CN116801237A

CN116801237A - Data transmission method and device, electronic equipment and storage medium

Info

Publication number: CN116801237A
Application number: CN202210271899.5A
Authority: CN
Inventors: 张金成; 景伟; 张姚姚
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2022-03-18
Filing date: 2022-03-18
Publication date: 2023-09-22

Abstract

The disclosure relates to a data transmission method and device, electronic equipment and storage medium. The method is applied to the terminal and comprises the following steps: when the preset algorithm change condition is met, sending a security algorithm change request to a core network of the network to which the security algorithm is attached, so that the core network issues indication information for changing the security algorithm; and processing the data based on the security algorithm specified by the indication information so as to improve the security of the data, and transmitting the processed data to the core network.

Description

Data transmission method and device, electronic equipment and storage medium

Technical Field

The disclosure relates to the field of communication, and in particular, to a data transmission method and device, an electronic device, and a storage medium.

Background

In order to ensure the security of data transmission, when the terminal transmits data through the network, the terminal generally processes the data through a security algorithm and then transmits the data.

In the related art, a terminal and a core network included in a network generally process data to be transmitted through a fixed security algorithm. Although the method can improve the security of the data to a certain extent, once the adopted security algorithm is cracked, the data is very likely to be stolen or tampered, and the security of the data is seriously influenced.

Disclosure of Invention

The disclosure provides a data transmission method and device, electronic equipment and a storage medium, which can dynamically change an encryption algorithm adopted by data transmission and improve data security.

According to a first aspect of the present disclosure, there is provided a data transmission method, applied to a terminal, including:

when the preset algorithm change condition is met, sending a security algorithm change request to a core network of the network to which the security algorithm is attached, so that the core network issues indication information for changing the security algorithm;

and processing the data based on the security algorithm specified by the indication information so as to improve the security of the data, and transmitting the processed data to the core network.

According to a second aspect of the present disclosure, there is provided a data transmission apparatus, applied to a terminal, including:

a sending unit, configured to send a security algorithm change request to a core network of a network to which the security algorithm is to be changed when a preset algorithm change condition is satisfied, so that the core network issues instruction information for changing the security algorithm;

and the processing unit is used for processing the data based on the security algorithm specified by the indication information so as to improve the security of the data and transmitting the processed data to the core network.

According to a third aspect of the present disclosure, there is provided an electronic device comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of the first aspect by executing the executable instructions.

According to a fourth aspect of the present disclosure there is provided a computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of the method according to the first aspect.

In the technical scheme of the disclosure, an algorithm change condition is preset in the terminal to determine whether a security algorithm for data interaction with the core network needs to be changed. When the algorithm change condition is satisfied, a security algorithm change request may be sent to the core network, so that the core network issues instruction information for instructing to change the security algorithm to be used. Based on the above, the terminal can process the data based on the changed security algorithm and transmit the processed data to the core network.

It should be understood that the security algorithm adopted when the terminal and the core network perform data transmission can be dynamically changed, so that the security problem that data is easy to steal or tamper due to the fact that the terminal and the core network perform data transmission by adopting a fixed security algorithm in the related art is avoided.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.

FIG. 1 is a flow chart of a data transmission method according to an exemplary embodiment of the present disclosure;

FIG. 2 is an interaction diagram of a data transmission method according to an exemplary embodiment of the present disclosure;

FIG. 3 is an interactive schematic diagram of a network attachment process shown in an exemplary embodiment of the present disclosure;

fig. 4 is a block diagram of a data transmission apparatus according to an exemplary embodiment of the present disclosure;

fig. 5 is a block diagram of another data transmission apparatus shown in an exemplary embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an electronic device in an exemplary embodiment of the present disclosure.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.

The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in this disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.

In the related art, a terminal negotiates a security algorithm for data transmission with a core network of a network to which the terminal belongs in advance. Then, whether the terminal transmits data to the core network or the core network transmits data to the terminal, the data is processed by the security algorithm preferentially, so that the security of the data is improved, and then the data is transmitted.

