KR101397003B1 - Methods of data communication in mobile communication system - Google Patents

Abstract

A data communication method according to the present invention is a data communication method using a security setting table supporting a plurality of security modes between a network and a terminal in a mobile communication system, Transmitting the control information including at least one to the terminal, determining a security setting parameter index using the information, and performing a security related procedure according to the determined security setting parameter index.

E-UMTS, RRC connection, Security, Ciphering, Integrity protection

Description

TECHNICAL FIELD The present invention relates to a method of data communication in a mobile communication system,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data communication method in a mobile communication system, and more particularly, to a data communication method in which security settings supporting a plurality of security modes are applied between a network and a terminal in a mobile communication system.

In mobile communication systems, data loss may occur in a physical channel. As the technology develops, the data reception rate in the physical channel increases, but the terminal can not receive all the data transmitted by the base station because of the radio interval. To reduce the data loss, an automatic repeat request (ARQ) scheme or a hybrid automatic repeat request (HARQ) scheme is used. Using this technique, messages are exchanged between the network and the terminals.

FIG. 1 illustrates message transmission for establishing a signal connection and transmission of messages exchanged between a terminal and a network for RRC connection for connection with a network in order for the terminal to receive a service.

WCDMA UMTS, which is a 3G mobile communication system, can be roughly classified into a terminal, a UMTS Terrestrial Radio Access Network (UTRAN), and a Core Network (CN). The UTRAN basically consists of several Radio Network Subsystems (RNS). Each RNS is composed of one RNC (Radio Network Controller) and several Node Bs, and resource management in the RNS is performed by the RNC. In the present invention, the network means UTRAN, which excludes the CN and the UE.

In UMTS, the UE must establish an RRC (Radio Resource Control) connection with the UTRAN and establish a signaling connection with the CN to start a call. Through the RRC connection and the signal connection, the UE exchanges UE dedicated control information with the UTRAN or the CN. The RRC connection is generally established when the UE is powered on and there is only one RRC connection while the UE is connected to the network.

 In the RRC connection procedure, the UE transmits an RRC connection request message to the UTRAN, which is a network (S100).

When the UTRAN receives the RRC connection request message, it generates a Cell-Radio Network Temporary Identity (C-RNTI) unique to each UE. In response to the RRC connection request message, the network transmits an RRC connection setup message including the generated C-RNTI message to the UE in step S110.

In step S120, the MS transmits an RRC connection complete message to the network to indicate that the wireless connection with the network is normally completed. When the above process is successfully completed, the UE and the network make an RRC connection. After the RRC connection is created, the terminal transmits an IDT (Initial Data Transfer) message and starts the process of establishing a signal connection. In the IDT, data transfer refers to a method of transmitting non-access stratum (NAS) messages of an upper layer through a UTRAN transparently. Since the protocols of the core network area located at the upper level of the RRC layer are not directly related to the operation between the UE and the UTRAN, the UTRAN directly transmits the NAS message between the UE and the CN. To establish a signaling connection for delivery of NAS messages, the terminal sends an IDT message to the UTRAN after establishing an RRC connection. The IDT message includes the first NAS message sent to a specific core network area. In the UTRAN, the signaling connection is established based on the core network area information included in the IDT message. If there is no signaling connection with the corresponding core network area, the related procedure for establishing the signaling connection proceeds. If additional signal connections are needed later, another IDT message is sent.

A security procedure for protecting user data may be added to the above RRC connection process. Data security is a method for protecting users' data from malicious users. In order to provide various services requiring high level security such as e-commerce or Internet banking, protection of user data is essential. In addition, because wireless environment uses an open medium that can be easily accessed by anyone, a more robust security technology than that used in a wired network is required. If a security setting is required, a security setting is made by performing a separate security procedure on the network or by adding a security parameter to another message.

In the wireless section of UMTS, two techniques are used for data security. These are used for data security of Layer 2 and RRC layer, and they are called ciphering and integrity check, respectively. The encryption is used in the RLC layer or the MAC layer, and encrypts the mask (MASK) generated through the encryption algorithm by adding the data to be transmitted in units of bits. The integrity check is used at the time of transmission of the RRC message in the RRC layer and attaches a MAC Authentication Code for Integrity Protection (MAC-I) field to the beginning of the RRC message to be transmitted. Security related information is included in the security mode command transmitted from the core network to the RNC in the network through a Radio Access Network Application Part (RANAP) protocol.

