing, or performing a method of any of the possible implementations of the first to third aspects, when the computer program is executed by a processor.

In a fourteenth aspect, a computer-readable storage medium is provided, in which a computer program is stored, which, when executed, is configured to perform the method of the first to third aspects, or any possible implementation manner of the first to third aspects.

In a fifteenth aspect, a communication system is provided, which comprises the terminal device and the network device described above.

In a sixteenth aspect, there is provided a chip comprising: a processor configured to call and run a computer program from a memory, so that a communication device in which the chip is installed executes a method in any possible implementation manner of the first aspect to the third aspect, or the second aspect or any possible implementation manner of the second aspect.

In a seventeenth aspect, a method for acquiring system information is provided, where the method includes: the method comprises the steps that a terminal device receives first indication information from a network device, wherein the first indication information is used for indicating other system information OSI updates, and the OSI comprises at least one system information block SIB; the first indication information comprises a content version valueTag of at least one SIB; the terminal equipment determines SIBs needing updating.

In one possible implementation, the first indication includes the valueTag of all SIBs in the OSI.

In one possible implementation, the first indication information includes a valueTag of a partial SIB in OSI.

In a possible implementation manner, the terminal device sends a request message to the network device, where the request message is used to request an SIB requiring updating.

The method may be performed by a first communication device, which may be a communication apparatus or a communication device, such as a system-on-a-chip, capable of supporting the communication apparatus to implement the functionality required for the method. Illustratively, the communication device is a terminal device.

In an eighteenth aspect, a method for sending system information is provided, where the method includes: the network equipment sends first indication information to the terminal equipment, wherein the first indication information is used for indicating other system information OSI updates, and the OSI comprises at least one system information block SIB; the first indication information comprises a content version valueTag of at least one SIB;

In one possible implementation, the network device receives a request message from the terminal device, where the request message is used to request a SIB requiring updating.

The method may be performed by a second communication device, which may be a terminal or a communication device capable of supporting the terminal to perform the functions required by the method, but may also be other communication devices, such as a system-on-chip. Here, the second communication apparatus is taken as an example of a network device.

In a nineteenth aspect, an embodiment of the present application provides a communication apparatus, including a transceiver unit and a processing unit, where:

the receiving and sending unit is configured to receive first indication information from a network device, where the first indication information is used to indicate OSI update of other system information, and the OSI includes at least one system information block SIB; the first indication information comprises a content version valueTag of at least one SIB;

the processing unit is used for determining SIB needing to be updated;

in a possible implementation manner, the transceiver unit is further configured to send a request message to the network device, where the request message is used to request an SIB requiring updating.

In a twentieth aspect, an embodiment of the present application provides a communication apparatus, including a transceiver unit, where:

the receiving and sending unit is used for sending first indication information to the terminal equipment, the first indication information is used for indicating other system information OSI update, and the OSI comprises at least one system information block SIB; the first indication information includes a content version valueTag of at least one SIB.

In a possible implementation manner, the transceiver unit is further configured to receive a request message from the terminal device, where the request message is used to request an SIB requiring updating.

A twenty-first aspect provides a communication device comprising at least one processor and a memory, the at least one processor being configured to perform the method of any possible implementation of the seventeenth aspect or the seventeenth aspect above.

In a twenty-second aspect, there is provided a communications apparatus comprising at least one processor and a memory, the at least one processor being configured to perform the method of the eighteenth aspect above, or any possible implementation manner of the eighteenth aspect.

A twenty-third aspect provides a communication device comprising at least one processor configured to perform the method of any possible implementation of the seventeenth aspect or the seventeenth aspect above, and an interface circuit.

A twenty-fourth aspect provides a communication apparatus comprising at least one processor configured to perform the method of the eighteenth aspect above, or any possible implementation form of the eighteenth aspect.

A twenty-fifth aspect provides a terminal device, where the terminal device includes the communication apparatus provided in the nineteenth aspect, or the terminal device includes the communication apparatus provided in the twenty-first aspect, or the terminal device includes the communication apparatus provided in the twenty-third aspect.

A twenty-sixth aspect provides a network device, where the network device includes the communication apparatus provided in the twentieth aspect, or the network device includes the communication apparatus provided in the twenty-second aspect, or the network device includes the communication apparatus provided in the twenty-fourth aspect.

A twenty-seventh aspect provides a computer program product comprising a computer program for performing the method of the seventeenth to eighteenth aspects, or any possible implementation form of the seventeenth to eighteenth aspects, when the computer program is executed by a processor.

A twenty-eighth aspect provides a computer-readable storage medium having stored thereon a computer program for performing, when executed, the method of the seventeenth aspect to the eighteenth aspect, or any possible implementation manner of the seventeenth aspect to the eighteenth aspect.

In a twenty-ninth aspect, a communication system is provided, which includes the terminal device and the network device described above.

In a thirtieth aspect, there is provided a chip comprising: a processor for calling and running the computer program from the memory so that the communication device on which the chip is installed performs the method of the seventeenth aspect to the eighteenth aspect, or any possible implementation manner of the seventeenth aspect to the eighteenth aspect.

The embodiment of the application provides a method for data security processing, and for the same radio bearer, one or more RLC entities are associated by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And after judging the transmission mode adopted by the data in the same radio bearer, carrying out corresponding safety processing on the data according to different transmission modes. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes are realized in the same bearer, so that respective safety requirements of data in different transmission modes can be met, and the flexibility of safety processing is improved.

Drawings

Fig. 1 is a schematic diagram of data transmission at various layers of a protocol stack.

Fig. 2 is a schematic diagram of a protocol stack structure when data is transmitted between a network device and a terminal device by using a multicast transmission method.

Fig. 3 is a schematic diagram illustrating an architecture of a mobile communication system according to an embodiment of the present application.

Fig. 4 is a schematic interaction diagram of an example of a method for data security processing according to an embodiment of the present application.

[ correction 24.10.2019 according to rules 91 ]

Fig. 5 is a schematic diagram of an example of a protocol stack architecture of a first device according to an embodiment of the present application.

Fig. 6 is a schematic diagram of a protocol stack architecture of another example of the first device according to the embodiment of the present application.

Fig. 7 is a schematic diagram of an example of a protocol stack architecture of a second device according to an embodiment of the present application.

Fig. 8 is a schematic diagram of a protocol stack architecture of another example of the second device according to the embodiment of the present application.

Fig. 9 is a schematic diagram illustrating an example of a first device sending first data to a second device according to an embodiment of the present application.

Fig. 10 is a schematic diagram illustrating another example of a first device sending first data to a second device according to an embodiment of the present application.

Fig. 11 is a schematic interaction diagram of another method for data security processing according to an embodiment of the present application.

Fig. 12 is a schematic interaction diagram of another method for data security processing according to an embodiment of the present application.

Fig. 13 is a schematic diagram of an example of a protocol stack structure according to an embodiment of the present application.

Fig. 14 is a schematic diagram of another example of a protocol stack structure according to an embodiment of the present application.

Fig. 15 is a schematic diagram of another example of a protocol stack structure according to an embodiment of the present application.

Fig. 16 is a schematic block diagram of an example of a communication apparatus according to an embodiment of the present application.

Fig. 17 is a schematic block diagram of another example of a communication device provided in an embodiment of the present application.

Fig. 18 is a schematic block diagram of an example of a communication apparatus according to an embodiment of the present application.

Fig. 19 is a schematic block diagram of another example of a communication device according to an embodiment of the present application.

Fig. 20 is a schematic block diagram of a communication device provided in an embodiment of the present application.

Fig. 21 is a schematic block diagram of another example of a communication device provided in an embodiment of the present application.

Fig. 22 is a schematic block diagram of a terminal device provided in an embodiment of the present application.

Fig. 23 is a schematic block diagram of another example of a terminal device provided in an embodiment of the present application.

Fig. 24 is a schematic block diagram of a network device provided in an embodiment of the present application.

Fig. 25 is a schematic block diagram of BWP provided in the embodiments of the present application.

Fig. 26 is a schematic interaction diagram of a system information acquisition method according to an embodiment of the present application.

Detailed Description

The technical solution in the present application will be described below with reference to the accompanying drawings.

The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Global System for Mobile communications (GSM) System, a Code Division Multiple Access (CDMA) System, a Wideband Code Division Multiple Access (WCDMA) System, a General Packet Radio Service (GPRS), a Long Term Evolution (Long Term Evolution, LTE) System, an LTE Frequency Division Duplex (FDD) System, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication System, a future fifth Generation (5G) System, or a New Radio Network (NR), etc.

In addition, various aspects or features of the present application may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. The term "article of manufacture" as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer-readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips, etc.), optical disks (e.g., Compact Disk (CD), Digital Versatile Disk (DVD), etc.), smart cards, and flash memory devices (e.g., erasable programmable read-only memory (EPROM), card, stick, or key drive, etc.). In addition, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" can include, without being limited to, wireless channels and various other media capable of storing, containing, and/or carrying instruction(s) and/or data.

In order to facilitate understanding of the embodiments of the present application, some terms of the embodiments of the present application are explained below to facilitate understanding by those skilled in the art.

1) The network device has a device capable of providing a random access function for the terminal device or a chip that can be set in the device, and the device includes but is not limited to: evolved Node B (eNB), Radio Network Controller (RNC), Node B (NB), Base Station Controller (BSC), Base Transceiver Station (BTS), home base station (e.g., home evolved Node B, or home Node B, HNB), baseband unit (BBU), wireless fidelity (WIFI) system Access Point (AP), wireless relay Node, wireless backhaul Node, transmission point (TRP or transmission point, TP), etc., and may also be 5G, such as NR, a gbb in the system, or a transmission point (TRP or TP), a set (including multiple antennas) of a base station in the 5G system, or a panel of a base station (including multiple antennas, or a BBU) in the 5G system, or a Distributed Unit (DU), etc.

2) A terminal, also referred to as User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), etc., is a device that provides voice and/or data connectivity to a user. For example, the terminal device includes a handheld device, an in-vehicle device, and the like having a wireless connection function. Currently, the terminal device may be: a mobile phone (mobile phone), a tablet computer, a notebook computer, a palm top computer, a Mobile Internet Device (MID), a wearable device, a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (smart security), a wireless terminal in city (smart city), a wireless terminal in smart home (smart home), and the like.

3) The multicast transmission technology may also be referred to as a Multimedia Broadcast Multicast Service (MBMS) technology, or may also be referred to as a multicast transmission mode, and refers to a technology in which a certain service transmits data to a plurality of terminal devices through a network device at the same time. In transmission using multicast technology, a network device (e.g., a base station) transmits the same data, and multiple terminal devices receive the same data simultaneously. Currently, multicast transmission techniques are mainly divided into two types: multimedia broadcast multicast single frequency network service (MBSFN) and single cell point to multipoint service (SC-PTM). The MBSFN scheme is to transmit the same information to a plurality of terminal equipments simultaneously in a plurality of cells (e.g., a plurality of base stations) synchronized with each other in the MBSFN area, and the terminal equipments appear to receive a single superimposed data, so that the strength of a received signal can be improved and interference between cells can be eliminated. The SC-PTM scheme means that MBMS services are transmitted only through one cell (e.g., one base station), and one network device performs group scheduling on multiple terminal devices at the same time.

4) The transmission by multicast transmission means is: when a certain device sends a Transport Block (TB) corresponding to a Protocol Data Unit (PDU), a packet radio network temporary identifier (G-RNTI) is adopted to scramble the PDU, or Downlink Control Information (DCI) corresponding to the PDU is scrambled, and one or more devices receive the same PDU according to the same G-RNTI; or transmitting the PDU in a multicast manner may refer to telling a plurality of devices about the location of the same PDU in a semi-static manner, and the plurality of devices may receive the PDU at the same time; or transmitting a PDU in a multicast manner may refer to the PDU being transmitted in a radio bearer established for multicast transmission or in a channel specifically designed for multicast.

The receiving in the multicast transmission mode means that when the transmitting is carried out in the multicast mode, one of the plurality of receiving devices receives the PDU according to the G-RNTI; or one of the plurality of receiving devices receives the PDU over a radio bearer established for the multicast transmission or over a channel used for the multicast transmission.

In the present application, multicast is a specific form of multicast, and therefore, multicast may also be referred to as multicast.

The multicast transmission mode may include transmission in a multicast mode and reception in a multicast mode.

5) The sending by unicast (unicast) transmission mode is as follows: when a certain device sends a TB corresponding to the PDU, a cell network temporary identifier (C-RNTI) is adopted to scramble the PDU or scramble DCI corresponding to the PDU, and only one device receives the same PDU according to the C-RNTI; or transmitting a PDU in unicast may refer to the PDU being transmitted in a radio bearer established for unicast transmission or in a channel specifically designed for unicast.

The receiving in the unicast transmission mode refers to that when the PDU is sent in the unicast mode, the receiving device receives the PDU according to the C-RNTI; or the one device receives over a radio bearer established for unicast transmission or receives on a channel for unicast transmission.

The unicast transmission mode may include transmission in a unicast mode and reception in a unicast mode.

6) The sending and receiving by broadcast (broadcast) transmission means: a certain device transmits a TB corresponding to the PDU on a broadcast channel, and all receiving devices can receive the PDU on the broadcast channel.

Between the network device and the terminal device, the MBMS service may be sent to the terminal device in a unicast transmission manner by establishing a dedicated radio bearer for the terminal device, or may be sent to the terminal device in a multicast transmission manner by establishing a dedicated multicast radio bearer for the MBMS. When a plurality of terminal devices need to receive a certain MBMS service, if the MBMS service is transmitted in a unicast transmission mode, dedicated radio bearers need to be established for a large number of terminal devices, and a large amount of resources are consumed; if the MBMS service is transmitted to the UE in a multicast transmission manner, all the terminal devices interested in the MBMS service can receive the MBMS service only by establishing a multicast radio bearer dedicated to the MBMS service. When a plurality of terminal devices are interested in the same service, the network device can send the service to the plurality of terminal devices in a multicast transmission mode, so that network resources can be saved. The radio bearer may be understood as a channel for data transmission, and may include a PDCP (layer) entity and an RLC (layer) entity, and data needs to be processed by the PDCP entity and the RLC entity when being transmitted in the radio bearer. In addition, the data in the radio bearer in the present application may be sent by using a plurality of transmission methods, including but not limited to a unicast transmission method, a multicast transmission method, and a transmission method of unicast and multicast simultaneous transmission, and switching between different transmission modes may be performed. Unless otherwise indicated, the technical solutions of the present application are all for the same radio bearer.