It is clear that, because the related technology adopts a fixed security algorithm to process the data, once the security algorithm adopted by the terminal and the core network is cracked, the data is very likely to be stolen or tampered, and the security of the data is greatly threatened.

Therefore, the disclosure proposes a data transmission method to avoid the problem that data is easy to be stolen or tampered due to the fact that a fixed security algorithm is adopted for data transmission in the related art.

Fig. 1 is a flowchart of a data transmission method according to an exemplary embodiment of the present disclosure, which is applied to a terminal. As shown in fig. 1, the method may include the steps of:

step 102, when a preset algorithm change condition is met, sending a security algorithm change request to a core network of the network to which the security algorithm is attached, so that the core network issues indication information for changing the security algorithm.

As can be seen from the above description, the related art is prone to the problem of tampering or theft of data during data transmission, which is caused by adopting a fixed security algorithm for data transmission.

In view of this, the present disclosure does not perform data transmission based on a fixed security algorithm, but sets an algorithm modification condition of the security algorithm adopted in the data transmission process in advance. Then, once the state of the terminal satisfies the algorithm change condition, an algorithm change request can be sent to the core network of the network to which the terminal belongs, so that the core network issues instruction information for instructing to change the security algorithm. On the basis, the terminal can process the data based on the security algorithm specified by the indication information and then transmit the data.

It is to be understood that the present disclosure is equivalent to dynamically changing a security algorithm used in a data transmission process based on whether a state in which a terminal is located satisfies an algorithm change condition. Then, even if the security algorithm adopted by the terminal is cracked, after the adopted security algorithm is changed, the changed security algorithm is not cracked, so that the situation that the data is stolen or tampered is avoided. Compared with the related art, the technical scheme of the present disclosure improves the security in the data transmission process.

In the present disclosure, different algorithm changing conditions may be preset according to actual requirements.

In an embodiment, since the terminal is moving across from one network cell to another, the terminal needs to camp again to remain connected to the core network. Then, the embodiment can take the change of the network cell where the terminal is located as the algorithm change condition, that is, once the terminal finds that the network cell where the terminal is located changes, the algorithm change request can be initiated to the core network.

In this embodiment, since the terminal needs to send a network attach request to the core network in the process of camping on the network again, so as to generate a connection with the core network again after crossing the network cell, this embodiment may use the network attach request as the above algorithm change request, and accordingly, the core network may also add the instruction information for instructing to change the security algorithm to the network attach response corresponding to the network attach request. It can be seen that this approach is equivalent to attaching a request and an instruction to change the security algorithm to the network attachment interaction process of the re-resident network, avoiding the situation that an independent data interaction is required for the algorithm change.

In another embodiment, the terminal may crack the currently adopted security algorithm as the algorithm change condition, that is, once the currently adopted security algorithm is cracked, the algorithm change request may be initiated to the core network.

In this embodiment, the terminal may learn whether the security algorithm currently adopted is broken or not in various manners. In one case, the terminal itself or the core network may have the capability of detecting whether the security algorithm currently adopted is broken, for example, the terminal itself or the core network may negotiate in advance a fixed identifier attached to the data, and once the fixed identifier included in the received data changes, it may be determined that the security algorithm currently adopted is broken, which is of course only schematic, and how to detect whether the security algorithm is broken specifically may be determined by those skilled in the art according to the actual situation, which is not limited in this disclosure. In another case, the vendor server may issue a message that the specific security algorithm is broken to the terminal produced by the vendor server, so that the terminal determines whether the security algorithm needs to be changed, for example, when the users of some of the terminals find that the data sent by the opposite terminal users are inconsistent with the data received by the terminal users, the situation may be reported to the vendor server, and then the vendor server may determine that the specific security algorithm adopted by the reporting terminal is the broken security algorithm.

In yet another embodiment, the terminal may determine whether to initiate the algorithm change request according to a duration of use or a number of uses of the currently employed security algorithm. For example, the terminal may time the usage time of the security algorithm adopted by the terminal, and when the usage time of the security algorithm reaches a preset time threshold, it may be determined that the above algorithm change condition is satisfied; for another example, the terminal may count the number of data interactions of the security algorithm adopted by the terminal, and then determine that the above algorithm change condition is satisfied when the number of data interactions performed by the security algorithm currently adopted reaches a preset number threshold.

