WO2018170646A1 - Method and device for use in downlink transmission - Google Patents

Method and device for use in downlink transmission Download PDF

Info

Publication number
WO2018170646A1
WO2018170646A1 PCT/CN2017/077197 CN2017077197W WO2018170646A1 WO 2018170646 A1 WO2018170646 A1 WO 2018170646A1 CN 2017077197 W CN2017077197 W CN 2017077197W WO 2018170646 A1 WO2018170646 A1 WO 2018170646A1
Authority
WO
WIPO (PCT)
Prior art keywords
layer
bit group
information
modified bit
modified
Prior art date
Application number
PCT/CN2017/077197
Other languages
French (fr)
Chinese (zh)
Inventor
张晓博
Original Assignee
南通朗恒通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 南通朗恒通信技术有限公司 filed Critical 南通朗恒通信技术有限公司
Priority to CN202210729205.8A priority Critical patent/CN115119198A/en
Priority to CN201780083602.XA priority patent/CN110268797B/en
Priority to PCT/CN2017/077197 priority patent/WO2018170646A1/en
Publication of WO2018170646A1 publication Critical patent/WO2018170646A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols

Definitions

  • the present invention relates to a scheme for downlink transmission in a wireless communication system, and more particularly to a method and apparatus for secure transmission.
  • the Packet Data Convergence Protocol (PDCP) layer is located on the Radio Link Control (RLC) layer and under the Internet Protocol (IP) layer. , or under the Radio Resource Control (RRC) layer.
  • the PDCP layer supports the header compression (Header Compression) function, mainly using the Robust Header Compression (ROHC) algorithm. Header compression is mainly used for header compression of IP packets. Header compression is mainly for data radio bearers (DRB, Data Radio Bearer).
  • the PDCP layer also supports security functions, including integrity protection and ciphering. The integrity protection is mainly for the Signaling Radio Bearer (SRB), and the encryption is mainly for the data radio bearer and the signaling radio bearer.
  • SRB Signaling Radio Bearer
  • SRB Signaling Radio Bearer
  • a network slice is a logical network that includes a core network and an access network.
  • the security operations performed on the access network side may increase the delay on the access network side; for some services with higher security requirements, on the access network side. Encryption may increase the possibility of leaking on the access network side.
  • different services in the NR system may adopt different encryption and An entity that integrity protects operations. These entities can be grouped into different network slices and located in different protocol entities.
  • the user equipment For the downlink transmission, the user equipment encrypts the data (header + load) at the non-access layer, and the user equipment performs header compression on the encrypted data (header + load) sent by the upper layer at the PDCP sending end.
  • the PDCP receiving end of the base station side cannot be decompressed correctly.
  • the present invention provides a solution. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present application may be combined with each other arbitrarily. For example, the features in the embodiments and embodiments in the UE of the present application can be applied to a base station or a core network device, and vice versa.
  • the invention discloses a method in a user equipment used for wireless communication, which comprises the following steps:
  • Step A Performing the first operation at the first level
  • Step B Perform a second operation at the second level.
  • first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the bit group includes a positive integer number of bits.
  • the first operation includes at least one of ⁇ decompression, decryption, integrity verification ⁇ , and the second operation includes at least one of ⁇ decryption, integrity verification ⁇ .
  • the first bit group is an Internet Protocol (IP) header
  • the second bit group is an Internet Protocol (IP) packet Payload.
  • IP Internet Protocol
  • the second modified bit group is a PDCP SDU (Service Data Unit).
  • PDCP SDU Service Data Unit
  • the second layer is an upper layer of the first layer.
  • the first layer is a PDCP layer and the second layer is a non-access stratum (NAS, Non Access Stratum).
  • NAS Non Access Stratum
  • the first modified bit group and the second modified bit group belong to the same PDCP PDU (Protocol Data Unit).
  • PDCP PDU Protocol Data Unit
  • whether the second layer and the first layer are the same is configurable.
  • the number of output data bits is greater than the number of input data bits.
  • the decompression is to compare the original header and the compressed header to obtain a header before compression.
  • the decompression is an inverse operation of a Robust Header Compression (ROHC) algorithm.
  • ROHC Robust Header Compression
  • the decompression is an inverse of the compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
  • the decryption is raw data and a string of keys to mask.
  • the de-masking is a data and mask operation or operation.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a radio bearer identifier (Radio Bearer ID).
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the decryption is a decryption algorithm described by TS 36.323.
  • the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
  • the X message verification code-integrity is implemented by an integrity verification algorithm.
  • the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters of the integrity verification algorithm include a Radio Bearer ID.