Devices that communicate with each other (e.g., network devices and terminal devices) have a certain protocol stack structure. For example, the control plane protocol stack structure may include the functions of protocol layers such as the RRC layer, PDCP layer, RLC layer, MAC layer, and physical layer. The user plane protocol stack structure may include functions of protocol layers such as a PDCP layer, an RLC layer, a MAC layer, and a physical layer. The physical layer is located at the lowest layer (layer one), the MAC layer, the RLC layer, and the PDCP layer belong to the intermediate layer (layer two), and the RRC layer belongs to the higher layer (layer three). In one implementation, a Service Data Adaptation (SDAP) layer may be further included above the PDCP layer and below the RRC layer.

The functions of these protocol layers may be implemented by one node, or may be implemented by a plurality of nodes; for example, in an evolved architecture, a radio access network device may include a Centralized Unit (CU) and a Distributed Unit (DU), and a plurality of DUs may communicate with one CU. The CU and the DU have a part of a protocol stack structure for wireless communication, for example, functions of a PDCP layer and protocol layers above the PDCP layer are provided in the CU, and functions of protocol layers below the PDCP layer, for example, functions of an RLC layer and a MAC layer, are provided in the DU.

It should be understood that this division of the protocol layers is only an example, and the division may also be performed at other protocol layers, such as the RLC layer, where the functions of the RLC layer and the protocol layers above are set in the CU, and the functions of the protocol layers below the RLC layer are set in the DU; alternatively, the functions are divided into some protocol layers, for example, a part of the functions of the RLC layer and the functions of the protocol layers above the RLC layer are provided in the CU, and the remaining functions of the RLC layer and the functions of the protocol layers below the RLC layer are provided in the DU. In addition, the processing time may be divided in other manners, for example, by time delay, a function that needs to satisfy the time delay requirement for processing is provided in the DU, and a function that does not need to satisfy the time delay requirement is provided in the CU.

When a network device and a terminal device perform data transmission, taking uplink data transmission as an example, as shown in fig. 1, fig. 1 is a schematic diagram of data transmission in each layer of a protocol stack. The data firstly goes to the PDCP layer of the terminal equipment, is transmitted to the RLC layer and the MAC layer after being processed by the PDCP layer, and is sent to the network equipment through the physical layer after being processed by the RLC layer and the MAC layer. When the network equipment receives data, the protocol layers which sequentially pass through are a physical layer, an MAC layer, an RLC layer and a PDCP layer. For data in each radio bearer, processing through the respective layers is required. Each layer has a corresponding functional entity to perform a corresponding function, for example, the PDCP layer corresponds to the PDCP entity, the RLC layer corresponds to the RLC entity, and the MAC layer corresponds to the MAC entity. Each radio bearer comprises one or more PDCP entities and one or more RLC entities, and each RLC entity corresponds to one logical channel. One MAC entity corresponds to a plurality of logical channels, and data in different logical channels can be multiplexed in the MAC layer, for example, multiplexed in the same MAC PDU in the MAC layer, and finally transmitted through the physical layer. The transmission process for the downlink data is also similar.

For data in a conventional unicast radio bearer, the PDCP entity performs full processing on the data while passing through the PDCP layer. The associated security processing includes at least encryption/decryption and integrity protection/integrity verification processes. The device sending data in the unicast radio bearer and the device receiving data in the unicast radio bearer perform security processing in the PDCP layer for the unicast radio bearer. For devices (e.g., network devices) transmitting the unicast radio bearer, the data packet is encrypted and/or integrity protected, and for devices (e.g., terminal devices) receiving the data in the unicast radio bearer, the data packet is decrypted and/or integrity verified accordingly.

Wherein, the encryption process is as follows: the sending end equipment converts data into ciphertext through operation by using parameters such as a secret key and the like through an encryption algorithm. The decryption process comprises the following steps: the receiving end equipment converts the ciphertext into data through inverse operation by using parameters such as a secret key and the like through a corresponding decryption algorithm.

The integrity protection process comprises the following steps: the sending end equipment calculates a parameter A through an integrity protection algorithm according to parameters such as the data packet, the secret key and the like, and informs the receiving end equipment of the parameter A. The integrity verification process comprises the following steps: and the receiving terminal equipment calculates a parameter B through an integrity verification algorithm according to parameters such as the data packet, the secret key and the like, and if the parameter A is consistent with the parameter B, the integrity verification is passed.

At present, for data in a conventional multicast radio bearer or when data is transmitted between a network device and a terminal device by using a multicast transmission method, as shown in fig. 2, fig. 2 is a schematic diagram of a protocol stack structure when data is transmitted between a network device and a terminal device by using a multicast transmission method. It can be seen that, the protocol stack has no PDCP layer, so that, in the conventional transmission, the multicast data does not pass through the PDCP layer, and neither the network device nor the terminal device can perform security processing on the data in the multicast radio bearer or the data transmitted in the multicast transmission mode.

The multicast data packet directly passes through an RLC layer and an MAC layer of the network equipment and is finally sent out through a physical layer. A plurality of terminal apparatuses (for example, terminal apparatus 1 and terminal apparatus 2) receive the multicast data, and transmit the multicast data to a higher layer through processing of a physical layer, an MAC layer, and an RLC layer in this order.

For data in a conventional multicast radio bearer or data sent in a multicast transmission manner, a network device and a terminal device do not perform a security processing process, and a security problem may be caused in the transmission process of the multicast data, so that the multicast data is tampered or eavesdropped, and user experience is affected.

In view of the above, the present application provides a method for data transmission, which associates one or more RLC entities by configuring one PDCP entity. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And after judging the transmission mode adopted by the data in the same radio bearer, carrying out corresponding safety processing on the data according to different transmission modes. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes are realized in the same bearer, so that respective safety requirements of data in different transmission modes can be met, and the flexibility of safety processing is improved.

For the understanding of the embodiments of the present application, a communication system suitable for the embodiments of the present application will be briefly described with reference to fig. 3.

Fig. 3 is a schematic diagram of a communication system suitable for use with embodiments of the present application. As shown in fig. 3, the mobile communication system 100 may include at least one radio access network device 110 and at least one terminal device (e.g.,

terminal devices

120, 130, 140, 150, 160 shown in fig. 3). The terminal device is connected with the radio access network device in a wireless manner, and the radio access network device may be the network device. At least one terminal device may send uplink data or information to the radio access network device, and the radio access network device 110 may also utilize the method for data security processing provided in the present application in the process of sending downlink data or information to at least one terminal device. Also, a plurality of terminal devices may constitute one communication system, for example, the

terminal devices

140, 150, and 160 may constitute one communication system. For example, the terminal device 140 may also utilize the method for data security processing provided in the present application in the process of sending data or information to the terminal devices 150 and/or 160. Uplink and downlink data and information related to the URLLC service can be transmitted between the terminal equipment and the radio access network equipment.

It should be understood. Fig. 3 is a schematic diagram, and other network devices and/or terminal devices, which are not shown in fig. 3, may be included in the communication system. The embodiment of the present application does not limit the number of the radio access network devices and the terminals included in the mobile communication system. In the mobile communication system 100, the radio access network device 110 may be the network device described above. And, the communication between the network device and the terminal device follows a certain protocol stack structure. The network device may be an integrated gNB, or may include a CU and a DU, which may be separately or collectively configured. The embodiments of the present application are not limited thereto.

The method for data security processing provided by the present application is described in detail below with reference to fig. 4, where fig. 4 is a schematic flow chart of a method 200 for data security processing according to an embodiment of the present application, and the method 200 may be applied in the scenario shown in fig. 3, for example, the scenario of transmission by using multicast transmission and/or transmission by using unicast transmission. The embodiments of the present application are not limited thereto.

It should be understood that in the following description, the method of each embodiment is explained by taking the first apparatus and the second apparatus as the execution subjects of the execution method of each embodiment as an example. The first device may be the access network device described above, the second device may be the terminal device described above, and the execution subject of the execution method may also be a chip applied to the first device and the second device by way of example and not limitation.

As shown in fig. 4, the method 200 shown in fig. 4 may include steps S210 to S250. The various steps in method 200 are described in detail below in conjunction with fig. 4. The method 200 comprises:

s210, the first device determines a first transmission mode of the first data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode using unicast and multicast for transmission.

S220, the first device determines a safe processing mode of the first data according to the first transmission mode.

And S230, the first device sends the first data after the safety processing to the second device according to the first transmission mode. Accordingly, the second device receives the data transmitted by the first device.

S240, the second device determines a first transmission mode of the received data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode.

And S250, the second device determines a safe processing mode of the received data according to the first transmission mode.

Specifically, in the embodiment of the present application, one PDCP entity (hereinafter, referred to as "first PDCP entity") in the protocol stack of the first device is associated with one or more RLC entities. The association of the one or more RLC entities with the first PDCP entity may be understood as that the first PDCP entity and the one or more RLC entities belong to the same radio bearer, or that the configuration of the first PDCP entity and the configuration of the one or more RLC entities have the same Identifier (ID), which may be a radio bearer identifier. Wherein, one RLC entity corresponds to one logical channel. In the description of the embodiments of the present application, "RLC entity" and "logical channel" may be regarded as equivalent concepts, and may be replaced with each other, for example, it may also be described that one PDCP entity associates one or more logical channels, or the configuration of the first PDCP entity and the configuration of the one or more logical channels include the same ID. Other descriptions for RLC entities also apply to logical channel concepts; it may also be considered that the logical channel concept encompasses the concept of an RLC entity, or that the logical channel may be considered as an interface or a channel connecting the RLC entity to the MAC entity. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode.

For convenience of description, in an embodiment of the present application, the plurality of RLC entities associated with the first PDCP in the first apparatus may include a first RLC entity and a second RLC entity. The first RLC entity corresponds to a unicast transmission mode, and the second RLC entity corresponds to a multicast transmission mode. The first RLC entity corresponds to a unicast transmission mode, which may be understood as that data in the first RLC entity is transmitted by using a unicast transmission mode. The second RLC entity corresponds to a multicast transmission mode, which may be understood as that data in the second RLC entity is transmitted by using a multicast transmission mode. The unicast transmission mode corresponding to the first RLC entity may also be referred to as that the type of the first RLC entity is a unicast type, or that the type of the logical channel corresponding to the first RLC entity is a unicast logical channel type. The unicast RLC entity may be understood as data in the first RLC entity being sent in a unicast manner, and the unicast logical channel type may be understood as data in a logical channel corresponding to the first RLC entity being sent in a unicast manner. Fig. 5 is a schematic diagram of an example of a protocol stack architecture of a first device according to an embodiment of the present application. As shown in fig. 5, the first PDCP entity of the first device associates 3 RLC entities, wherein the first and third RLC entities are of a unicast type, and the second RLC entity is of a multicast type. The direction of the arrows in fig. 5 is the direction of data transmission when the first device transmits data.

For convenience of description, in the embodiment of the present application, one RLC entity associated with the first PDCP in the first apparatus may be referred to as a third RLC entity. The third RLC entity corresponds to a unicast transmission mode, or the third RLC entity corresponds to a multicast transmission mode. That is, the third RLC entity performs data transmission in a time division manner, and performs unicast transmission at some times and performs multicast transmission at other times. That is, for the third RLC entity, only unicast transmission mode or multicast transmission mode can be used at a certain time. Fig. 6 is a schematic diagram of an example of a protocol stack architecture of a first device according to an embodiment of the present application. As shown in fig. 6, the first PDCP entity of the first device associates 1 RLC entity (third RLC entity). The direction of the arrows in fig. 6 is the direction of data transmission when the first device transmits data.

Similar to the first apparatus, one PDCP entity (hereinafter "second PDCP entity") in the protocol stack of the second apparatus is associated with one or more RLC entities. For convenience of description, in the embodiment of the present application, the plurality of RLC entities associated with the second PDCP in the second device includes a fourth RLC entity and a fifth RLC entity. The fourth RLC entity corresponds to a unicast transmission mode, and the fifth RLC entity corresponds to a multicast transmission mode. The fourth RLC entity corresponds to the unicast transmission mode, that is, data received in the fourth RLC entity is received in the unicast mode, or data received in a logical channel corresponding to the fourth RLC entity is received in the unicast mode, that is, the physical layer entity and the MAC layer entity in the second apparatus need to deliver the data received in the unicast transmission mode to the fourth RLC entity. The fifth RLC entity corresponds to the multicast transmission mode, that is, data received in the fifth RLC entity is received in the multicast mode, or data received in a logical channel corresponding to the fifth RLC entity is received in the multicast mode, that is, the physical layer entity and the MAC layer entity in the second apparatus need to deliver the data received in the multicast transmission mode to the fifth RLC entity. Fig. 7 is a schematic diagram of an example of a protocol stack architecture of a second device according to an embodiment of the present application. As shown in fig. 7, the second PDCP entity of the second device associates 3 RLC entities, wherein the first and third RLC entities are of a unicast type, and the second RLC entity is of a multicast type. The direction of the arrows in fig. 7 is the direction of data transmission when the second device receives data.

For convenience of description, in the embodiment of the present application, one RLC entity associated with the second PDCP entity in the second device may be referred to as a sixth RLC entity. The sixth RLC entity corresponds to a unicast transmission mode, or the sixth RLC entity corresponds to a multicast transmission mode. That is, the sixth RLC entity adopts a time division manner, a unicast transmission manner is adopted at some times, and a multicast transmission manner is adopted at other times. Fig. 8 is a schematic diagram of an example of a protocol stack architecture of a second device according to an embodiment of the present application. As shown in fig. 8, the second PDCP entity of the second device is associated with 1 RLC entity (sixth RLC entity). The sixth RLC entity corresponds to a unicast transmission mode, or the sixth RLC entity corresponds to a multicast transmission mode. The direction of the arrows in fig. 8 is the direction of data transmission when the second device receives data.

It should be understood that the number of the first RLC entities may be only one, or there may be a plurality of first RLC entities. Similarly, the number of the second RLC entity, the fourth RLC entity and the fifth RLC entity may be one or more.

It should also be understood that fig. 5 to 8 are only exemplary, and should not limit the number of RLC entities and the number of unicast RLC entities in the embodiment of the present application, nor should any limit be imposed on the protocol stack structures of the first device and the second device.