It should be noted that any one of the above embodiments may be preset as the algorithm change condition, or any one of the above embodiments may be preset as the algorithm change condition. Which case or cases are specifically preset as the algorithm change conditions can be determined by those skilled in the art according to actual needs, which is not limited in this disclosure.

And 104, processing the data based on the security algorithm specified by the indication information to improve the security of the data, and transmitting the processed data to the core network.

In the present disclosure, a procedure of negotiating in advance a security algorithm adopted by the data interaction between the terminal and the core network may also be included.

For example, the terminal may send a security algorithm specification request to the core network for informing the terminal of a variety of security algorithms that can be employed. And then the core network can select any security algorithm adopted in data interaction from a plurality of security algorithms, and return a security algorithm designation response corresponding to the security algorithm designation request to the terminal. Based on the above, the terminal can determine the security algorithm designated by the security algorithm designated response as the security algorithm adopted in data interaction.

As another example, the present disclosure may rank security algorithms in advance so that the terminal and the core network negotiate the security algorithm employed for data transmission based on the algorithm rank. For example, the terminal may send a security algorithm assignment request to the core network for informing the terminal of the algorithm level that can be supported. Then, the core network can select any security algorithm adopted when the data interaction is performed from a plurality of security algorithms belonging to the algorithm level, and return a security algorithm designation response corresponding to the security algorithm designation request to the terminal. Based on the above, the terminal can determine the security algorithm designated by the security algorithm designated response as the security algorithm adopted in data interaction.

In this example, the algorithm level to which each security algorithm belongs may be related to the complexity of the algorithm, for example, the algorithm level to which each security algorithm belongs may be positively related to the complexity of the algorithm, i.e., the higher the complexity, the higher the algorithm level to which the security algorithm belongs. Of course, the higher the complexity, the more processing resources that need to be invoked during the running of the security algorithm, so the algorithm level to which the security algorithm belongs may also be positively correlated with the number of processing resources that need to be invoked during the running of the algorithm. On the basis, the security algorithm assignment request sent by the terminal to the core network can contain all the grade identifiers of the supportable algorithm grades; it may also contain only the level identifier of the highest algorithm level that can be supported, for characterizing all security algorithms whose terminal supported algorithm level is not higher than the highest algorithm level.

Of course, the foregoing examples are merely illustrative, and the security algorithm sent to the core network specifies which information is specifically included in the request, which may be set by those skilled in the art according to the actual situation, and only needs to inform the core network of the security algorithm that can be adopted by the terminal, which is not limited in this disclosure.

The security algorithm that can be used by the terminal generally depends on the system on which the terminal is installed. The system carried by the terminal is generally upgraded by an Over-the-Air (OTA) technology. Therefore, in the present disclosure, the terminal may also update the supported security algorithm when performing a system upgrade through the OTA technology. For example, the system update instruction issued by the manufacturer server to the terminal may include description information of a security algorithm that can be adopted by the terminal after the system update, and then, after receiving the system update instruction, the terminal may update the system of the terminal according to the system update instruction on one hand; on the other hand, the security algorithm which can be adopted by the system can be determined based on the description information of the security algorithm in the system updating instruction. Of course, the description information contained in the system update instruction corresponding to the above may be the algorithm identifier of the specific security algorithm, so that the terminal determines multiple security algorithms that can be adopted by the updated system; the algorithm level may also be a level identification of the algorithm level so that the terminal may be used to determine the algorithm level that the updated system can support. Of course, the foregoing examples are merely illustrative, and specific how to determine the security algorithm that can be used by the terminal may be determined by those skilled in the art according to actual needs, which is not limited by the present disclosure.

It should be noted that the security algorithm in the present disclosure may be any one or any several processing algorithms for improving data security. For example, the security algorithm may be an encryption algorithm for encrypting data; as another example, the security algorithm may be an integrity algorithm for ensuring data integrity. The security algorithm in this disclosure is specifically one or more algorithms, which may be determined by one skilled in the art based on actual circumstances, and this disclosure is not limited.