  • the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
  • the input parameters of the integrity verification algorithm include a first security key.
  • the input parameters of the integrity verification algorithm include data.
  • the step A further includes the following step A1, the step B further comprising the following step B1:
  • Step A1 Passing a first set of bits from the lower layer to the first layer
  • Step B Passing the first bit group and the second modified bit group from the first layer to the second layer.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the first set of bits is a PDCP PDU.
  • the first set of bits is a downlink high layer PDU.
  • the first set of bits is a downlink PDCP PDU.
  • the first set of bits includes a ⁇ PDCP header, the first modified bit group, and the second modified bit group ⁇ .
  • the first layer is a PDCP layer and the lower layer is an RLC layer.
  • the second layer is a non-access stratum (NAS, Non Access Stratum).
  • NAS Non Access Stratum
  • the second layer is a PDCP layer.
  • the entity where the second layer is located is a core network device after supporting the 3GPP Rel-15 version.
  • the step A further includes the following steps:
  • first information is used for the first operation and the second operation.
  • the first information is associated with a first service group.
  • the first service group includes one or more services.
  • the first information is carried in RRC (Radio Resource Control) signaling.
  • RRC Radio Resource Control
  • the first information is carried in the NAS information.
  • the first information is carried in higher layer signaling.
  • the first information is related to S1 signaling.
  • the first information includes a first security key, and the first security key is configured by a higher layer.
  • the first security key is KASME.
  • the encryption is used for a Signal Radio Bearer (SRB) and a Data Radio Bearer (DRB) of the PDCP layer.
  • SRB Signal Radio Bearer
  • DRB Data Radio Bearer
  • the integrity protection is used for a Signal Radio Bearer (SRB) of the PDCP layer.
  • SRB Signal Radio Bearer
  • the second security key required for the encryption is obtained from the first security key.
  • the second security key is KRRCenc.
  • the second security key is KUPenc.
  • the third security key required for the integrity protection is obtained from the first security key.
  • the third security key is KRRCint.
  • the sender of the first information is a base station device supporting 3GPP Rel-15 and later versions.
  • the sender of the first information is a base station device.
  • the sender of the first information is a User Packet System (UPS).
  • UPS User Packet System
  • the first information is generated in a NAS layer of the network side device.
  • the first information is generated in the second layer of the network side device.
  • the first information is generated in a User Packet System (UPS).
  • UPS User Packet System
  • the step A further includes the following steps:
  • the second information is used to determine at least one of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine the first layer and the second Whether the layers are the same.
  • the second information is associated with the first service group.
  • the first service group includes one or more services.
  • the second information is applied to the first radio bearer.
  • the first bit group and the second bit group are transmitted in the first radio bearer.
  • the second information is generated by a base station device.
  • the second information is carried in RRC signaling.
  • the second information is generated at the second layer of the network side device.
  • the second information is generated at a NAS layer of the network side device.
  • the second information is carried in the NAS information.
  • the second information is generated at a PDCP layer of the network side device.
  • the second information indicates that the first layer and the second layer are both PDCP layers.
  • the second information indicates that the first layer and the second layer are both NAS layers.
  • the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the first service group is a network slice.
  • the service includes different QoS requirements.
  • the service contains different security requirements.
  • the first layer is a packet data convergence protocol layer
  • the second layer is a non-access layer
  • the invention discloses a method in a base station device used for wireless communication, which comprises the following steps:
  • first bit group is used for the input of the third operation
  • first modified bit group is the output of the third operation
  • second bit group is used for the input of the fourth operation
  • second modification The bit group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇
  • the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the fourth operation is not performed in the first layer.
  • the step A further includes the following steps:
  • Step A Receiving the first bit group and the second modified bit group from the second layer, and transmitting the first bit set from the first layer to the lower layer.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the fourth operation is performed in the second layer.
  • the second layer is maintained by a device other than the base station device.
  • the first layer and the second layer are connected by an S1 interface.
  • the core network side device belongs to a household grouping system (UPS, User). Packet System).
  • UPS household grouping system