In S210, when the first device has data (taking the first data as an example) to transmit to the second device, the first device may determine a first transmission mode of the first data, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast transmission mode and a multicast transmission mode. Alternatively, if the access network device employs a CU and DU split setup mode, the first means in the method 200 may be a CU. It is assumed that which transmission scheme is used is determined by the PDCP layer (or CU) of the first device. For example, it may be that the PDCP layer of the first apparatus determines or judges the first transmission manner of the first data. Namely, the PDCP layer (CU) determines a first transmission mode of the first data among a unicast transmission mode, a multicast transmission mode, a unicast and multicast transmission mode.

These three data transmission methods are described below.

The first method comprises the following steps: unicast transmission mode (or may be referred to as unicast transmission mode only). And under the condition that the first PDCP and the second PDCP are both associated with a plurality of RLC entities, namely, the data of the first PDCP entity is only delivered to the first RLC entity, and the data in the logical channel corresponding to the first RLC entity is sent to the second device in a unicast mode to be received. Specifically, the data is delivered to the physical layer after being packed in the MAC layer, and scrambled by a Radio Network Temporary Identity (RNTI) corresponding to the first RLC entity in the physical layer, for example, the C-RNTI, and sent to the second device. The second apparatus receives the data according to the assigned or predefined RNTI corresponding to the first RLC entity or used to receive the unicast data, and delivers the received data of the unicast transmission mode to the fourth RLC entity.

And under the condition that the first PDCP and the second PDCP are respectively associated with only one RLC entity, namely the data of the first PDCP entity is delivered to a third RLC entity, the data in the logic channel corresponding to the third RLC entity is sent to the second device in a unicast mode to be received. And the second device receives the data according to the allocated or predefined C-RNTI corresponding to the third RLC entity or used for receiving the unicast data and delivers the received data of the unicast transmission mode to the sixth RLC entity.

And the second method comprises the following steps: multicast transmission (or may be referred to as using multicast transmission only). For the case that the first PDCP entity and the second PDCP entity are both associated with multiple RLC entities, the data of the first PDCP entity is only delivered to the second RLC entity. And transmitting the data in the logical channel corresponding to the second RLC entity to a plurality of devices in a multicast mode to receive, wherein the plurality of devices comprise the second device. Specifically, after being packed in the MAC layer, the data is delivered to the physical layer, scrambled by an RNTI corresponding to the second RLC entity, for example, a G-RNTI, in the physical layer, and transmitted to and received by the plurality of devices. The second device receives the data according to the assigned or predefined RNTI corresponding to the second RLC entity or used for receiving the multicast data, and delivers the received data of the multicast transmission mode to the fifth RLC entity.

And in the case that the first PDCP entity and the second PDCP entity are respectively associated with only one RLC entity, that is, the data in the logical channel to which the data of the first PDCP entity is delivered to the third RLC entity is sent to a plurality of devices in a multicast manner to be received, wherein the plurality of devices include the second device. Specifically, after being packed in the MAC layer, the data is delivered to the physical layer, scrambled by the RNTI corresponding to the third RLC entity in the physical layer, and transmitted to the plurality of devices for reception. The second apparatus receives the data according to the assigned or predefined RNTI corresponding to the third RLC entity or used to receive the multicast data, and delivers the received data of the multicast transmission scheme to the sixth RLC entity.

And the third is that: unicast and multicast transmission regimes (alternatively referred to as unicast and multicast simultaneous transmission regimes). Unicast and multicast transmission modes are transmission modes that use unicast and multicast for transmission. Unicast and multicast transmission modes exist in a scenario where the first PDCP and the second PDCP are both associated with multiple RLC entities. I.e., data of the first PDCP entity is delivered to the first RLC entity and the second RLC entity. The data in the logical channel corresponding to the first RLC entity is sent to the second device in a unicast mode, the data in the logical channel corresponding to the second RLC entity is sent to a plurality of devices in a multicast mode, and the plurality of devices include the second device. Specifically, when the data in the logical channels corresponding to the first RLC entity and the second RLC entity are grouped in the MAC layer, the data is not multiplexed into the same data packet, because different processes are required subsequently. And after the data in the unicast logical channel is processed by the MAC layer and delivered to the physical layer, the data is scrambled and sent out by the RNTI corresponding to the first RLC entity in the physical layer. And after the data in the multicast logical channel is processed by the MAC layer and delivered to the physical layer, the data is scrambled and sent out by the RNTI corresponding to the second RLC entity in the physical layer. The second apparatus may receive the data according to the assigned or predefined RNTIs corresponding to the first RLC entity and the second RLC entity, respectively, deliver the received data of the multicast transmission scheme to the fifth RLC entity, and deliver the received data of the unicast transmission scheme to the fourth RLC entity.

It should be understood that, in the embodiment of the present application, all of the three transmission manners are for the same radio bearer, and it can be understood that one radio bearer supports different transmission manners and can switch between different transmission modes. This radio bearer may be an existing radio bearer or may be a new type of radio bearer, that is, the first PDCP entity and the one or more RLC entities associated with the first PDCP entity belong to the same radio bearer (assumed to be the first radio bearer), or the second PDCP entity and the one or more RLC entities associated with the second PDCP entity belong to the same radio bearer (assumed to be the first radio bearer) or the first PDCP entity and the one or more RLC entities associated with the first PDCP entity belong to the same radio bearer, and the second PDCP entity and the one or more RLC entities associated with the second PDCP entity belong to the same radio bearer (assumed to be the first radio bearer). Or, the configuration information of the first radio bearer includes or is associated with the configuration information of the first PDCP entity and the configuration information of the RLC entity associated with the first PDCP entity, and the configuration information of the first radio bearer is also associated with the configuration information of the second PDCP entity and the configuration information of the RLC entity associated with the second PDCP entity, where the association may be that the configuration information includes the same identification information, and the identification information may be a radio bearer identifier.

In S220, after determining the first transmission method of the first data, the first device determines a security processing method for the first data according to the first transmission method. And the security processing modes corresponding to different data transmission modes are different or the same. That is, there is a correspondence between the data transmission method and the security processing method. The correspondence may be pre-configured or protocol predetermined. The first device comprises a first data processing mode and a second data processing mode, wherein the first data processing mode of the first device comprises the following steps: a first safety process corresponding to the unicast transmission mode and a second safety process corresponding to the multicast transmission mode. The first security process may include encrypting and/or integrity protecting the first data using the first parameter and/or the first algorithm, or the first security process may be a non-security process. The second security process may include encrypting and/or integrity protecting the first data using the second parameter and/or the second algorithm, or the second security process may be a non-security process. It should be understood that the secure processing means may also include other means. The application is not limited herein.

It should be understood that in the embodiment of the present application, the non-security processing may be that the data is not encrypted and/or integrity protected, but the data is processed in other manners. Alternatively, the non-security processing may be no security processing of the data.

The first device determines a first transmission mode of the first data, and performs corresponding security processing on the first data in the PDCP layer entity.

If the first transmission mode is a unicast transmission mode or a multicast transmission mode, the first device copies the first data to obtain the second data in the PDCP layer entity. And performing first security processing on the first data and performing second security processing on the second data at the PDCP layer entity.

In S230, the first device sends the first data after the corresponding security processing to the second device according to the first transmission mode of the first data. Correspondingly, the second device receives the data which is sent by the first device and is processed through corresponding safety processing.

Specifically, after performing corresponding security processing on first data in the first PDCP entity, the first device submits the first data after security processing to a corresponding RLC entity according to a first transmission mode of the first data, and sends the first data to the second device through the RLC entity.

And if the first transmission mode is a unicast transmission mode, the first device delivers the first data after the first safety processing to the first RLC entity or the third RLC entity. And the first device sends the first data after the first safety processing to the second device through the first RLC entity or the third RLC entity.

And if the first transmission mode is a multicast transmission mode, the first device delivers the first data after the second safety processing to the second RLC entity or the third RLC entity. And the first device sends the first data after the second safety processing to the second device through the second RLC entity or the third RLC entity.

And if the first transmission mode is a unicast transmission mode and a multicast transmission mode, the first device delivers the first data after the first safety processing to the first RLC entity and delivers the second data after the second safety processing to the second RLC entity. The first device transmits the first data after the first security processing to the second device through the first RLC entity. And simultaneously sending the second data after corresponding safety processing to the second device through a second RLC entity.

In S240, the second device determines a first transmission mode of the received data according to the received data after the corresponding security processing. For example, if the second apparatus receives data from the fourth RLC entity or the sixth RLC entity, it is determined that the first transmission scheme to which the data corresponds is a unicast transmission scheme. And if the second device receives data from the fifth RLC entity or the sixth RLC entity, determining that the first transmission mode corresponding to the data is a multicast transmission mode. And if the second device receives data from the fifth RLC entity and the sixth RLC entity, determining that the first transmission mode corresponding to the data is a unicast transmission mode and a multicast transmission mode.

Fig. 9 is a diagram illustrating an example of the first device transmitting first data to the second device. As shown in fig. 9, the first device transmits the first data after security processing to the second device through the first RLC entity and/or the second RLC entity. The second apparatus receives data transmitted by the first apparatus from the fourth RLC entity and/or the fifth RLC entity.

Fig. 10 is a diagram illustrating another example of the first device transmitting first data to the second device. As shown in fig. 10, the first device transmits the security-processed first data to the second device through the third RLC entity. The second device receives data transmitted by the first device from the sixth RLC entity.

At S250, the second device determines a secure processing mode for the received data according to the first transmission mode. Specifically, the PDCP entity (second PDCP entity) of the second device may determine the first transmission mode of the data according to the data received from the RLC entity associated therewith, determine the corresponding security processing mode according to the first transmission mode of the data, or directly determine the security processing mode of the data according to the RLC entity or the logical channel delivering the data.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs a third security process on the received first data after the first security process. Wherein the third security process may include decrypting and/or integrity verifying the received data using the third parameter and/or the third algorithm. Alternatively, the third security process may be a non-security process, or a non-decryption and/or integrity verification of the data. That is, there is a correspondence between the transmission mode of data or the RLC entity and the security processing mode of the delivered data. The correspondence may be pre-configured or protocol predetermined.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity performs a fourth security process on the received first data that is subjected to the second security process. Wherein the fourth security process may comprise decrypting and/or integrity verifying the received data using the fourth parameter and/or the fourth algorithm. Alternatively, the fourth security process may be a non-security process. The non-security processing may be understood as not decrypting and/or verifying the integrity of the data, but processing the data in other manners. Alternatively, the non-security processing may be no security processing of the data.

When the first transmission mode is a unicast transmission mode and a multicast transmission mode, the second PDCP entity performs third security processing on the received first data after the first security processing, and performs fourth security processing on the received second data after the second security processing.

Among them, the third security process may be a process corresponding to the first security process, such as encryption and decryption, integrity verification, and integrity protection. The fourth security process may be a process corresponding to the second security process, such as encryption and decryption, integrity verification, and integrity protection.

The data security method provided by the application associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And according to different transmission modes, corresponding safety processing is carried out on the data. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In some possible implementations of the present application: when the first transmission mode is a unicast transmission mode, the security processing mode of the first data is first security processing. And when the first data transmission mode is a multicast transmission mode, the security processing mode of the first data is second security processing. When the first data transmission mode is a unicast transmission mode and a multicast transmission mode, the security processing mode of the first data is first security processing, the security processing mode of the second data is second security processing, and the second data is the same as the first data. For example, the second data may be obtained by copying the first data.

For the case that the first data transmission mode is a unicast transmission mode or a multicast transmission mode, the first device may first copy the first data to obtain the second data, and then perform the first security processing on the first data and perform the second security processing on the second data, respectively. And then, the first data and the second data after security processing are sent to the second device through the corresponding RLC entities. For the case that the first data transmission mode is a unicast transmission mode or a multicast transmission mode, the first device only needs to perform corresponding security processing on the first data, and then sends the first data after security processing to the second device through the corresponding RLC entity.

In some possible implementations of the present application: the first security process includes encrypting and/or integrity protecting data using a first parameter and/or a first algorithm. For example, the first security process may be encrypting the data by using the first parameter and/or the first algorithm, or the first security process may be integrity protecting the data by using the first parameter and/or the first algorithm, or the first security process may be encrypting the data by using the first algorithm and integrity protecting the data by using the first parameter.

The second security processing is to perform no security processing on the first data, that is, to perform no security processing on the first data may be regarded as a security processing manner, where performing no security processing on the first data may be understood as performing no encryption and/or integrity protection on the first data, but processing the first data in another manner. Alternatively, the non-security processing of the first data may be non-security processing of the first data.

In other possible implementations of the present application: the first security process is to perform no security process on the data. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm. For example, the second security process may be encrypting the data by using the second parameter and/or the second algorithm, or the second security process may be integrity protecting the data by using the second parameter and/or the second algorithm, or the second security process may be encrypting the data by using the second algorithm and integrity protecting the data by using the second parameter.

In other possible implementations of the present application: the first security process comprises encrypting and/or integrity protecting the data using a first parameter and/or a first algorithm, and the second security process comprises encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm. Wherein the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different. That is, the first security process and the second security process may be the same or different.

The first device may perform corresponding security processing on the first data in the first PDCP entity by using the first security processing and/or the second security processing.

Optionally, in this embodiment of the present application, the first parameter includes a first key, and the second parameter includes a second key. The first secret key may be an encryption key, the second secret key may also be an encryption key, and the first secret key and the second secret key may be the same or different.

For example, for the unicast transmission mode of the first data transmission mode, the first apparatus encrypts the first data with the first secret key in the first PDCP entity, and then sends the first data encrypted with the first secret key to the second apparatus. Alternatively, a parameter a is calculated by using the first algorithm, the first key, and the like, and the parameter a is transmitted to the second device. And the second device calculates a parameter B by using a third algorithm and a third secret key, and if the parameters A and B are consistent, the integrity verification is passed.

For another example, when the first data transmission scheme is a multicast transmission scheme, the first apparatus encrypts the first data with the second secret key in the first PDCP entity, and then transmits the first data encrypted with the second secret key to the second apparatus. Alternatively, a parameter C is calculated using a second algorithm, a second key, and the like, and the parameter C is transmitted to the second device. And the second device calculates a parameter D by using a fourth algorithm and a fourth secret key, and if the parameters C and D are consistent, the integrity verification is passed.

It should also be understood that, in the embodiment of the present application, the first parameter may include, in addition to the first secret key, a radio bearer identifier of the data, a count value (count value) of the data packet, a Sequence Number (SN) of the data packet, a random Number, and the like. The first parameter is not limited in the present application. Similarly, the second parameter may include a radio bearer identification of the data, a count value, a SN, a random number, etc. in addition to the second secret key. And further. The radio bearer identifier, count value, SN, random number, etc. included in the first parameter may be the same as or different from the radio bearer identifier, count value, SN, random number, etc. included in the second parameter, respectively.