It should also be stated that the technical solution of the present disclosure may be applied to any type of terminal device, for example, the terminal device may be a mobile terminal such as a smart phone, a tablet computer, or a fixed terminal such as a smart television, a PC (personal computer ), etc. It should be understood that any terminal device that needs to perform data transmission may be used as an execution body of the present disclosure, and specifically, which type of terminal device is used as an execution body of the technical solution of the present disclosure may be determined by a person skilled in the art according to actual needs, which is not limited by the present disclosure.

According to the technical scheme, the algorithm changing conditions can be set for the security algorithm adopted by data transmission in advance, and then when the algorithm changing conditions are met, a security algorithm changing request can be sent to the core network of the network to which the algorithm changing conditions belong, so that the core network can send indication information for changing the security algorithm. On the basis, the terminal can process the data based on the security algorithm specified in the indication information and then transmit the processed data to the core network.

It should be appreciated that the present disclosure is equivalent to dynamically adjusting security algorithms employed in data transmission based on preset algorithm change conditions. It is not easy to imagine that even if the security algorithm adopted by the terminal is broken, after the terminal changes the security algorithm, the problem that data is stolen or tampered due to the fact that the security algorithm is broken in the related art is avoided because the changed security algorithm is not broken.

Furthermore, the present disclosure may use the change of the network cell in which the terminal is located as an algorithm change condition. In this case, the terminal may use the network attachment request that needs to be transmitted in the network residence process as the security algorithm change request, and the core network may only need to add the instruction information to the network attachment response corresponding to the network attachment request. In this way, the need for separate data interactions to effect a change in the security algorithm is avoided.

Next, taking a modification of the encryption algorithm by the smart phone through the network attachment request as an example, the technical scheme of the disclosure will be described.

Fig. 2 is an interaction diagram of a data transmission method according to an exemplary embodiment of the present disclosure. As shown in fig. 2, the method comprises the steps of:

step 201, the smart phone acquires support information of the system carried by the smart phone on each encryption algorithm.

In this embodiment, when the smart phone leaves the factory, a corresponding operating system is already installed, and a technician may add supporting information of the operating system for each encryption algorithm in the factory setting, so as to determine the encryption algorithm supported by the smart phone.

Of course, besides adding the supporting information for each encryption algorithm in the factory setting, since the smart phone needs to frequently update the operating system, the encryption algorithm supported by the updated operating system may also change, so after receiving the system update packet issued by the vendor server through the OTA, the smart phone may update the installed system based on the system update packet on one hand, and may read the supporting information for characterizing the encryption algorithm supported by the updated operating system included in the system update packet on the other hand.

Step 202, the smart phone sends a network attachment request to the MME of the network to which the smart phone belongs based on the acquired support information.

In this embodiment, after the support information of the encryption algorithm is obtained, it may be added to the network attachment request, so as to negotiate the encryption algorithm adopted for data transmission with the core network while the network is residing.

It should be stated that the core network includes a plurality of network elements, and if an LTE cellular network is taken as an example, MME (Mobility Management Entity, network node), SGW (Serving GateWay) and PGW (PDN GateWay) are called as a 4G core network. Wherein, the MME is responsible for a signaling processing part, including: access control; mobility management; attach and detach, session management functions, etc. Thus, in an LTE cellular network, after adding the support information of the ciphering algorithm to the network attach request, the network attach request is sent into the MME of the LTE cellular network. Of course, in practical application, the network attachment request is sent to the base station of the cell of the cellular network, and then forwarded to the MME by the base station.

In step 203, the mme reads the support information contained in the network attach request.

In this embodiment, after receiving the network attachment request, the MME may read the support information contained therein.

For example, the support information may be as shown in table 1 below:

algorithm identification	Support case
		SNOW 3G	Not support
AES	Support for
		ZUC ancestral algorithm	Support for
……	……

TABLE 1

In step 204, the mme selects one of a plurality of encryption algorithms supported by the smart phone as a first encryption algorithm.