The RNC in the network transmits an RRC message, i.e., a security mode command, to the UE to inform relevant parameters (S130). The security mode command message transmitted by the RRC layer includes the most recently updated encryption and integrity check parameters. If the encryption function has not been previously set, the secure mode command is transmitted without being encrypted.

When the UE successfully receives the security mode command message and the setting of the security related parameters is completed, the security mode complete message is transmitted to the UTRAN which is the network at step S140. If the reset fails, a security mode failure message is sent. Information related to encryption and integrity checking is not necessarily transmitted through only the security mode control procedure. For example, a security-related parameter may be changed due to a change of a cell or a reset of a radio bearer (a radio bearer), so that a security-related parameter may be included in the RRC message related to the security-related parameter. Here, the radio bearer refers to a data transmission service provided to the upper layer by the second layer as described later.

In the RRC connection method including the above-described security setting process, since all terminals must use limited radio resources in a system in which radio resources are divided by time, there is no guarantee that the network will deliver the message to the terminal at a desired time while scheduling a message to be transmitted to the terminal.

As described above, if a separate security procedure is performed, a stable security setting can not be performed, and a problem arises that the reception of a desired service is delayed due to a long time security setting.

The present invention has been proposed in order to solve the problems of the related art, and it is an object of the present invention to provide a data communication method in a mobile communication system.

Another object of the present invention is to propose a data communication method in which a security setting table is applied between a network and a terminal in a mobile communication system.

One aspect of the present invention discloses a data communication method of a network supporting a plurality of security modes in a mobile communication system. The network transmits control information including information indicating security setting parameters to the terminal. The network uses the control information to determine a security configuration parameter index for the terminal. The network performs security related procedures according to the determined security configuration parameter index and transmits data to the terminal. The network may include a security parameter application indicator in the header of the second layer to the terminal.

Another aspect of the present invention discloses a data communication method of a terminal supporting a plurality of security modes in a mobile communication system. The terminal receives control information from the network including information indicating security setting parameters. Then, the terminal determines a security setting parameter index through the control information. Performs security related procedures according to the determined security setting parameter index, and receives data from the network. The UE may receive a second layer header including a security parameter application indicator transmitted by the network.

In the case of data communication in the mobile communication system according to the present invention, the following effects can be obtained through the security setting method using the security parameter table method.

First, there is no need to perform separate security procedures and do not affect other message sizes.

Second, since the PDU header in the second layer uses 1 bit to indicate whether the security parameter is applied, it does not affect the size of the message or the traffic data.

Third, it is possible to increase the reliability of using security parameters by determining whether to apply security parameters through messages or traffic data.

The embodiments described below are examples in which the technical features of the present invention are applied to an evolved universal mobile telecommunications system (E-UMTS). The E-UMTS system evolved from the existing WCDMA UMTS system and is currently undergoing basic standardization work in the 3rd Generation Partnership Project (3GPP). E-UMTS is also called an LTE system. For details of the technical specifications of UMTS and E-UMTS, refer to Release 7 and Release 8 of "3rd Generation Partnership Project (Technical Specification Group Radio Access Network)" respectively.

2 is a diagram showing a network structure of an E-UMTS. Referring to FIG. 2, the E-UTRAN includes a base station (hereinafter abbreviated as 'eNode B' or 'eNB'), and is connected between eNBs through an X2 interface. The eNB is connected to a user equipment (abbreviated as UE) through a wireless interface and is connected to an evolved packet core (EPC) through an S1 interface. An EPC is an Access Gateway (hereinafter abbreviated as an AG) or an SAE (System Architecture Evolution) gateway located at the end of a network and connected to an external network. .

The layers of the radio interface protocol between the UE and the network are classified into L1 (first layer), L1 (second layer), and the like based on the lower three layers of the Open System Interconnection (OSI) A physical layer belonging to a first layer provides an information transfer service using a physical channel, and a physical layer (physical layer) A Radio Resource Control (RRC) layer located at Layer 3 controls the radio resources between the UE and the network. To this end, the RRC layer exchanges RRC messages between the UE and the network. The RRC layer may be distributed to the network nodes such as the Node B and the AG, or may be located independently of the Node B or the AG.

3 is a schematic configuration diagram of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN). In Figure 3, the hatching shows the functional entities of the user plane, and the unhatched portion shows the functional entities of the control plane.