For S250, the second PDCP entity of the second device may determine a first transmission mode of the data according to the data received from the different RLC entities associated therewith, and determine a corresponding security processing mode according to the first transmission mode of the data.

For example, when the first transmission mode of the received data is a unicast transmission mode, the second PDCP entity performs the third security processing on the received first data after the first security processing.

And when the first transmission mode of the received data is a multicast transmission mode, the second PDCP entity performs fourth security processing on the received first data which is subjected to the second security processing.

When the first transmission mode of the received data is a unicast and multicast transmission mode, the second PDCP entity performs a third security process on the received first data after the first security process, and performs a fourth security process on the received second data after the second security process.

In some possible implementations of the present application: the third security process includes decrypting and/or integrity verifying the data using a third parameter and/or a third algorithm. For example, the third security process may be decrypting the data using the third parameter and/or the third algorithm, or the first security process may be integrity verifying the data using the third parameter and/or the third algorithm, or the third security process may be decrypting the data using the third algorithm and integrity verifying the data using the third parameter.

And (4) optional. The third security process may also be to perform no security process on the data, wherein the non-security process on the data may be understood as not performing decryption and/or integrity verification on the data, or performing no security process on the data.

In some possible implementations of the present application: the fourth security process includes decrypting and/or integrity verifying the data using a fourth parameter and/or a fourth algorithm. For example, the fourth security process may be decrypting the data using the fourth parameter and/or the fourth algorithm, or the fourth security process may be verifying the integrity of the data using the fourth parameter and/or the fourth algorithm, or the fourth security process may be decrypting the data using the fourth algorithm and verifying the integrity of the data using the fourth parameter.

Optionally, the fourth security processing may also be security processing on no data.

For example: when the first security process is to encrypt the data using the first parameter and the first algorithm, the third security process is to decrypt the data using the third parameter and the third algorithm.

Another example is: and when the second security processing is to encrypt the data by using the second parameter and the second algorithm, the fourth security processing is to decrypt the data by using the fourth parameter and the fourth algorithm.

Another example is: when the second security process is not performed, the fourth security process is also not performed.

Wherein the third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different. That is, the third security process and the fourth security process may be the same or different.

Optionally, in this embodiment of the present application, the third parameter includes a third key, and the fourth parameter includes a fourth key. The third secret key may be a decryption key corresponding to the first secret key, the fourth secret key may be a decryption key corresponding to the second secret key, and the third secret key and the fourth secret key may be the same or different.

For example, for the unicast transmission mode of the first data transmission mode, the first apparatus encrypts the first data with the first secret key in the first PDCP entity, and then sends the first data encrypted with the first secret key to the second apparatus. Alternatively, a parameter is calculated using the first algorithm, the first key, and the like, and the parameter a is sent to the second device. The second apparatus decrypts the first data encrypted by the first secret key in the second PDCP entity using the third secret key. Alternatively, the second device calculates a parameter B by using a third algorithm, a third key, and the like, and if the parameter a and the parameter B are the same, the integrity verification is passed.

It should also be understood that, in the embodiment of the present application, the third parameter and the fourth parameter may include, in addition to the key, a radio bearer identifier of the data, a count value (count value) of the data packet, a Sequence Number (SN) of the data packet, a random Number, and the like.

Fig. 11 is a schematic flow chart of a method 300 for data security processing according to an embodiment of the present application, where the method 300 may be applied in the scenario shown in fig. 3, for example, in a scenario of transmission using multicast transmission and/or transmission using unicast transmission. The embodiments of the present application are not limited thereto.

As shown in fig. 11, the method 300 shown in fig. 11 may include steps S310 to S350. The various steps in method 300 are described in detail below in conjunction with fig. 10. The method 300 includes:

s310, the first device carries out first safety processing on the first data.

S320, the first device performs a second security process on the second data, the second data being obtained by copying the first data.

And S330, the first device sends the first data after the first security processing and/or sends the second data after the second security processing to the second device according to a first transmission mode of the data, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode which uses unicast transmission and multicast transmission. Accordingly, the second device receives the data transmitted by the first device.

S340, the second device determines a first transmission mode of the received data, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast transmission mode and a multicast transmission mode.

And S350, the second device determines a safe processing mode of the first data according to the first transmission mode.

Specifically, a first PDCP entity in a protocol stack of the first apparatus is associated with one or more RLC entities, and a transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. A second PDCP entity in a protocol stack of the second device is associated with one or more RLC entities, and a transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. For a detailed description of the protocol stacks of the first device and the second device, reference may be made to the description of the protocol stack of the first device by the method 200, and details are not repeated here for brevity. The structure of the protocol stacks of the first device and the second device may refer to the description of the method 200 above for the structure of the protocol stacks of the first device and the second device. And will not be described in detail herein.

When the first device has data (taking the first data as an example) to transmit to the second device, it is assumed that what transmission method is adopted is determined by the RLC layer, the MAC layer, or the physical layer of the first device. If the access network equipment uses the separate CU and DU configuration mode, it can also be understood that what transmission method is used is determined by the DU of the first device. Since the data transmission mode is determined by other layers or DUs, the first PDCP entity does not know what transmission mode is currently used, so that when the first device transmits the first data, the first PDCP entity copies the first data to obtain the second data. I.e. the first data and the second data are identical. Wherein, the first transmission mode is as follows: a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode. For the related descriptions of the unicast transmission method, the multicast transmission method, and the unicast and multicast transmission methods, reference may be made to the related description in the method 200, and for brevity, no further description is given here.

In S310, the first device performs a first security process on the first data, that is, the security processing method corresponding to the first data is the first security process. Specifically, the first device or the CU performs a first security process on first data in the first PDCP entity. And the corresponding first safety processing is carried out in the unicast transmission mode.

In S320, the first device performs a second security process on the second data, that is, the security processing method corresponding to the second data is the second security process. Specifically, the first device or the CU performs a second security process on second data in the first PDCP entity. And the corresponding second safety processing is carried out during the multicast transmission mode. Specifically, after the first device or the CU receives the first data in the first PDCP entity, the first data is copied to obtain second data, and then the first data and the second data are respectively subjected to corresponding security processing.

In S330, the first device or the CU performs security processing on the first data and the second data in the first PDCP entity, respectively. The first data processed by the first security process is delivered to one or RLC entity associated with the first PDCP, and the second data processed by the second security process is also delivered to one or RLC entity associated with the first PDCP. Specifically, one RLC entity corresponds to a unicast transmission mode or a multicast transmission mode due to the one or the RLC entity associated with the first PDCP. The first device or the CU delivers the first data after the first security processing to the RLC entity corresponding to the unicast transmission scheme, and delivers the second data after the second security processing to the RLC entity corresponding to the multicast transmission scheme. That is, there is a correspondence between a data transmission scheme or an RLC entity that delivers data and a security processing scheme. The correspondence may be pre-configured or protocol predetermined.

For example, in connection with the example shown in fig. 9, the first PDCP layer entity delivers the first data after the first security processing to the first RLC entity, and delivers the second data after the second security processing to the second RLC entity. For another example, referring to the example shown in fig. 10, the first PDCP layer entity delivers the first data after the first security processing to the third RLC entity, and delivers the second data after the second security processing to the third RLC entity.

And the first device or the DU sends the first data after the first safety processing to the second device according to the first transmission mode of the data, and/or sends the second data after the second safety processing. Namely, the DU or the RLC layer entity of the first device determines the first transmission mode among the unicast transmission mode, the multicast transmission mode, the unicast and multicast transmission modes. The first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, a unicast transmission mode and a multicast transmission mode. The first device transmits data to the second device in the corresponding RLC entity using the first transmission scheme. Accordingly, the second device receives the data sent by the first device.

In S340, the second device determines a first transmission mode of the data according to the received data after being processed by the corresponding security processing. For example, if the second apparatus receives data from the fourth RLC entity or the sixth RLC entity, it is determined that the first transmission scheme corresponding to the data is a unicast transmission scheme. And if the second device receives data from the fifth RLC entity or the sixth RLC entity, determining that the first transmission mode corresponding to the data is a multicast transmission mode. And if the second device receives data from the fourth RLC entity and the fifth RLC entity, determining that the first transmission mode corresponding to the data is a unicast transmission mode and a multicast transmission mode.

At S350, the second device determines a secure processing mode for the first data according to the first transmission mode. Specifically, the PDCP entity (second PDCP entity) of the second device may determine different transmission schemes for the first data according to data received from RLC entities associated with the second device, and determine a corresponding security processing scheme according to the different transmission schemes for the first data. That is, there is a correspondence between a data transmission scheme or an RLC entity that delivers data and a security processing scheme. The correspondence may be pre-configured or protocol predetermined.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs a third security process on the received first data after the first security process.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity performs a fourth security process on the received second data that has undergone the second security process.

The data security method provided by the application associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is carried out, corresponding safety processing processes are respectively carried out on all possible transmission modes of the data, multiple pieces of data after safety processing are respectively submitted to RLC entities of corresponding transmission modes, finally, the transmission mode adopted by the data is determined through the RLC entities, and the data is sent by utilizing the determined transmission mode. The safety of data transmission is improved. Moreover, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

In some possible implementations of the present application: in S330, the first device or CU may transmit data to the second device according to the first transmission method, as follows:

when the first transmission mode is a unicast transmission mode, the first device (or the CU) transmits the first data after the first security process to the second device through the first RLC entity or the third RLC entity. Optionally, the second data after the second security processing in the second RLC entity is deleted, or the second data after the second security processing in the third RLC entity is deleted.

When the first transmission mode is a multicast transmission mode, the first device (or the CU) transmits the second data after the second security process to the second device through the second RLC entity or the third RLC entity. Optionally, the first data after the first security processing in the first RLC entity is deleted, or the first data after the first security processing in the third RLC entity is deleted.

When the first transmission mode is a unicast and multicast transmission mode, the first device (or the CU) transmits the first data subjected to the first security process to the second device through the first RLC entity, and transmits the second data subjected to the second security process to the second device through the second RLC entity.

In some possible implementations of the present application: the first security process includes encrypting and/or integrity protecting data using a first parameter and/or a first algorithm, and the second security process is a non-security process. I.e. not securely processing the second data may be regarded as a secure processing.

In other possible implementations of the present application: the first security process is not performed. The second security process includes encrypting and/or integrity protecting the second data using the second parameter and/or the second algorithm.

In other possible implementations of the present application: the first security process comprises encrypting and/or integrity protecting the first data using the first parameter and/or the first algorithm, and the second security process comprises encrypting and/or integrity protecting the second data using the second parameter and/or the second algorithm. Wherein the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different. That is, the first security process and the second security process may be the same or different.

The first device may perform corresponding security processing on the first data and the second data in the first PDCP entity by using the first security processing and the second security processing.

It should also be understood that, in the embodiment of the present application, the first parameter and the second parameter may include, in addition to the key, a radio bearer identifier of the data, a count value (count value) of the data packet, a Sequence Number (SN) of the data packet, a random Number, and the like. The first parameter is not limited in the present application. And further. The radio bearer identifier, count value, SN, random number, etc. included in the first parameter may be the same as or different from the radio bearer identifier, count value, SN, random number, etc. included in the second parameter, respectively.

For the descriptions of S340 and S350, reference may be made to the descriptions of S240 and S250 in the method 200, and for brevity, the description is not repeated here.

In some possible implementations of the present application: the third security process includes decrypting and/or integrity verifying the data using a third parameter and/or a third algorithm, or the third security process is a non-security process. The non-security processing may be understood as not decrypting and/or verifying the integrity of the data, but processing the data in other manners. Alternatively, the non-security processing may be no security processing of the data.

In some possible implementations of the present application: the fourth security processing comprises decrypting and/or integrity verifying the data using a fourth parameter and/or a fourth algorithm, or the fourth security processing is not security processing.

It should be understood that the description of the first to fourth security processes may refer to the description of the first to fourth security processes in the method 200 described above. For brevity, no further description is provided herein.

It should also be understood that the first parameter, the second parameter, the third parameter, the fourth parameter, and the first to fourth algorithms described above may be preconfigured or may also be protocol defined. Fig. 12 is a schematic flow chart of a method 400 for data security processing according to an embodiment of the present application, where the method 400 may be applied in the scenario shown in fig. 3, for example, in a scenario of transmission using multicast transmission and/or transmission using unicast transmission. The embodiments of the present application are not limited thereto.

As shown in fig. 12, the method 400 shown in fig. 12 may include steps S410 to S450. The various steps in method 400 are described in detail below in conjunction with fig. 11. The method 400 includes:

s410, the first device carries out first safety processing on the first data.

S420, the first device determines a first transmission mode of the first data after the first security processing, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.

S430, when the first transmission mode is a unicast transmission mode, the first device sends the first data after the first security processing to the second device by using the unicast transmission mode;

when the first transmission mode is a multicast transmission mode, the first device sends the first data after the first security processing to the second device by utilizing the multicast transmission mode;

when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the first device sends the first data after the first security processing to the second device by using the unicast transmission mode, and sends third data to the second device by using the multicast transmission mode, wherein the third data is obtained by copying the first data after the first security processing.

Accordingly, the second device receives the data transmitted by the first device.

S440, the second device determines a first transmission mode of the received data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode.

And S450, the second device determines a safe processing mode of the received data according to the first transmission mode.

In S410, when the first device has data (taking the first data as an example) to send to the second device, the first device performs a first security process on the first data in the PDCP layer. Namely, the security processing mode corresponding to the first data is the first security processing. A first PDCP entity in a protocol stack of the first device is associated with one or more RLC entities, where a transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. A second PDCP entity in a protocol stack of the second device is associated with one or more RLC entities, and a transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. For a detailed description of the protocol stacks of the first device and the second device, reference may be made to the description of the protocol stack of the first device by the method 200, and details are not repeated here for brevity.

In S420, after performing security processing on the first data, the first device determines a first transmission mode of the first data subjected to the first security processing. Alternatively, if the access network device adopts the CU and DU separate setting mode, the first device may be a CU. It is assumed that which transmission scheme is used is determined by the PDCP layer (or CU) of the first device, for example, the PDCP layer of the first device determines or judges the first transmission scheme. Namely, the PDCP layer (CU) determines the first transmission scheme among a unicast transmission scheme, a multicast transmission scheme, and unicast and multicast transmission schemes. For the related descriptions of the unicast transmission method, the multicast transmission method, and the unicast and multicast transmission methods, reference may be made to the related description in the method 200, and for brevity, no further description is given here.