In the above example, after the support information of each encryption algorithm shown in table 1 is obtained, one of the plurality of encryption algorithms supported by the support conditions in table 1 may be selected as the first encryption algorithm used when the smart phone and the MME perform data transmission.

In step 205, the mme adds the identification information of the selected first encryption algorithm to the network attach response.

With the above example, the first encryption algorithm may be determined by a random selection method. Assuming that the randomly selected first encryption algorithm is the ZUC ancestor algorithm, the identification information of the ZUC ancestor algorithm can be added to the network attachment response.

In step 206, the mme returns a network attach response to the smartphone.

After receiving the above example, the smart phone can read the identification information of the encryption algorithm included in the network attachment response, that is, the ZUC ancestral algorithm, after receiving the network attachment response. It is to be understood that after the smart phone reads the identification information of the ZUC ancestral algorithm, it is equivalent to completing the negotiation about the encryption algorithm, that is, the negotiation result is: the data is encrypted and transmitted by the ZUC ancestral algorithm.

It should be noted that in an actual network residence process, multiple interactions may be involved, for example, a conventional network attachment process may include multiple steps such as identity authentication, security mode setting, and the like, as shown in fig. 3. In this embodiment, the Attach Request shown in fig. 3 may be regarded as the above-described network Attach Request, and Security Mode Command returned by the MME after the authentication is completed may be regarded as a network Attach response. Of course, this implementation is merely illustrative, and in particular, which response is considered to be the network attachment response may be determined by those skilled in the art according to the actual situation, which is not limited in this embodiment.

In step 207, the smart phone performs encrypted communication with the MME through a first encryption algorithm.

With the above example, after the smart phone negotiates with the MME to determine the ZUC ancestor algorithm as the first encryption algorithm, the encrypted transmission of the data can be performed through the ZUC ancestor algorithm. Whether the MME sends data to the smart phone or the smart phone sends data to the MME, the data is preferably encrypted by a ZUC ancestral algorithm and then transmitted.

Step 208, the smart phone judges whether the cell of the cellular network where the smart phone is located changes; if yes, go to step 209, otherwise, return to step 207.

In this embodiment, in the process of data transmission between the smart phone and the MME through the first encryption algorithm, the smart phone may be located to determine whether a cell of the cellular network where the smart phone is located changes, and if so, it is necessary to re-camp, where the encryption algorithm used for data transmission may be changed by means of a network attachment request and a network attachment response sent in the re-camp process.

In step 209, the smart phone sends a network attach request to the MME.

In this step, the network attach request is used to instruct the MME to change the encryption algorithm used for data transmission.

Of course, before sending the network attachment request to the MME, it may also determine whether the own system is updated, and if so, further add the support information of the updated system for each encryption algorithm to the network attachment request, so that the MME updates the encryption algorithm support condition of the smart phone.

In step 210, the mme selects one of a plurality of encryption algorithms supported by the smart phone, except the first encryption algorithm, as the second encryption algorithm.

In this embodiment, after the MME receives the network attachment request of the smart phone again, any one of a plurality of encryption algorithms supported by the smart phone except the currently adopted first encryption algorithm may be selected as the changed second encryption algorithm.

In light of the above, the MME may use the AES algorithm in table 1 as the second encryption algorithm, and add the identification information of the AES algorithm to the network attach response.

In step 211, the mme adds the identification information of the second encryption algorithm to the network attach response.

In step 212, the mme returns a network attach response to the smartphone.

In this embodiment, after receiving the network attachment response returned by the MME, the smart phone may read the identification information of the second encryption algorithm included therein, and use the second encryption algorithm as the encryption algorithm adopted in the subsequent data transmission process.

In step 213, the smart phone performs encrypted communication with the MME through a second encryption algorithm.

In this embodiment, during the encrypted communication with the MME through the second encryption algorithm, the smart phone may further monitor whether the cell of the cellular network is changed, so as to determine whether the encryption algorithm adopted in the data transmission process needs to be renegotiated with the MME.