4A and 4B illustrate a structure of a radio interface protocol between a UE and an E-UTRAN. FIG. 4A is a control plane protocol diagram and FIG. 4B is a user plane protocol diagram . 4A and 4B are horizontally composed of a physical layer, a data link layer and a network layer, and vertically, a user plane for data information transmission User Plane) and control plane (Control Plane) for transmitting control signal (Signaling). The protocol layers of FIG. 4A and FIG. 4B may be classified into L1 (first layer), L2 (second layer), and L2 (first layer) based on the lower three layers of an Open System Interconnection L3 (third layer).

The physical layer as the first layer provides an information transfer service to an upper layer using a physical channel. The physical layer is connected to a medium access control layer (upper layer) through a transport channel, and data between the medium access control layer and the physical layer moves through the transport channel. Data is transferred between the different physical layers, that is, between the transmitting side and the receiving side physical layer through the physical channel. In the E-UMTS, the physical channel is modulated by an Orthogonal Frequency Division Multiplexing (OFDM) scheme, and uses time and frequency as radio resources.

The Medium Access Control (MAC) layer of the second layer provides a service to a radio link control layer that is an upper layer through a logical channel. The second layer of Radio Link Control (RLC) layer supports the transmission of reliable data. The Packet Data Convergence Protocol (PDCP) layer of the second layer is a header compression that reduces unnecessary control information for efficiently transmitting data transmitted using an IP packet such as IPv4 or IPv6 in a radio section having a relatively small bandwidth. Compression function.

The radio resource control (RRC) layer located at the bottom of the third layer is defined only in the control plane and is configured to perform a configuration of a radio bearer (RB) -configuration and release of the logical channel, the transport channel, and the physical channel. At this time, the RB means a service provided by the second layer for data transmission between the UE and the UTRAN.

The downlink transmission channel for transmitting data from the network to the terminal includes a BCH (Broadcast Channel) for transmitting system information, a PCH (Paging Channel) for transmitting a paging message, and a downlink SCH ). In case of a traffic or control message of a downlink multicast or broadcast service, it may be transmitted through a downlink SCH, or may be transmitted via a separate downlink multicast channel (MCH). On the other hand, the uplink transmission channel for transmitting data from the UE to the network includes RACH (Random Access Channel) for transmitting an initial control message and an uplink SCH (Shared Channel) for transmitting user traffic or control messages.

A logical channel mapped to a transport channel is a broadcast channel (BCCH), a paging control channel (PCCH), a common control channel (CCCH), a multicast control channel (MCCH), a multicast traffic channel ).

In the E-UMTS system, the OFDM scheme is used in the downlink and the single carrier-frequency division multiple access (SC-FDMA) scheme is used in the uplink. The OFDM system, which is a multi-carrier scheme, is a system for allocating resources in a plurality of subcarriers by grouping a part of a carrier wave, and uses OFDMA (Orthogonal Frequency Division Multiple Access) as a connection scheme.

In the physical layer of an OFDM or OFDMA system, active carriers are separated into groups and transmitted to different receivers by group. The radio resource allocated to each UE is defined by a time-frequency region of a two-dimensional space and is a set of consecutive subcarriers. In an OFDM or OFDMA system, one time-frequency domain is divided into a rectangle determined by time coordinates and subcarrier coordinates. That is, one time-frequency domain can be divided into a symbol on at least one time axis and a rectangle defined by subcarriers on a plurality of frequency axes. The time-frequency domain may be allocated to an uplink of a specific UE or may be transmitted to a specific user in a downlink in a time-frequency domain. To define such a time-frequency domain in a two-dimensional space, the number of OFDM symbols in the time domain and the number of consecutive subcarriers starting at a position offset from the reference point in the frequency domain should be given.

In the E-UMTS system currently under discussion, a radio frame of 10 ms is used and one radio frame is composed of 20 subframes. That is, one subframe is 0.5 ms. One resource block is composed of one subframe and 12 subcarriers each of 15 kHz band. Also, one subframe may be composed of a plurality of OFDM symbols, and some of the plurality of OFDM symbols (e.g., the first symbol) may be used to transmit L1 / L2 control information.

FIG. 5 shows an example of a physical channel structure used in the E-UMTS system. One sub-frame includes an L1 / L2 control information transmission region (hatched portion) and a data transmission region (non-hatched portion) do.

A method for establishing a security between a network and a terminal proposed in an embodiment of the present invention is a method for establishing a security scheme to be used among a plurality of security schemes between the network and a terminal supporting a plurality of security schemes, Given that the security method is mutually used to execute security.