In S430, when the first transmission method is a unicast transmission method, the first device sends the first data after the first security processing to the second device by using the unicast transmission method. Specifically, when the first PDCP entity of the first device determines that the first transmission mode is the unicast transmission mode, the first PDCP entity delivers the first data after the first security processing to an RLC entity of the unicast type associated with the first PDCP entity. And transmitting the first data after the first security processing to the second apparatus through a unicast-type RLC entity associated with the first PDCP entity. For example, the first apparatus may send the first data after the first security processing to the second apparatus through a first RLC entity or a third RLC entity, where the first RLC entity corresponds to the unicast transmission mode and the third RLC entity corresponds to the unicast transmission mode. Correspondingly, the second device receives the first data which is sent by the first device and is subjected to the first security processing, and delivers the received data to the corresponding RLC entity of the second device. For example, the second apparatus receives the data according to the assigned or predefined RNTI corresponding to the first RLC entity or the third RLC entity, and delivers the received data of the unicast transmission scheme to the fourth RLC entity or the sixth RLC entity.

When the first transmission mode is a multicast transmission mode, the first device sends the first data after the first security processing to the second device by using the multicast transmission mode. Specifically, when the first PDCP entity of the first device determines that the first transmission mode is the multicast transmission mode, the first PDCP entity delivers the first data after the first security processing to an RLC entity of a multicast type associated with the first PDCP entity. And transmitting data to the second apparatus through the multicast type RLC entity associated with the first PDCP entity. For example, the first apparatus may transmit the first data after the first security process to the second apparatus through the second RLC entity or the third RLC entity. The second RLC entity corresponds to a multicast transmission mode and the third RLC entity corresponds to a multicast transmission mode. Correspondingly, the second device receives the first data which is sent by the first device and is subjected to the first security processing. And delivers the received data to a corresponding RLC entity of the second device. For example, the second apparatus receives the data according to the assigned or predefined RNTI corresponding to the second RLC entity or the third RLC entity, and delivers the received data of the unicast transmission scheme to the fifth RLC entity or the sixth RLC entity.

When the first transmission mode is a unicast transmission mode and a multicast transmission mode, the first device sends the first data after the first security processing to the second device by using the unicast transmission mode, and sends third data to the second device by using the multicast transmission mode, wherein the third data is the same as the first data after the first security processing. The third data may be obtained by copying the first data subjected to the first security processing, or may be obtained by copying the first data and then performing the first security processing on the copied data. That is, the security processing method corresponding to the multicast transmission method is the same as the security processing method corresponding to the single transmission method.

Specifically, when the first PDCP entity of the first device determines that the first transmission mode is a unicast or multicast transmission mode, the first PDCP entity delivers the first data after the first security processing to a unicast-type RLC entity associated with the first PDCP entity, and delivers the third data to a multicast-type RLC entity. Wherein the third data is the same as the first data after the first security processing. The first device sends the first data number after the first security processing to the second device through a unicast type RLC entity associated with the first PDCP entity, and sends third data to the second device through a multicast type RLC entity. For example, the first device may transmit first data after the first security process to the second device through the first RLC entity, and transmit third data to the second device through the second RLC entity. The first RLC entity corresponds to a unicast transmission mode, and the second RLC entity corresponds to a multicast transmission mode. Accordingly, the second device receives the data transmitted by the first device. And delivers the received data to a corresponding RLC entity of the second device. For example, the second apparatus receives the data based on the assigned or predefined RNTIs corresponding to the first RLC entity and the second RLC entity, delivers the received data of the unicast transmission scheme to the fourth RLC entity, and delivers the received data of the multicast transmission scheme to the fifth RLC entity.

At S440, the second device determines a first transmission mode of the received data according to the received data after the first security processing. The first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode. For example, if the second apparatus receives data from the fourth RLC entity or the sixth RLC entity, it is determined that the first transmission scheme to which the data corresponds is a unicast transmission scheme. And if the second device receives data from the fifth RLC entity or the sixth RLC entity, determining that the first transmission mode corresponding to the data is a multicast transmission mode. And if the second device receives the data from the fourth RLC entity and the fifth RLC entity, determining that the first transmission mode corresponding to the data is a unicast transmission mode and a multicast transmission mode.

In S450, the second device determines a secure processing mode for the received data according to the first transmission mode. Specifically, the PDCP entity (second PDCP entity) of the second device may determine a first transmission mode of the data according to the data received from the RLC entity associated therewith, and determine a corresponding security processing mode according to the first transmission mode.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs a third security process on the received first data after the first security process. That is, there is a correspondence between the transmission mode of data or the RLC entity and the security processing mode of the delivered data. The correspondence may be pre-configured or protocol predetermined.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity performs the third security processing on the received first data that has undergone the first security processing. That is, the security processing method corresponding to the multicast transmission method is the same as the security processing method corresponding to the single transmission method.

And when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the second PDCP entity carries out third safety processing on the received first data which are transmitted in the unicast transmission mode and also carries out third safety processing on the received third data which are transmitted in the multicast transmission mode.

Among them, the third security process may be a process corresponding to the first security process, such as encryption and decryption, integrity verification, and integrity protection.

For the descriptions of S440 and S450, reference may be made to the descriptions of S240 and S250 in the method 200, and for brevity, the description is not repeated here.

The data security method provided by the application associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. Moreover, the security processing modes corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device firstly carries out security processing on the data and then sends the data after the security processing according to the transmission mode that the data are not used. The safety of data transmission is improved. The data security processing process in the same bearer can be realized, the security requirements of data in different transmission modes are met, and the communication efficiency is improved.

In some possible implementations of the present application: the first security process includes encrypting and/or integrity protecting the data using the first parameter and/or the first algorithm, or the first security process is a non-security process, where the non-security process may be understood as not encrypting and/or integrity protecting the data, but processing the data in other manners. Alternatively, the non-security processing may be no security processing of the data.

Optionally, in this embodiment of the present application, the first parameter includes a first key.

In some possible implementations of the present application: the third security process includes decrypting and/or integrity verifying the data using the third parameter and/or the third algorithm, or the third security process is a non-security process, where the non-security process may be understood as not decrypting and/or integrity verifying the data, but processing the data in other manners. Alternatively, the non-security processing may be no security processing of the data.

For example, for the unicast transmission mode of the first data transmission mode, the first apparatus encrypts the first data with the first secret key in the first PDCP entity, and then sends the first data encrypted with the first secret key to the second apparatus. Alternatively, a parameter is calculated using the first algorithm, the first key, and the like, and the parameter is sent to the second device. The second apparatus decrypts the first data encrypted by the first secret key in the second PDCP entity using the third secret key. Alternatively, the second device calculates a parameter B by using a third algorithm, a third key, and the like, and if the parameter a and the parameter B are the same, the integrity verification is passed.

It should also be understood that, in the embodiment of the present application, the first parameter may include, in addition to the first secret key, a radio bearer identifier of the data, a count value (count value) of the data packet, a Sequence Number (SN) of the data packet, a random Number, and the like. The count value (count value) may include SN and Hyper Frame Number (HFN). The present application is not limited to the specific content included in the first parameter.

It should also be understood that, in the embodiment of the present application, the third parameter may include, in addition to the first secret key, a radio bearer identifier of the data, a count value (count value) of the data packet, a Sequence Number (SN) of the data packet, a random Number, and the like. The count value (count value) may include SN and Hyper Frame Number (HFN)

In an embodiment of the present application, the first device may transmit configuration information such as the above-described key (secret key) to the second device. And, corresponding keys and/or encryption integrity protection algorithms can be maintained for different types of radio bearers, respectively. Specifically, when data is transmitted by using a conventional unicast radio bearer, the security processing of the data uses the existing secret key and/or encryption completion protection algorithm (encryption algorithm and integrity protection algorithm), all unicast radio bearers of the same terminal device use the same secret key and/or encryption completion protection algorithm, and unicast radio bearers of different terminal devices use different secret keys and/or encryption completion protection algorithms; when data transmission is performed by using a radio bearer (first type radio bearer) supporting multiple transmission modes in the present application, a network device may configure a common key and/or encryption completion protection algorithm for at least one terminal device, so as to perform security processing on data in the first type radio bearer, in this case, in different terminal devices, the first type radio bearer for receiving the same service may use the same key and/or encryption completion protection algorithm to process the data, and for the same terminal device, different keys and/or encryption completion protection algorithms need to be maintained for different types of radio bearers (unicast radio bearer, multicast radio bearer, and first type radio bearer) to perform security processing on corresponding data. Further, for the same terminal device, for the same type of radio bearer (unicast radio bearer, multicast radio bearer, and first type of radio bearer), if the same type of bearer is used for transmitting different services, the terminal device may also maintain different keys and/or encryption completion protection algorithms for performing security processing on corresponding data, which is not limited in this application.

For example, the first apparatus (taking the network device as an example) sends the security configuration information to the second apparatus (taking the terminal device as an example), the security configuration information may include configuration of one or more sets of keys, configuration of an algorithm, and the like, and the key may be a public key that can be used by a plurality of terminal devices. The security configuration information may be sent to the terminal device when the bearer is established, may be sent to the terminal device in advance, or may be sent to the terminal device based on a request of the terminal device. For example, the security configuration information may be carried in radio bearer configuration information, PDCP configuration information, or other configuration information. The terminal device maintains multiple sets of key information for different types of bearers, for example, one set of key information is used for a normal unicast-only bearer and one set is used for a unicast and/or multicast bearer. For the terminal device, the security configuration information may also be preset in the terminal device or derived according to information preset by the terminal device; for the network device, the security configuration information may be sent by the core network to the network device or sent by the terminal device to the network device or preset in the network device or derived by the network device according to the preset information.

The PDCP layer of the terminal equipment adopts a key and/or a ciphering completion protection algorithm of a corresponding type to carry out security processing aiming at different types of load bearing. For example for bearers supporting unicast and/or multicast. The PDCP layer of the network device uses a public key shared by multiple terminal devices to perform security processing on data and then sends the processed data to one or more terminal devices. After the terminal device receives the security configuration information, the PDCP layer of the terminal device performs corresponding security processing by using a corresponding public key for a bearer supporting unicast and/or multicast.

In some further embodiments of the present application, the network device (first apparatus) side maintains a plurality of radio bearers for different terminal devices, including a unicast radio bearer, a multicast radio bearer, and a first type bearer, wherein the first type bearer may also be one belonging to the multicast radio bearer. For the unicast radio bearer, point-to-point transmission is performed, that is, the unicast radio bearer is only for one terminal device; whereas for multicast radio bearers and bearers of the first type point-to-multipoint transmission, i.e. for a plurality of terminal devices.

For the unicast radio bearer, at the network device side, the PDCP layer and the RLC layer are included to respectively execute the functions of each layer, and at a corresponding terminal device side, the corresponding PDCP layer and the RLC layer are included to execute the corresponding functions, and the execution and processing of the functions are different for different terminal devices, for example, the security processing of data in the unicast radio bearer in the same terminal device is the same, and the security processing of data in the unicast radio bearer in different terminal devices is different, in other words, such functions may be referred to as terminal device-level functions;

in contrast to the network device level functions, which correspond to the multicast radio bearer or the first type radio bearer, the execution and processing of such functions may be the same for different terminal devices, such as security processing, assuming that a plurality of terminal devices receive data in a multicast manner, i.e. in a point-to-multipoint transmission, the network device and the plurality of terminal devices perform the same security processing on the data. The security processing method is the same as that described in the previous embodiment in the specification, and is not described herein again.

For the terminal device level function and the network device level function, there are three protocol stack architectures to implement, and fig. 13 shows a first protocol stack structure. As shown in fig. 13, on the network device side, the radio bearers (first type radio bearers) for all terminal devices receiving the same MBMS service share one PDCP entity for processing, and one PDCP entity is provided for each unicast radio bearer for each terminal device for processing.

Fig. 14 shows a second protocol stack structure. As shown in fig. 14. The first type radio bearer for receiving the same MBMS service aiming at the same terminal equipment at a network equipment side shares one PDCP entity for processing, and the first type radio bearer for receiving the same MBMS service aiming at different terminal equipment uses different PDCP entities for processing. When the network device determines to transmit data to a plurality of terminal devices by using a multicast transmission mode, the network device can process the data through any one or a plurality of PDCPs and deliver the processed data to the RLC entity of the multicast type for continuous transmission. When the network device determines to transmit data to a certain terminal device by using a unicast transmission mode, the data can be processed through the corresponding PDCP, and the processed data is handed to the RLC entity of the corresponding unicast type for continuous transmission.

Fig. 15 shows a third protocol stack structure, where as shown in fig. 15, a network device shares one PDCP entity or sub-PDCP function module for multicast radio bearers of all terminal devices to perform processing, and unicast radio bearers of different terminal devices respectively correspond to different PDCP entities or sub-PDCP function modules to perform processing, that is, different PDCP entities are respectively processed when multicast mode processing and unicast mode processing are adopted for a first type radio bearer for which the same terminal device receives the same MBMS service. The PDCP entity may be a complete PDCP entity, or a part of a complete PDCP entity, that is, a set of a part of function modules, for example, a common PDCP entity includes a same function set for multiple terminal devices, such as security processing in multicast transmission. When the network device determines to transmit data to a plurality of terminal devices by using a multicast transmission mode, the data can be processed by the public PDCP entity and then delivered to the RLC entity of the multicast type for continuous transmission after the processing is finished. When the network device determines to transmit data to a certain terminal device by using a unicast transmission mode, the data can be processed by the single PDCP and then sent to the RLC entity of the corresponding unicast type for continuous transmission after the processing is finished. When the network device determines to transmit data to a certain terminal device by using unicast and multicast transmission modes, the data can be copied in the single PDCP or the common PDCP, then the data is processed in the single PDCP entity and the common PDCP entity respectively, and the processed data is handed to the unicast type RLC entity and the multicast type RLC entity respectively to continue transmission. Data can also be copied at a higher layer and then handed to a separate PDCP entity and a common PDCP entity for processing, respectively.

It should be understood that in the various embodiments of the present application, first, second, etc. are for convenience of description only. For example, the first RLC entity and the second RLC entity are merely to indicate different RLC entities. The RLC entities themselves and the number thereof should not have any influence, and the first, the second, etc. mentioned above should not cause any limitation to the embodiments of the present application.