As can be seen from the above technical solutions, in this embodiment, the supporting information of each encryption algorithm by the smart phone may be uploaded to the MME of the network in advance, so that any one of the encryption algorithms supported by the smart phone may be selected by the MME as the encryption algorithm adopted when the MME performs data communication with the smart phone. In this embodiment, the encryption algorithm is also changed when the cell of the cellular network where the smart phone is located is changed to re-camp. By the method, the smart phone can dynamically change the adopted encryption algorithm according to the change of the resident network information, so that the problem that data is easy to leak or falsify due to the adoption of a fixed encryption algorithm in the related technology is avoided.

Fig. 4 is a block diagram of a data transmission apparatus according to an exemplary embodiment of the present disclosure. Referring to fig. 4, the apparatus includes a transmitting unit 401 and a processing unit 402.

A sending unit 401, configured to send a security algorithm change request to a core network of a network to which the preset algorithm change condition is met, so that the core network issues instruction information for changing the security algorithm;

the processing unit 402 processes the data based on the security algorithm specified by the indication information, so as to improve the security of the data, and transmits the processed data to the core network.

Optionally, the algorithm change condition includes at least one of:

the network cell in which the terminal is located changes;

the security algorithm adopted by the terminal is cracked;

the using time of the security algorithm adopted by the terminal currently reaches a time threshold;

and the number of data interaction times of the security algorithm currently adopted by the terminal reaches a time threshold.

Optionally, in the case that the algorithm change condition includes a change of a network cell in which the terminal is located, the sending unit 401 is further configured to:

and sending a network attachment request to a core network of the network to which the core network belongs, so that the core network adds the indication information in a network attachment response corresponding to the network attachment request.

Optionally, in the case that the algorithm change condition includes that the currently employed security algorithm is broken, the transmitting unit 401 is further configured to:

receiving a message sent by a manufacturer server and used for informing that a specific security algorithm is cracked;

and when the specific security algorithm is the currently adopted security algorithm, sending a security algorithm change request to a core network of the network to which the specific security algorithm belongs.

Optionally, the sending unit 401 is further used to:

sending a security algorithm specification request to a core network of a network to which the terminal belongs, wherein the security algorithm specification request is used for informing a plurality of security algorithms which can be adopted by the terminal, so that the core network selects any one from the plurality of security algorithms for data interaction;

and receiving a security algorithm assignment response issued by the core network aiming at the security algorithm assignment request, and determining the security algorithm assigned by the security algorithm assignment response as the security algorithm adopted by data interaction.

Optionally, the sending unit 401 is further used to:

sending a security algorithm specification request to a core network of a network, wherein the security algorithm specification request is used for informing an algorithm level which can be supported by the terminal so that the core network can select any security algorithm from a plurality of security algorithms belonging to the algorithm level for data interaction;

Optionally, the security algorithm includes: encryption algorithms and/or integrity protection algorithms.

As shown in fig. 5, fig. 5 is a block diagram of another data transmission apparatus according to an exemplary embodiment of the present disclosure, which further includes, on the basis of the foregoing embodiment shown in fig. 4: a receiving unit 403 and a determining unit 404.

Optionally, the method further comprises:

a receiving unit 403, configured to receive a system update instruction sent by a vendor server of the terminal, and update a system of the terminal according to the system update instruction;

a determining unit 404, configured to determine, based on the algorithm identifier included in the system update instruction, a plurality of security algorithms that can be adopted by the terminal after the system update is completed; or determining the algorithm level which can be supported by the terminal after the system updating is completed based on the level identification contained in the system updating instruction.

For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the objectives of the disclosed solution. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

Correspondingly, the disclosure also provides a data transmission device, which comprises: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement a data transmission method according to any of the above embodiments, for example the method may comprise: when the preset algorithm change condition is met, sending a security algorithm change request to a core network of the network to which the security algorithm is attached, so that the core network issues indication information for changing the security algorithm; and processing the data based on the security algorithm specified by the indication information so as to improve the security of the data, and transmitting the processed data to the core network.