In an embodiment of the present invention, the network informs the terminal of a security setting parameter to be used mutually. Security setting parameters include ciphering and integrity check. That is, as described later, it is necessary to determine what kind of encryption method and integrity method to use in the security parameter table indicating a combination of various encryption methods and integrity checking methods, and notify the terminal of the determination. As shown in FIG. 1, in the embodiment of the present invention, unlike the method of separately transmitting and receiving security mode commands between the network and the terminal, and transmitting and receiving the security mode after RRC connection as shown in FIG. 1, The network informs the terminal of a security setting parameter. That is, the network transmits control information including information indicating security setting parameters to the terminal.

As will be described later, in the embodiments of the present invention, the network proposes various methods of determining security setting parameters and transmitting control information including information indicating the security setting parameters to the terminal. In an embodiment of the present invention, a method of directly indicating an index indicating a sequence in a security parameter table and a method of indirectly indicating an index through a unique identifier of the terminal, . Thereafter, the network transmits data to the UE by applying the determined security scheme. The terminal receives control information from the network including information indicating the security setting parameter. Determines a security setting parameter index through the control information, and receives data from the network by applying a security setting according to the determined security setting parameter index.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which: FIG.

6 is a diagram illustrating an RRC connection procedure to which a security setting using a unique identifier of a terminal proposed in an embodiment of the present invention is applied.

As shown in FIG. 1, when the security setting is required, the security mode command and the security mode complete message are mutually exchanged between the network and the terminal after the completion of the RRC connection completion process. In contrast, the security setting method proposed in the embodiment of the present invention is not the same as the one shown in FIG. 1 but is a method of setting security simultaneously with RRC connection in the RRC connection process. The process is as follows.

The MS transmits an RRC connection request message to the network in order to start the service and establish a connection with the network (S600). The network has a security parameter table, and upon receiving the RRC connection request message, generates a unique identifier for each UE.

The unique identifier for the UE proposed in an embodiment of the present invention may be a unique identifier such as C-RNTI (Cell-Radio Network Temporary Identity) used in WCDMA UMTS, Serving RNC-RNTI (S-RNTI) Any identifier assigned by the network can be used to distinguish the terminal from other terminals.

 Then, the network creates an RRC connection setup message including a unique identifier generated for connection with the MS and transmits the RRC connection setup message to the MS (S610).

Then, in step S620, the MS transmits an RRC connection completion message to the network, indicating that connection setup with the network is completed.

When the RRC connection is established between the network and the terminal through the unique identifier after the process is completed, the network and the terminal determine the security setting parameter index using Equation (1) using the unique identifier.

After the RRC connection procedure is completed, the UE and the network check the security parameter indexes of each other using the C-RNTI. By checking the security parameter index, it is possible to prevent the control information including the identifier of the terminal such as the C-RNTI from being erroneously received or not being received due to the channel status. The terminal having transmitted the RRC Connection Complete message has the same security parameter table as the network as described above and determines a security parameter index to be used corresponding to a unique identifier such as the received C-RNTI using Equation (1) . Through this process, the network and the terminal use the same security parameters.

Security Configuration Parameters to Use Index = terminal unique identifier mod (N-1)

 In Equation (1), N denotes the total number of security parameter sets.

A mod B means a modular operation which means the remainder of dividing A by B.

The security parameter table is a set of security parameters, which is a combination of various methods of encryption and integrity checking used in the radio section of the E-UMTS, and a security setting parameter index is a number attached to the set.

The key to encryption in the cryptosystem used in the present invention is a mask (MASK) used for generating a cipher text block (CIPHERTEXT BLOCK). In order to comply with data security, the mask must first be invisible through inverse estimation Conditions, the condition that different masks should be used for each radio bearer, and the condition that the mask itself must change continuously over time. Here, the cipher text block means data that has been encrypted before being encrypted by bit operation with a mask.

In UMTS, the method named f8 is used as the encryption algorithm used to generate the mask. This algorithm is based on a "Block Ciphering" method called KASUMI, which receives a 64-bit unit input and outputs a 64-bit mask. The encryption method in the security parameter table suggested in the embodiment of the present invention may be applied to the encryption method of the f8 method, the method of changing the input parameter values in the f8 method, the third method, the use of the encryption ratio, or the like .