It should also be understood that the above description is only for the purpose of facilitating a better understanding of the embodiments of the present application by those skilled in the art, and is not intended to limit the scope of the embodiments of the present application. Various equivalent modifications or changes will be apparent to those skilled in the art in light of the above examples given, for example, some steps may not be necessary or some steps may be newly added in various embodiments of the above-described methods 200-400, etc. Or a combination of any two or more of the above embodiments. Such modifications, variations, or combinations are also within the scope of the embodiments of the present application.

It should also be understood that the foregoing descriptions of the embodiments of the present application focus on highlighting differences between the various embodiments, and that the same or similar parts not mentioned above may be referred to one another, and thus, for brevity, will not be described again.

It should also be understood that the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic thereof, and should not constitute any limitation to the implementation process of the embodiments of the present application.

It should also be understood that in the embodiment of the present application, "preset" or "predefined" may be implemented by saving a corresponding code, table, or other manners that may be used to indicate related information in advance in a device (for example, including a terminal and a network device), and the present application is not limited to a specific implementation manner thereof.

It should also be understood that the manner, the case, the category, and the division of the embodiments are only for convenience of description and should not be construed as a particular limitation, and features in various manners, the category, the case, and the embodiments may be combined without contradiction.

It is also to be understood that the terminology and/or the description of the various embodiments herein is consistent and mutually inconsistent if no specific statement or logic conflicts exists, and that the technical features of the various embodiments may be combined to form new embodiments based on their inherent logical relationships.

The method for data security processing according to the embodiment of the present application is described in detail above with reference to fig. 1 to 15. Hereinafter, a communication device according to an embodiment of the present application will be described in detail with reference to fig. 16 to 24.

Fig. 16 shows a schematic block diagram of a communication apparatus 500 according to an embodiment of the present application, where the apparatus 500 may correspond to the first apparatus or the second apparatus described in the method 200, or may be a chip or a component applied to the first apparatus or the second apparatus, and each module or unit in the apparatus 500 is used to perform each action or process performed by the first apparatus and the second apparatus in the method 200.

As shown in fig. 16, the apparatus 500 may include a processing unit 510 and a transceiver unit 520. The transceiving unit 520 is used for performing specific signal transceiving under the driving of the processing unit 510.

The processing unit 510 is configured to determine a first transmission mode of the first data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.

The processing unit 510 is further configured to determine a secure processing manner for the first data according to the first transmission manner.

The transceiver 520 is configured to transmit the first data after security processing.

The communication device provided by the application is associated with one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. And according to different transmission modes, corresponding safety processing is carried out on the data. On the one hand, the safety of data transmission is improved. On the other hand, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

Optionally, in some embodiments of the present application, when the first transmission mode is a unicast transmission mode, the processing unit 510 determines that the security processing mode of the first data is the first security processing.

Optionally, in some embodiments of the present application, when the first transmission mode is a multicast transmission mode, the processing unit 510 determines that the security processing mode of the first data is the second security processing.

Optionally, in some embodiments of the present application, when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the processing unit 510 determines that the security processing mode of the first data is a first security processing mode, and the security processing mode of the second data is a second security processing mode, where the second data is obtained by copying the first data.

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting data using the first parameter and/or the first algorithm. The second security process is not performed.

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting the data using a third parameter and/or a third algorithm. The second security process is not performed.

Optionally, in some embodiments of the present application, the first security process is a security process. The second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

Optionally, in some embodiments of the present application, the first security process is a security process. The second security process includes encrypting and/or integrity protecting the data using a fourth parameter and/or a fourth algorithm.

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting the data using the first parameter and/or the first algorithm, or the first security process includes decrypting and/or integrity verifying the data using the third parameter and/or the third algorithm.

Optionally, in some embodiments of the present application, the first parameter includes a first key, and/or the second parameter includes a second key; alternatively, the third parameter comprises a third key, and/or the fourth parameter comprises a fourth key.

Further, the apparatus 500 may also be a storage unit, and the transceiver unit 520 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used for storing instructions executed by the transceiving unit 520 and the processing unit 510. The transceiver unit 520, the processing unit 510 and the storage unit are coupled to each other, the storage unit stores instructions, the processing unit 510 is configured to execute the instructions stored by the storage unit, and the transceiver unit 520 is configured to perform specific signal transceiving under the driving of the processing unit 510.

It should be understood that for the specific processes of the units in the apparatus 300 to execute the corresponding steps, please refer to the description related to the first apparatus or the second apparatus in the foregoing with reference to the method 200 and the related embodiment in fig. 4, and for brevity, detailed descriptions thereof are omitted here.

Optionally, the transceiver unit 520 may include a receiving unit (module) and a transmitting unit (module) for performing the steps of receiving and transmitting information by the first device or the second device in the embodiments of the foregoing method 200 and the embodiment shown in fig. 4.

It should be understood that the transceiving unit 520 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 510 may be implemented by a processor. As shown in fig. 17, the communication device 600 may include a processor 610, a memory 620, a transceiver 630, and a bus system 660. The various components of the communication device 600 are coupled together by a bus system 660, where the bus system 660 may include a power bus, a control bus, a status signal bus, and the like, in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 640 in fig. 16. For ease of illustration, it is only schematically drawn in fig. 16.

The communication device 500 shown in fig. 16 or the communication device 600 shown in fig. 17 is capable of implementing the steps performed by the first device or the second device in the various embodiments of the method 200 described above and in the embodiment shown in fig. 4. Similar descriptions may refer to the description in the corresponding method previously described. To avoid repetition, further description is omitted here.

It should also be understood that the communication apparatus 500 shown in fig. 16 or the communication apparatus 600 shown in fig. 17 may be a terminal device or a network device.

Fig. 18 shows a schematic block diagram of a communication apparatus 700 according to an embodiment of the present application, where the apparatus 700 may correspond to the first apparatus described in the method 300, or may be a chip or a component applied to the first apparatus, and each module or unit in the apparatus 700 is respectively configured to execute each action or process performed by the first apparatus in the method 300.

As shown in fig. 18, the apparatus 700 may include a processing unit 710 and a transceiver unit 720. The transceiving unit 720 is used for performing specific signal transceiving under the driving of the processing unit 710.

A processing unit 710, configured to perform a first security process on first data;

the processing unit 710 is further configured to perform a second security process on second data, where the second data is obtained by copying the first data;

a transceiver 720, configured to send the first data after the first security processing and/or send the second data after the second security processing according to a first transmission mode of data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.

The communication device provided by the application is associated with one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is carried out, corresponding safety processing processes are respectively carried out on all possible transmission modes of the data, multiple pieces of data after safety processing are respectively submitted to RLC entities of corresponding transmission modes, finally, the transmission mode adopted by the data is determined through the RLC entities, and the data is sent by utilizing the determined transmission mode. The safety of data transmission is improved. Moreover, different safety processing processes in the same bearer can be realized, the safety requirements of data in different transmission modes are met, and the communication efficiency is improved.

Optionally, in some embodiments of the present application, the transceiver unit 720 is further configured to;

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting data using a first parameter and/or a first algorithm; the second security process is not performed.

Optionally, in some embodiments of the present application, the first security process is not performed; the second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting data using a first parameter and/or a first algorithm; the second security process includes encrypting and/or integrity protecting the data using a second parameter and/or a second algorithm.

The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

Optionally, in some embodiments of the present application, the first parameter comprises a first key, and/or the second parameter comprises a second key.

It should be understood that for the sake of brevity, detailed descriptions of the specific processes of the units in the apparatus 700 for performing the above corresponding steps are omitted here, with reference to the description related to the method 300 and the first apparatus of the related embodiment in fig. 11.

Optionally, the transceiver unit 720 may include a receiving unit (module) and a transmitting unit (module) for performing the steps of receiving and transmitting information by the second device in the embodiments of the method 300 and the embodiment shown in fig. 11.

Further, the apparatus 700 may further include the storage unit, and the transceiver unit 720 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used for storing instructions executed by the transceiving unit 720 and the processing unit 710. The transceiving unit 720, the processing unit 710 and the storage unit are coupled to each other, the storage unit stores instructions, the processing unit 710 is configured to execute the instructions stored by the storage unit, and the transceiving unit 720 is configured to perform specific signal transceiving under the driving of the processing unit 710.

It should be understood that the transceiving unit 720 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 710 may be implemented by a processor. As shown in fig. 19, communications apparatus 800 may include a processor 810, a memory 820, and a transceiver 830.

The communication device 700 shown in fig. 18 or the communication device 800 shown in fig. 19 are capable of implementing the steps performed by the first device in the embodiments of the method 300 described above and in the embodiment shown in fig. 11. Similar descriptions may refer to the description in the corresponding method previously described. To avoid repetition, further description is omitted here.

It should also be understood that the communication apparatus 700 shown in fig. 18 or the communication apparatus 800 shown in fig. 19 may be a network device.

Fig. 20 shows a schematic block diagram of a communication apparatus 900 according to an embodiment of the present application, where the apparatus 900 may correspond to the first apparatus described in the method 400, or may be a chip or a component applied to the first apparatus, and each module or unit in the apparatus 900 is respectively configured to execute each action or process performed by the first apparatus in the method 400.

As shown in fig. 20, the apparatus 900 may include a processing unit 910 and a transceiving unit 920. The transceiving unit 920 is used for performing specific signal transceiving under the driving of the processing unit 910.

The processing unit 910 is configured to perform a first security process on the first data.

The processing unit 910 is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast;

a transceiving unit 920, configured to send the first data after the first security processing by using a unicast transmission method when the first transmission method is the unicast transmission method.

The transceiver 920 is further configured to send the first data after the first security processing by using a multicast transmission method when the first transmission method is the multicast transmission method.

The transceiver 920 is further configured to send the first data after the first security processing by using the unicast transmission method and send third data by using the multicast transmission method when the first transmission method is a unicast and multicast transmission method, where the third data is obtained by copying the first data after the first security processing.

The communication device provided by the application is associated with one or more RLC entities by configuring one PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode. The plurality of RLC entities include an RLC entity corresponding to a unicast transmission scheme and an RLC entity corresponding to a multicast transmission scheme. When data transmission is performed, a unicast transmission method, a multicast transmission method, or a unicast and multicast transmission method may be used to perform data transmission. Moreover, the security processing modes corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device firstly carries out security processing on the data and then sends the data after the security processing according to the transmission mode that the data are not used. The safety of data transmission is improved. The data security processing process in the same bearer can be realized, the security requirements of data in different transmission modes are met, and the communication efficiency is improved.

Optionally, in some embodiments of the present application, the first security process includes encrypting and/or integrity protecting data using a first parameter and/or a first algorithm; alternatively, the first security process is not performed.

Optionally, in some embodiments of the present application, the first parameter comprises a first key.

It should be understood that for the sake of brevity, detailed descriptions of the specific processes of the units in the apparatus 900 for performing the above corresponding steps are omitted here, please refer to the foregoing description in conjunction with the method 400 and the first apparatus of the related embodiment in fig. 12.

Optionally, the transceiver 920 may include a receiving unit (module) and a transmitting unit (module) for performing the steps of receiving and transmitting information by the second device in the embodiments of the method 300 and the embodiment shown in fig. 11.

Further, the apparatus 900 may further include a storage unit, and the transceiver 920 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used for storing instructions executed by the transceiving unit 920 and the processing unit 910. The transceiving unit 920, the processing unit 910 and the storage unit are coupled to each other, the storage unit stores instructions, the processing unit 910 is configured to execute the instructions stored by the storage unit, and the transceiving unit 920 is configured to perform specific signal transceiving under the driving of the processing unit 910.

It is to be understood that the transceiving unit 920 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 910 may be implemented by a processor. As shown in fig. 21, communications apparatus 1000 may include a processor 1010, a memory 1020, and a transceiver 1030.

The communication device 900 shown in fig. 20 or the communication device 1000 shown in fig. 21 are capable of implementing the steps performed by the first device in the embodiments of the method 400 and the embodiments shown in fig. 12 described above. Similar descriptions may refer to the description in the corresponding method previously described. To avoid repetition, further description is omitted here.

It should also be understood that the communications apparatus 900 shown in fig. 20 or the communications apparatus 1000 shown in fig. 21 may be a network device.

It should also be understood that the division of the units in the above apparatus is only a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And the units in the device can be realized in the form of software called by the processing element; or may be implemented entirely in hardware; part of the units can also be realized in the form of software called by a processing element, and part of the units can be realized in the form of hardware. For example, each unit may be a processing element separately set up, or may be implemented by being integrated into a chip of the apparatus, or may be stored in a memory in the form of a program, and a function of the unit may be called and executed by a processing element of the apparatus. The processing element, which may also be referred to herein as a processor, may be an integrated circuit having signal processing capabilities. In the implementation process, the steps of the method or the units above may be implemented by integrated logic circuits of hardware in a processor element or in a form called by software through the processor element.

In one example, the units in any of the above apparatuses may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more Digital Signal Processors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), or a combination of at least two of these integrated circuit forms. As another example, when a unit in a device may be implemented in the form of a processing element scheduler, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of invoking programs. As another example, these units may be integrated together and implemented in the form of a system-on-a-chip (SOC).

Fig. 22 is a schematic structural diagram of a terminal device 1100 provided in the present application. The above-described apparatuses 500 to 600 may be configured in the terminal device 1100. Alternatively, the apparatuses 500 to 600 themselves may be the terminal device 1100. In other words, the terminal device 1100 may perform the actions performed by the second apparatus in the methods 200 to 400.

For convenience of explanation, fig. 22 shows only main components of the terminal device. As shown in fig. 22, the terminal apparatus 1100 includes a processor, a memory, a control circuit, an antenna, and an input-output device.

The processor is mainly configured to process a communication protocol and communication data, control the entire terminal device, execute a software program, and process data of the software program, for example, to support the terminal device to perform the actions described in the above embodiment of the method for indicating a transmission precoding matrix. The memory is mainly used for storing software programs and data, for example, the codebook described in the above embodiments. The control circuit is mainly used for converting baseband signals and radio frequency signals and processing the radio frequency signals. The control circuit and the antenna together, which may also be called a transceiver, are mainly used for transceiving radio frequency signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, keyboards, etc., are used primarily for receiving data input by a user and for outputting data to the user.