Accordingly, the present disclosure also provides an electronic device including a memory, and one or more programs, where the one or more programs are stored in the memory, and configured to be executed by one or more processors, the one or more programs including instructions for implementing the data transmission method according to any of the above embodiments, for example, the method may include: when the preset algorithm change condition is met, sending a security algorithm change request to a core network of the network to which the security algorithm is attached, so that the core network issues indication information for changing the security algorithm; and processing the data based on the security algorithm specified by the indication information so as to improve the security of the data, and transmitting the processed data to the core network.

Fig. 6 is a block diagram illustrating an apparatus 600 for implementing a data transmission method according to an example embodiment. For example, apparatus 600 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 6, apparatus 600 may include one or more of the following components: a processing component 602, a memory 604, a power component 606, a multimedia component 608, an audio component 610, an input/output (I/O) interface 612, a sensor component 614, and a communication component 616.

The processing component 602 generally controls overall operation of the apparatus 600, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 602 may include one or more processors 620 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 602 can include one or more modules that facilitate interaction between the processing component 602 and other components. For example, the processing component 602 may include a multimedia module to facilitate interaction between the multimedia component 608 and the processing component 602.

The memory 604 is configured to store various types of data to support operations at the apparatus 600. Examples of such data include instructions for any application or method operating on the apparatus 600, contact data, phonebook data, messages, pictures, videos, and the like. The memory 604 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power supply component 606 provides power to the various components of the device 600. The power supply components 606 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 600.

The multimedia component 608 includes a screen between the device 600 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 608 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the apparatus 600 is in an operational mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 610 is configured to output and/or input audio signals. For example, the audio component 610 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 600 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 604 or transmitted via the communication component 616. In some embodiments, audio component 610 further includes a speaker for outputting audio signals.

The I/O interface 612 provides an interface between the processing component 602 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 614 includes one or more sensors for providing status assessment of various aspects of the apparatus 600. For example, the sensor assembly 614 may detect the open/closed state of the device 600, the relative positioning of the components, such as the display and keypad of the device 600, the sensor assembly 614 may also detect a change in position of the device 600 or a component of the device 600, the presence or absence of user contact with the device 600, the orientation or acceleration/deceleration of the device 600, and a change in temperature of the device 600. The sensor assembly 614 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 614 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 614 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 616 is configured to facilitate communication between the apparatus 600 and other devices in a wired or wireless manner. The apparatus 600 may access a wireless network based on a communication standard, such as WiFi,2G or 3G,4G LTE, 5G NR (New Radio), or a combination thereof. In one exemplary embodiment, the communication component 616 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 616 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 600 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.

In an exemplary embodiment, a non-transitory computer-readable storage medium is also provided, such as memory 604, including instructions executable by processor 620 of apparatus 600 to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

The foregoing description of the preferred embodiments of the present disclosure is not intended to limit the disclosure, but rather to cover all modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present disclosure.

Claims

1. A data transmission method, applied to a terminal, comprising:

2. The method of claim 1, wherein the algorithm change condition comprises at least one of:

the network cell in which the terminal is located changes;

the security algorithm adopted by the terminal is cracked;

3. The method according to claim 2, wherein, in the case where the algorithm change condition includes a change in a network cell in which the terminal is located, the sending a security algorithm change request to a core network of the network includes:

4. The method according to claim 2, wherein in case the algorithm change condition includes that the currently employed security algorithm is broken, the sending a security algorithm change request to the core network of the network comprises:

5. The method as recited in claim 1, further comprising:

6. The method as recited in claim 1, further comprising:

7. The method according to claim 5 or 6, further comprising:

receiving a system update instruction sent by a manufacturer server of the terminal, and updating a system of the terminal according to the system update instruction;

based on the algorithm identification contained in the system updating instruction, determining a plurality of security algorithms which can be adopted by the terminal after the system updating is completed; or determining the algorithm level which can be supported by the terminal after the system updating is completed based on the level identification contained in the system updating instruction.

8. The method of claim 1, wherein the security algorithm comprises: encryption algorithms and/or integrity protection algorithms.

9. A data transmission device, applied to a terminal, comprising:

10. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to implement the method of any of claims 1-8 by executing the executable instructions.

11. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to any of claims 1-8.