The integrity check is to check whether data transmitted from the sender has arrived at the receiver without any modification or modification arbitrarily by a third party in the middle. In UMTS, integrity check is used for authentication of RRC message since RRC message is very important information for management and control of wireless connection. That is, after receiving the unique identifier of the UE such as the C-RNTI, the security setting is applied to the integrity-checked RRC message. It is also possible to perform the integrity check at the PDCP stage. The RRC message configured through the integrity check can be encrypted by encryption in the RLC layer or the MAC layer. The integrity checking process in the transmitting-side RRC layer is performed by generating a 32-bit integrity checksum called Message Authentication Code for Integrity Protection (MAC-I) by inputting various parameters, and attaching this value to the RRC PDU . MAC-I looks like a random number that does not contain any information because its value varies greatly even with small changes in input parameters. The input parameter of the integrity check is changed variously or the third method or the integrity check process is not applied in the security parameter table, so that various methods are used instead of using only one method.

As described above, in the security parameter table proposed in the embodiment of the present invention, a security setting method can be used as much as necessary through a combination of various encryption methods and integrity checking methods unlike the existing method. As described above, the total number of security setting methods used in the security parameter table corresponds to N in Equation (1). The terminal and the network have the same security parameter table. This can be achieved by a method in which the network notifies the terminal of the security parameter table through the RRC connection process, and when a call is established between the network and the terminal, the terminal transmits the system control information broadcasted from the network to the terminals, Information on the parameter table may be received. Alternatively, the terminal and the network may have a fixed security parameter table in advance.

FIG. 7 shows an example of a security parameter table proposed in an embodiment of the present invention. There are a total of N encryption methods and an integrity checking method, and an encryption method and an integrity method corresponding to the index determined by Equation (1) are used. For example, if N is 8 and the unique identifier of the terminal such as C-RNTI is 15, the encryption method and the integrity method indicated by the parameters A1 and B1 corresponding to the security setting parameter index 1 to be used are selected and used as security parameters. That is, the encryption method and the integrity checking method of the security setting parameter corresponding to the determined security setting parameter index are selected and the security setting is performed for the corresponding terminal. In order to eliminate the security mode command, if security information is inserted in the RRC connection setup, the size of the entire RRC connection setup message becomes large. Therefore, the network divides and transmits the message, which lowers the message scheduling probability and increases the retransmission probability. It is possible to set security at the same time as the compressed RRC connection as shown in FIG. 6 without causing a large variation in the size of the RRC connection setup message.

Equation (1) for determining which security setting parameter index to select in the security parameter table indicates a method of informing the terminal of the security parameter table through the RRC connection, such as the manner in which the network informs the terminal of the security parameter table The terminal may receive information on the system control information broadcasted from the network to the terminals when a call is established between the network and the terminal. Alternatively, a method in which the terminal and the network have a fixed security parameter index determination method in advance is also possible. It can also be determined in other ways than modular operations.

In the data communication method proposed by another embodiment of the present invention, the network can confirm the security parameter index by applying Equation (1) after receiving the RRC connection request message.

 In the data communication method proposed by another embodiment of the present invention, the network and the UE can confirm the security parameter index by applying Equation (1) after transmitting and receiving an RRC connection setup message.

FIG. 8 is a diagram illustrating an RRC connection procedure to which a security setting is directly applied using a security setting parameter index proposed in an embodiment of the present invention.

In the method shown in FIG. 8, the security setting parameter index is obtained by using the unique identifier of the terminal, but it is also possible that the network directly transmits the security setting parameter index to the terminal.

As shown in FIG. 8, the terminal transmits an RRC connection request message to the network (S800). Upon receiving the RRC connection request message, the network generates a unique identifier for each terminal. The network determines a security setting parameter index to be applied to the UE using Equation (1). Then, the network creates an RRC connection setup message including the unique identifier and the security configuration parameter index, which are generated for connection with the MS, and transmits the RRC connection setup message to the MS (S810). Then, the MS transmits an RRC connection completion message to the network (S820), indicating that connection setup with the network is completed.

When the RRC connection is established between the network and the terminal after the above process is completed, the network and the terminal can recognize security parameters applied in the security parameter table using the security configuration parameter index. As in the embodiment of FIG. 6, the terminal and the network have the same security parameter table. This can be achieved by a method in which the network notifies the terminal of the security parameter table through the RRC connection process, and when a call is established between the network and the terminal, the terminal transmits the system control information broadcasted from the network to the terminals, Information on the parameter table may be received. Alternatively, the terminal and the network may have a fixed security parameter table in advance.