When the terminal device is turned on, the processor can read the software program in the storage unit, interpret and execute the instruction of the software program, and process the data of the software program. When data needs to be sent wirelessly, the processor outputs a baseband signal to the radio frequency circuit after performing baseband processing on the data to be sent, and the radio frequency circuit performs radio frequency processing on the baseband signal and sends the radio frequency signal outwards in the form of electromagnetic waves through the antenna. When data is sent to the terminal equipment, the radio frequency circuit receives radio frequency signals through the antenna, converts the radio frequency signals into baseband signals and outputs the baseband signals to the processor, and the processor converts the baseband signals into the data and processes the data.

Those skilled in the art will appreciate that fig. 22 shows only one memory and processor for ease of illustration. In an actual terminal device, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, and the like, which is not limited in this application.

For example, the processor may include a baseband processor and a central processing unit, the baseband processor is mainly used for processing the communication protocol and the communication data, and the central processing unit is mainly used for controlling the whole terminal device, executing the software program, and processing the data of the software program. The processor in fig. 22 integrates the functions of the baseband processor and the central processing unit, and those skilled in the art will understand that the baseband processor and the central processing unit may also be independent processors, and are interconnected through a bus or the like. Those skilled in the art will appreciate that the terminal device may include a plurality of baseband processors to accommodate different network formats, the terminal device may include a plurality of central processors to enhance its processing capability, and various components of the terminal device may be connected by various buses. The baseband processor may also be expressed as a baseband processing circuit or a baseband processing chip. The central processing unit may also be expressed as a central processing circuit or a central processing chip. The function of processing the communication protocol and the communication data may be built in the processor, or may be stored in the storage unit in the form of a software program, and the processor executes the software program to realize the baseband processing function.

For example, in the embodiment of the present application, the antenna and the control circuit having the transceiving function may be regarded as the transceiving unit 1101 of the terminal device 1100, and the processor having the processing function may be regarded as the processing unit 1102 of the terminal device 1100. As shown in fig. 22, the terminal device 1100 includes a transceiving unit 1101 and a processing unit 1102. A transceiver unit may also be referred to as a transceiver, a transceiving device, etc. Optionally, a device for implementing the receiving function in the transceiving unit 1101 may be regarded as a receiving unit, and a device for implementing the transmitting function in the transceiving unit 1101 may be regarded as a transmitting unit, that is, the transceiving unit 1101 includes a receiving unit and a transmitting unit. For example, the receiving unit may also be referred to as a receiver, a receiving circuit, etc., and the sending unit may be referred to as a transmitter, a transmitting circuit, etc.

Fig. 23 is a schematic structural diagram of another terminal device 1200 provided in the present application. In fig. 23, the terminal device includes a processor 1210, a transmit data processor 1220, and a receive data processor 1230. The processing unit in the above embodiments may be the processor 1210 in fig. 13, and performs corresponding functions. The transceiving unit in the above-described embodiment may be the transmit data processor 1220, and/or the receive data processor 1230 in fig. 23. Although fig. 23 shows a channel encoder and a channel decoder, it is understood that these blocks are not limitative and only illustrative to the present embodiment.

Fig. 24 is a schematic structural diagram of a network device 1300 according to an embodiment of the present application, which can be used to implement the functions of the network device in the foregoing method. The network device 1300 includes one or more radio frequency units, such as a Remote Radio Unit (RRU) 1301 and one or more baseband units (BBUs) (also referred to as digital units, DUs) 1302. The RRU1301 may be referred to as a transceiver unit, transceiver circuitry, or transceiver, etc., which may include at least one antenna 13011 and a radio frequency unit 13012. The RRU1301 is mainly used for transceiving radio frequency signals and converting the radio frequency signals and baseband signals, for example, to send signaling messages in the above embodiments to a terminal device. The BBU 1302 is mainly used for performing baseband processing, controlling a base station, and the like. The RRU1301 and the BBU 1302 may be physically disposed together or may be physically disposed separately, that is, a distributed base station.

The BBU 1302 is a control center of a base station, and may also be referred to as a processing unit, and is mainly used for performing baseband processing functions, such as channel coding, multiplexing, modulation, spreading, and the like. For example, the BBU (processing unit) 1302 can be used for controlling the base station 130 to execute the operation flow related to the network device in the above-mentioned method embodiment.

In an example, the BBU 1302 may be formed by one or more boards, and the boards may support a radio access network of a single access system (e.g., an LTE system or a 5G system) together, or may support radio access networks of different access systems respectively. The BBU 1302 also includes a memory 13021 and a processor 13022. The memory 13021 is used to store necessary instructions and data. The memory 13021 stores, for example, the codebooks and the like in the above-described embodiments. The processor 13022 is configured to control the base station to perform necessary actions, for example, to control the base station to execute the operation flow related to the network device in the above method embodiment. The memory 13021 and processor 13022 may serve one or more boards. That is, the memory and processor may be provided separately on each board. Multiple boards may share the same memory and processor. In addition, each single board can be provided with necessary circuits.

In one possible implementation, with the development of system-on-chip (SoC) technology, all or part of functions of the part 1302 and the part 1301 may be implemented by SoC technology, for example, by a base station function chip integrating a processor, a memory, an antenna interface, and other devices, and a program of related functions of the base station is stored in the memory and executed by the processor to implement the related functions of the base station. Optionally, the base station function chip can also read a memory outside the chip to implement the relevant functions of the base station.

It should be understood that the structure of the network device illustrated in fig. 24 is only one possible form, and should not limit the embodiments of the present application in any way. This application does not exclude the possibility of other forms of base station structure that may appear in the future.

In a New Radio (NR) system, system information includes a Master Information Block (MIB), a system information block 1 (SIB 1), and system information blocks other than SIB 1. Other system information blocks besides the SIB1 are also referred to as Other System Information (OSI). When the MIB, the SIB1, or the OSI changes, the network device may notify the terminal device of the change of the system information through paging, and then the terminal device reads the MIB and the SIB1 again, and determines which SIB in the specific OSI has changed according to the value tag of each SIB in the OSI indicated in the SIB1, and then acquires the corresponding SIB, however, the terminal device in a Radio Resource Control (RRC) connection state may operate in a Bandwidth part (BWP) that cannot receive paging, which may cause the network device to fail to notify the terminal device of the change of the system information in time, and further cause the terminal device to fail to update the system information, which may cause the system information stored in the terminal device to be outdated, and further affect the normal operation of the terminal device. The application provides a method for acquiring system information, which can acquire updated system information when a terminal device cannot receive paging.

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.

Before describing the present application, a part of terms in the embodiments of the present application will be briefly explained so as to be easily understood by those skilled in the art.

1) The system information includes a Master Information Block (MIB), a system information block 1 (SIB 1), and system information blocks other than SIB 1. Other system information blocks besides the SIB1 are also referred to as Other System Information (OSI). MIB and SIB1 are essential system information, OSI is non-essential system information. OSI is transported as it is carried over system information messages, and one system information message can carry multiple OSI.

2) SI message (SI message) for carrying SI. One SIB or multiple SIBs (excluding SIB1) may be included in one SI message. The mapping relationship between SIBs and SI messages (i.e., which SIBs are included in one SI message) may be included in SIB1 (e.g., in the scheduling information). The scheduling information may include a scheduling period (SI-periodicity) and the type of SIB carried (i.e., the mapping relationship of the SIB to the SI message, etc.). Typically one SIB cannot be split mapped into two different SI messages. For example, one SIB may be carried to one SI message, the base station broadcasts the SI message, and the SIB may be notified to the terminal device.

3) Bandwidth part (BWP or BP), in New Radio (NR) systems, the concept of BWP is introduced in consideration of different traffic types, bandwidth capabilities of terminal devices or power consumption of terminal devices. The base station can realize flexible scheduling of the terminal device by configuring various BWPs with different bandwidths for the terminal device.

BWP may be a continuous resource in the frequency domain, and may also be referred to as a carrier bandwidth part (carrier bandwidth part), a sub-band (subband) bandwidth, a narrowband or narrowband (narrowband) bandwidth, or may also have another name, and in this embodiment, for simplicity, the name BWP is taken as an example. For example, one BWP contains consecutive K (K >0) subcarriers; or, one BWP is a frequency domain resource where N non-overlapping continuous Resource Blocks (RBs) are located, and the subcarrier spacing of the RBs may be 15KHz, 30KHz, 60KHz, 120KHz, 240KHz, 480KHz or other values; alternatively, a BWP is a frequency domain resource where M non-overlapping consecutive Resource Block Groups (RBGs) are located, and an RBG includes P (P >0) consecutive RBs whose subcarrier spacing (SCS) may be 15KHz, 30KHz, 60KHz, 120KHz, 240KHz, 480KHz or other values, such as integer multiples of 2. One BWP is associated with one specific system parameter (numerology) including subcarrier spacing, Cyclic Prefix (CP), or subcarrier spacing and CP. Further, BWP may also be a discontinuous multi-segment resource in the frequency domain.

Within a carrier bandwidth (carrier BW), only one BWP may be configured for one terminal device, the bandwidth of the BWP may be less than or equal to the terminal device bandwidth capability (UE bandwidth capability), and the terminal device bandwidth capability may be less than or equal to the carrier bandwidth (carrier BW). In the carrier bandwidth, two BWPs, BWP1 and BWP2 respectively, may also be configured for one terminal device, and the bandwidths of BWP1 and BWP2 may overlap. In the carrier bandwidth, two BWPs, BWP1 and BWP2 respectively, may also be configured for one terminal device, and BWP1 and BWP2 may not overlap. The system parameters for BWP1 and BWP2 may be the same system parameters or may be different system parameters. In practice, the configuration of the BWP (for example, the number, location, and/or system parameters of the BWP) may be other configurations, and the embodiment of the present invention is not limited thereto.

As shown in fig. 25, BWPs can be divided into two categories, Initial BWPs and Active BWPs. The Initial BWP refers to the bandwidth of the SIB1 at the location indicated by the MIB broadcast in the cell defined synchronization information block (SSB). On the Initial BWP, the UE may acquire SIB1 and Other System Information (OSI), and may listen for paging, mainly for the terminal device to initiate random access, etc. Active BWP is mainly used for data service transmission, and when a UE has a service, the base station will schedule the terminal device from the Initial BWP to a BWP with a bandwidth matching the service. A Physical Downlink Control Channel (PDCCH) Common Search Space (CSS) of Type0A and Type2 is configured on the Active BWP. The terminal device may receive pages and OSI on the current Active BWP.

5) ValueTag, which is used to identify the content version (content tag) of other SIBs besides SIB1, may be understood as the version tag of the SIB. The Value of "Value Tag" for each SIB other than SIB1 is included in SIB1 to identify the content version of the SIB. The value indicated by the "ValueTag" performs an add 1 operation each time the contents of the SIB change. At present, the value tag occupies 5 bits and can indicate 0 to 31, namely 32 values. When the value of the "ValueTag" is 31, then if the content of the SIB changes, the value indicated by the "ValueTag" will be changed to 0 after performing the operation of adding 1. When the terminal device stores the SIB, the value of "ValueTag" in the SIB1 is also stored, and when the network side notifies that the system information changes, the terminal device receives the SIB1 again, then acquires the SIB in the SIB1, and determines whether the content of the stored SIB changes by comparing the value of "ValueTag" of the newly received SIB1 with the value of "ValueTag" of the previous SIB 1. If the terminal equipment determines that the value of the newly received SIB1 'ValueTag' is the same as the value of the previous SIB1 'ValueTag', it is determined that the content of the SIB in the SIB1 has not changed, and the terminal equipment does not need to reacquire the SIB; on the contrary, if the terminal device determines that the value of the "ValueTag" of the newly received SIB1 is not the same as the value of the "ValueTag" of the previous SIB1, it is determined that the content of the SIB in the SIB1 has changed, and the terminal device needs to reacquire the SIB.

Having described some of the concepts related to the embodiments of the present application, the following describes features of the embodiments of the present application.

In the current network, when the MIB, SIB1, or OSI changes, the network device notifies the terminal device of the change of system information through paging, and the terminal device then reads the MIB and SIB1 again, determines which specific SIB has changed through the value tag of each SIB in the OSI indicated in SIB1, and then acquires the corresponding SIB, however, the terminal device in a Radio Resource Control (RRC) connection state may work on a Bandwidth part (BWP) that cannot receive paging, which may cause the network device to fail to notify the terminal device of the change of system information in time, and further cause the terminal device to fail to update system information, which may cause the system information stored in the terminal device to be outdated, thereby affecting normal operation of the terminal device. One possible approach is that when the SIB1 or OSI changes, the network device sends the updated SIB1 to all connected terminal devices through dedicated signaling, but the content of SIB1 is large and the number of OSI is large, and the change of each OSI triggers the transmission of SIB1, which wastes communication resources significantly.

In view of this, the present application provides an OSI updating method, which can reduce resource consumption and improve network resource utilization.

For convenience of introduction, in the following, the method is performed by a network device and a terminal device as an example, that is, the first communication apparatus is a terminal device, and the second communication apparatus is a network device as an example. The terminal device is in an RRC connected state and no common search space is configured for receiving paging and/or system information on an active BWP in which the terminal device is currently operating.

The flow of this method is depicted in fig. 26.

S2601, the network device sends first indication information to the terminal device, wherein the first indication information is used for indicating other system information OSI updates, and the OSI comprises at least one system information block SIB; the first indication information includes a content version valueTag of at least one SIB.

OSI includes other information blocks besides SIB1 including SIB2, SIB3, etc. system information blocks. Wherein different SIBs carry different content and support different functions. For example, SIB2-SIB5 in NR are used to provide information related to cell reselection, SIB6-SIB8 are used to provide common warning information, and SIB9 is used to provide timing information. And the terminal equipment selects and stores the corresponding SIB according to the required function. Note that the value of at least one OSI indicates the value of an SIB in at least one OSI. The OSI, as described herein, may refer to all SIBs except SIB1, or may refer to a SIB or SIBs other than SIB 1. The OSI including SIB2-SIB9 is taken as an example for illustration, but the number of OSI including SIB is not limited in this case.

In a possible implementation manner, the first indication information includes the value tags corresponding to all SIBs in the OSI, that is, includes the value tags corresponding to SIB2-SIB9, it should be noted that here, a part of SIBs in SIB2-SIB9 may need to be updated or all SIBs may need to be updated.