In the data communication method proposed in another embodiment of the present invention, the network can confirm the security parameter index after receiving the RRC connection request message.

 In the data communication method proposed by another embodiment of the present invention, the network and the terminal can confirm the security parameter index after transmitting and receiving an RRC connection setup message.

The data communication method proposed by another embodiment of the present invention includes a cell update confirmation (CELL UPDATE CONFIRM) process used in a cell update procedure between the network and the UE after the security mode configuration established through the RRC connection process is RRC connection, Such as a PHYSICAL CHANNEL RECONFIGURATION message, a RADIO BEARER RECONFIGURATION, a RADIO BEARER RELEASE, a RADIO BEARER SETUP, TRANSPORT CHANNEL RECONFIGURATION, It is possible to change the security setting parameter index using a message used between the network and a terminal in a handover process such as a message used in a channel and resource reconfiguration procedure between a network and a terminal or UTRAN mobility information . That is, the terminal can change the security mode that has been set up by receiving the security setting parameter index included in the control information received from the network through the above-described reconfiguration procedure from the network.

In an embodiment of the present invention, a method for enabling security setting in a second layer PDU (Packet Data Unit) between a network and a terminal is proposed. Hereinafter,

9 illustrates a structure of a second layer header according to an embodiment of the present invention. A security parameter application indicator indicating whether a security parameter is applied in a second layer header of a message received by the terminal is used to determine whether to apply the security setting according to the security parameter application indicator. In the embodiment of FIG. 9, if the value is 0 using 1 bit (E), the terminal does not perform the security setting related procedure since the received second layer PDU is not applied security, It decrypts the encryption of the second layer PDU by applying the security parameters in the security parameter table corresponding to the determined security parameter index, and verifies the integrity of the data.

In this document, embodiments of the present invention have been described focusing on the data transmission / reception relationship between a network and a terminal. Here, the network includes a base station that is a terminal node of a network that directly communicates with a terminal, and has a meaning of a wireless processing network excluding a core network. A 'base station' may be replaced by terms such as a fixed station, a Node B, an eNode B (eNB), an access point, and the like. The term 'terminal' may be replaced with terms such as User Equipment (UE), Mobile Station (MS), and Mobile Subscriber Station (MSS).

It will be apparent to those skilled in the art that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. Accordingly, the above description should not be construed in a limiting sense in all respects and should be considered illustrative. The scope of the present invention should be determined by rational interpretation of the appended claims, and all changes within the scope of equivalents of the present invention are included in the scope of the present invention.

It is also clear that claims that do not have an explicit citation in the claims can be combined to form an embodiment or included as a new claim by amendment after the filing.

FIG. 1 illustrates message transmission for establishing a signal connection and transmission of messages exchanged between a terminal and a network for RRC connection for connection with a network in order for the terminal to receive a service.

2 is a diagram showing a network structure of an E-UMTS.

FIG. 3 is a schematic block diagram of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN).

4A is a diagram illustrating a control plane protocol configuration among a structure of a radio interface protocol between a UE and an E-UTRAN.

4B is a diagram illustrating a user plane protocol configuration among a structure of a radio interface protocol between a UE and an E-UTRAN.

5 shows an example of a physical channel structure used in the E-UMTS system.

6 is a diagram illustrating an RRC connection procedure including security settings proposed in an embodiment of the present invention.

FIG. 7 shows an example of a security parameter table proposed in an embodiment of the present invention.

FIG. 8 is a diagram illustrating an RRC connection procedure to which a security setting is directly applied using a security setting parameter index proposed in an embodiment of the present invention.

9 illustrates a structure of a second layer header according to an embodiment of the present invention.

Claims (22)

delete A data communication method of a terminal in a mobile communication system, Receiving, from the network, control information including information indicating the security setting parameter of the terminal; Determining a security setting parameter index based on the control information; And Performing a security procedure using the security parameters acquired according to the security setting parameter index in the security parameter table of the terminal And transmitting the data. 3. The method of claim 2, Wherein the information indicating the security setting parameter is a unique identifier given by the network to the terminal. The method of claim 3, Wherein the security setting parameter index is a remainder value obtained by dividing the unique identifier by (N-1) (N is the number of security parameter sets in the security parameter table). delete 3. The method of claim 2, Further comprising receiving, from the network, data including a security parameter application indicator indicating whether to apply the security parameter to a second layer header of an OSI (Open System Interface) layer. delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images