In a possible implementation manner, the first indication information includes a value tag corresponding to a part of SIB in OSI, for example, includes a value tag corresponding to SIB5 and SIB 6. The description is given to a part of SIBs in OSI, which may be SIBs that are changed and require updating by the terminal equipment, such as SIB5 and SIB6, and SIBs other than SIB5 and SIB6 do not require updating; or the partial SIB is transmitted for the terminal device, that is, the terminal device only needs SIB5 and SIB6, and does not need other SIBs. In this implementation, the first indication information may further include identification information of the partial SIB.

How the network device knows that the terminal device only needs SIB5 and SIB6 is beyond the scope of this discussion.

The first indication information may be a bitmap for indicating OSI change information, for example, the bitmap has 8 bits, and each bit of information corresponds to the change information of SIB2-SIB 9. For example, the first bit indicates whether the SIB2 has changed, the second bit indicates whether the SIB3 has changed, and so on. The information of the bitmap may be represented by 0 or 1, where, for example, 0 indicates that the system information block corresponding to the position has not changed, and 1 indicates that the system information block corresponding to the position has changed. When the information of the bitmap is 01111000, it indicates that SIB3, SIB4, SIB5, and SIB6 need to be updated.

The network device may send the first indication information through RRC dedicated signaling, or may send the first indication information in a broadcast manner.

S2602, the terminal device determines the SIB needing to be updated.

And the terminal equipment updates the stored SIB1 according to the first indication information, and specifically updates the value tag of the SIB in the stored SIB1 to the value tag of the corresponding SIB in the first indication information.

And the terminal equipment determines whether the SIB needs to be updated according to the value tag of the OSI carried by the first indication information.

In a possible implementation manner, the first indication information includes the value tags corresponding to all the SIBs in the OSI, and the terminal device determines whether the stored value tag of a certain SIB is consistent with the value tag corresponding to the SIB in the first indication information, and if not, indicates that the SIB needs to be updated. For example, before the terminal device receives the first indication information, it already stores SIB2 and its value tag, and the value of the value tag is X, if the first indication information indicates that the value tag of SIB2 is Y, it indicates that SIB2 needs to be updated, and if the first indication information indicates that the value tag of SIB2 is X, it indicates that the content of SIB2 does not need to be updated.

In a possible implementation manner, the first indication information includes a value tag corresponding to a partial SIB in OSI, and the terminal device compares the stored value tag of the SIB with the value tag corresponding to the SIB in the first indication information, and if the value tag is different from the value tag corresponding to the SIB in the OSI, it indicates that the SIB needs to be updated. For example, the first indication information includes SIB4, value tag of SIB5, and the terminal device has stored SIB4 before receiving the first indication information, so the terminal device needs to update SIB 4. If the terminal device did not store SIB4 or SIB5 before receiving the first indication information, the terminal device does not need to be updated.

S2603, sending a request message to the network device, the request message being used for requesting SIB needing to be updated

After determining the SIB needing updating, the terminal device may request the SIB from a network device, or obtain the updated SIB from other approaches, which is not limited in this disclosure.

After the terminal device acquires the updated SIB, the updated SIB and the value tag corresponding to the SIB in the first indication information are stored together.

It should be noted that, if the first indication information is a bitmap indicating OSI change information, the terminal device determines whether the previously stored SIB needs to be updated according to the bitmap, for example, the bitmap is 8 bits, and each bit of information corresponds to change information of SIB2-SIB 9. For example, the first bit indicates whether the SIB2 has changed, the second bit indicates whether the SIB3 has changed, and so on. The information of the bitmap may be represented by 0 or 1, where, for example, 0 indicates that the system information block corresponding to the position has not changed, and 1 indicates that the system information block corresponding to the position has changed. For example, the bitmap information is 01111000, and the terminal device stores SIB3, SIB4 before receiving the first indication information, at which time the terminal device needs to update SIB3, SIB 4. After determining the SIBs requiring updating, the terminal device may request the SIBs requiring updating from the network device.

It should be understood that in the embodiments of the present application, the processor may be a Central Processing Unit (CPU), and the processor may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It will also be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM).

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are generated in whole or in part when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The available media may be magnetic media (e.g., floppy disks, hard disks, tapes), optical media (e.g., DVDs), or semiconductor media. The semiconductor medium may be a solid state disk.

An embodiment of the present application further provides a communication system, including: the terminal device and the network device.

The present application also provides a computer readable medium for storing a computer program code, where the computer program includes instructions for executing the method of data security processing of the present application in the methods 200 to 400. The readable medium may be a read-only memory (ROM) or a Random Access Memory (RAM), which is not limited in this embodiment of the present application.

The present application also provides a computer program product comprising instructions that, when executed, cause the terminal device and the network device to perform operations corresponding to the first and second apparatuses of the above method, respectively.

An embodiment of the present application further provides a system chip, where the system chip includes: a processing unit, which may be, for example, a processor, and a communication unit, which may be, for example, an input/output interface, a pin or a circuit, etc. The processing unit can execute computer instructions to enable a chip in the communication device to execute any one of the above methods for data security processing provided by the embodiments of the present application.

Optionally, any one of the communication devices provided in the embodiments of the present application may include the system chip.

Optionally, the computer instructions are stored in a storage unit.

Alternatively, the storage unit is a storage unit in the chip, such as a register, a cache, and the like, and the storage unit may also be a storage unit located outside the chip in the terminal, such as a ROM or other types of static storage devices that can store static information and instructions, a RAM, and the like. The processor mentioned in any of the above may be a CPU, a microprocessor, an ASIC, or one or more integrated circuits for controlling the execution of programs of the above-mentioned method for processing data security. The processing unit and the storage unit may be decoupled, and are respectively disposed on different physical devices, and are connected in a wired or wireless manner to implement respective functions of the processing unit and the storage unit, so as to support the system chip to implement various functions in the foregoing embodiments. Alternatively, the processing unit and the memory may be coupled to the same device.

It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM).

The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

The terms "upstream" and "downstream" appearing in the present application are used to describe the direction of data/information transmission in a specific scenario, for example, the "upstream" direction generally refers to the direction of data/information transmission from the terminal to the network side, or the direction of transmission from the distributed unit to the centralized unit, and the "downstream" direction generally refers to the direction of data/information transmission from the network side to the terminal, or the direction of transmission from the centralized unit to the distributed unit.

Various objects such as various messages/information/devices/network elements/systems/devices/actions/operations/procedures/concepts may be named in the present application, it is to be understood that these specific names do not constitute limitations on related objects, and the named names may vary according to circumstances, contexts, or usage habits, and the understanding of the technical meaning of the technical terms in the present application should be mainly determined by the functions and technical effects embodied/performed in the technical solutions.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the unit is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), and random access.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

A method for secure processing of data, comprising:

determining a first transmission mode of first data, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode for transmitting by using unicast and multicast;

and determining a safe processing mode of the first data according to the first transmission mode.
The method of claim 1,

when the first transmission mode is a unicast transmission mode, the security processing mode of the first data is first security processing; or

When the first transmission mode is a multicast transmission mode, the security processing mode of the first data is second security processing; or

When the first transmission mode is a unicast transmission mode and a multicast transmission mode, the security processing mode of the first data is first security processing, the security processing mode of the second data is second security processing, and the second data is obtained by copying the first data.
The method of claim 2,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security process is not performed.
The method of claim 2,

the first security process comprises encrypting and/or integrity protecting data using a third parameter and/or a third algorithm;

the second security process is not performed.
The method of claim 2,

the first security process is a non-security process. The second security process includes encrypting and/or integrity protecting data using a second parameter and/or a second algorithm.
The method of claim 2,

the first security process is a non-security process. The second security process comprises encrypting and/or integrity protecting the data using a fourth parameter and/or a fourth algorithm.
The method of claim 2,

the first security processing comprises encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm, or the first security processing comprises decrypting and/or integrity verifying data by using a third parameter and/or a third algorithm;

the second security processing comprises encrypting and/or integrity protecting the data by using a second parameter and/or a second algorithm, or the second security processing comprises decrypting and/or integrity verifying the data by using a fourth parameter and/or a fourth algorithm;

the first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or,

the third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.
The method according to any of claims 3 to 7, wherein the first parameter comprises a first key and/or wherein the second parameter comprises a second key; or the like, or, alternatively,

the third parameter comprises a third key and/or the fourth parameter comprises a fourth key.
A method for secure processing of data, comprising:

performing first security processing on the first data;

performing second security processing on second data, wherein the second data is obtained by copying the first data;

and sending the first data after the first security processing and/or sending the second data after the second security processing according to a first transmission mode of the data, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode for transmitting by using unicast and multicast.
The method according to claim 9, wherein the sending the first data after the first security processing and/or sending the second data after the second security processing according to the first transmission mode of data comprises:

when the first transmission mode is a unicast transmission mode, sending the first data subjected to the first security processing;

when the first transmission mode is a multicast transmission mode, sending the second data after the second safety processing;

and when the first data transmission mode is a unicast transmission mode or a multicast transmission mode, sending the first data subjected to the first security processing and the second data subjected to the second security processing.
The method according to claim 9 or 10,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security process is not performed.
The method according to claim 9 or 10,

the first safety processing is not carried out;

the second security process includes encrypting and/or integrity protecting data using a second parameter and/or a second algorithm.
The method according to claim 9 or 10,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security processing comprises encrypting and/or integrity protecting data with a second parameter and/or a second algorithm;

the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.
The method according to any one of claims 9 to 13,

the first parameter comprises a first key and/or the second parameter comprises a second key.
A method for secure processing of data, comprising:

performing first security processing on the first data;

determining a first transmission mode of the first data after the first security processing, wherein the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode for transmitting by using unicast and multicast;

when the first transmission mode is a unicast transmission mode, the unicast transmission mode is utilized to send the first data after the first security processing;

when the first transmission mode is a multicast transmission mode, the first data after the first security processing is sent by using the multicast transmission mode;

when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the unicast transmission mode is used for sending the first data after the first safety processing, and the multicast transmission mode is used for sending third data, wherein the third data is obtained by copying the first data after the first safety processing.
The method of claim 15,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm; alternatively, the first and second electrodes may be,

the first security process is a non-security process.
The method of claim 16,

the first parameter includes a first key.
A communications apparatus, comprising:

a processing unit, configured to determine a first transmission mode of first data, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of the unicast and multicast transmission modes, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast;

the processing unit is further configured to determine a secure processing manner for the first data according to the first transmission manner.
The apparatus of claim 18,

when the first transmission mode is a unicast transmission mode, the processing unit determines that the security processing mode of the first data is first security processing; or

When the first transmission mode is a multicast transmission mode, the processing unit determines that the security processing mode of the first data is second security processing; or

When the first transmission mode is a unicast transmission mode and a multicast transmission mode, the processing unit determines that the security processing mode of the first data is first security processing, the security processing mode of the second data is second security processing, and the second data is obtained by copying the first data.
The apparatus of claim 19,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security process is not performed.
The apparatus of claim 19,

the first security process comprises encrypting and/or integrity protecting data using a third parameter and/or a third algorithm;

the second security process is not performed.
The method of claim 19,

the first security process is a non-security process. The second security process includes encrypting and/or integrity protecting data using a second parameter and/or a second algorithm.
The apparatus of claim 19,

the first security process is a non-security process. The second security process comprises encrypting and/or integrity protecting the data using a fourth parameter and/or a fourth algorithm.
The apparatus of claim 19,

the first security processing comprises encrypting and/or integrity protecting data by using a first parameter and/or a first algorithm, or the first security processing comprises decrypting and/or integrity verifying data by using a third parameter and/or a third algorithm;

the second security processing comprises encrypting and/or integrity protecting the data by using a second parameter and/or a second algorithm, or the second security processing comprises decrypting and/or integrity verifying the data by using a fourth parameter and/or a fourth algorithm;

the first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or,

the third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.
The apparatus according to any of claims 20 to 24, wherein the first parameter comprises a first key, and/or wherein the second parameter comprises a second key; or the like, or, alternatively,

the third parameter comprises a third key and/or the fourth parameter comprises a fourth key.
A communications apparatus, comprising:

the processing unit is used for carrying out first safety processing on the first data;

the processing unit is further configured to perform second security processing on second data, where the second data is obtained by copying the first data;

a transceiver unit, configured to send the first data after the first security processing and/or send the second data after the second security processing according to a first transmission mode of data, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast.
The apparatus of claim 26, wherein the transceiver unit is further configured to;

when the first transmission mode is a unicast transmission mode, sending the first data subjected to the first security processing;

when the first transmission mode is a multicast transmission mode, sending the second data after the second safety processing;

and when the first data transmission mode is a unicast transmission mode or a multicast transmission mode, sending the first data subjected to the first security processing and the second data subjected to the second security processing.
The apparatus of claim 26 or 27,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security process is not performed.
The apparatus of claim 26 or 27,

the first safety processing is not carried out;

the second security process includes encrypting and/or integrity protecting data using a second parameter and/or a second algorithm.
The apparatus of claim 26 or 27,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm;

the second security processing comprises encrypting and/or integrity protecting data with a second parameter and/or a second algorithm;

the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.
The apparatus of any one of claims 26 to 30,

the first parameter comprises a first key and/or the second parameter comprises a second key.
A communications apparatus, comprising:

the processing unit is used for carrying out first safety processing on the first data;

the processing unit is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode in which transmission is performed using unicast and multicast;

a receiving and sending unit, configured to send the first data after the first security processing by using a unicast transmission mode when the first transmission mode is the unicast transmission mode;

the transceiver unit is further configured to send the first data after the first security processing by using a multicast transmission mode when the first transmission mode is the multicast transmission mode;

the transceiver unit is further configured to send, when the first transmission mode is a unicast transmission mode and a multicast transmission mode, the first data after the first security processing by using the unicast transmission mode, and send third data by using the multicast transmission mode, where the third data is obtained by copying the first data after the first security processing.
The apparatus of claim 32,

the first security processing comprises encrypting and/or integrity protecting data with a first parameter and/or a first algorithm; alternatively, the first and second electrodes may be,

the first security process is a non-security process.
The apparatus of claim 33,

the first parameter includes a first key.
An apparatus for communication, the apparatus comprising at least one processor coupled with at least one memory:

the at least one processor configured to execute computer programs or instructions stored in the at least one memory to cause the apparatus to perform the method of any of claims 1-8, 9-14, or 15-17.
A computer-readable storage medium, having stored thereon a computer program or instructions, which, when read and executed by a computer, causes the computer to perform the method of any one of claims 1-8, 9-14 or 15-17.
A chip, comprising: a processor for calling and running a computer program from a memory to cause a communication device in which the chip is installed to perform the method of any of claims 1-8, 9-14 or 15-17.