  • User Packet System
  • the first bit group is an Internet Protocol (IP) header
  • the second bit group is an Internet Protocol (IP) packet Payload.
  • IP Internet Protocol
  • the second modified bit group is a PDCP SDU (Service Data Unit).
  • PDCP SDU Service Data Unit
  • the second layer is an upper layer of the first layer.
  • the first layer is a PDCP layer and the second layer is a non-access stratum (NAS, Non Access Stratum).
  • NAS Non Access Stratum
  • the first modified bit group and the second modified bit group belong to the same PDCP PDU.
  • whether the second layer and the first layer are the same is configurable.
  • the first set of bits is a PDCP PDU.
  • the first set of bits is a downlink high layer PDU.
  • the first set of bits is a downlink PDCP PDU.
  • the first set of bits includes a ⁇ PDCP header, the first bit group, the second bit group ⁇ .
  • the first layer is a PDCP layer and the lower layer is an RLC layer.
  • the compression is that the number of input data bits is less than the number of output data bits.
  • the compression is Robust Header Compression (ROHC).
  • ROIHC Robust Header Compression
  • the compression is a compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
  • the encryption is to ensure that the data remains confidential between the originating and the terminating end.
  • the encryption is raw data and a string of key masking.
  • the masking is two data operations or operations.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a radio bearer identifier (Radio Bearer ID).
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the encryption is an encryption algorithm described by TS 36.323.
  • the integrity protection is implemented by Message Authentication Code-Integrity (MAC-I) and data masking.
  • MAC-I Message Authentication Code-Integrity
  • the message verification code-integrity is implemented by an integrity protection algorithm.
  • the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters protected by the integrity algorithm include a Radio Bearer ID.
  • the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
  • the input parameters of the integrity protection algorithm include a first security key.
  • the input parameters of the integrity protection algorithm include data.
  • the step A further includes the following steps:
  • Step A10 Receive the first information via the S1 interface; or send the first information over the air interface.
  • the first information is used for the third operation and the fourth operation.
  • the first information is associated with a first service group.
  • the first service group includes one or more services.
  • the first information includes a first security key, and the first security key is configured by a higher layer.
  • the first security key is KASME.
  • the encryption is used for a Signal Radio Bearer (SRB) and a Data Radio Bearer (DRB) of the PDCP layer.
  • SRB Signal Radio Bearer
  • DRB Data Radio Bearer
  • the integrity protection is used for a Signal Radio Bearer (SRB) of the PDCP layer.
  • SRB Signal Radio Bearer
  • the second security key required for the encryption is obtained from the first security key.
  • the second security key is KRRCenc.
  • the second security key is KUPenc.
  • the third security key required for the integrity protection is obtained from the first security key.
  • the third security key is KRRCint.
  • the sender of the first information is supported by 3GPP Rel-15 and later versions. Base station equipment.
  • the sender of the first information is a base station device.
  • the first information is carried in RRC signaling.
  • the sender of the first information is a User Packet System (UPS).
  • UPS User Packet System
  • the first information is carried in higher layer signaling.
  • the first information is related to an S1 signaling.
  • the sender of the S1 signaling is a User Packet System (UPS).
  • UPS User Packet System
  • the first information is generated in a NAS layer of the network side device.
  • the first information is generated in the second layer of the network side device.
  • the first information is generated in a User Packet System (UPS).
  • UPS User Packet System
  • the step A further includes the following steps:
  • Step A11 Receive the second information via the S1 interface; or send the second information over the air interface.
  • the second information is used to determine at least one of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine the first layer and the second Whether the layers are the same.
  • the foregoing aspect ensures that the base station can perform correct operations on the first modified bit group and the second modified bit group, preventing the base station from performing the fourth on the second modified bit group. operating.
  • the second information is associated with the first service group.
  • the first service group includes one or more services.
  • the second information is applied to the first radio bearer.
  • the first bit group and the second bit group are transmitted in the first radio bearer.
  • the second information is carried in RRC signaling.
  • the second information is generated by a base station device.
  • the second information is generated at the second layer of the network side device.
  • the second information is generated at a NAS layer of the network side device.
  • the second information is generated at a PDCP layer of the network side device.
  • the second information is carried in higher layer signaling.
  • the second information is related to an S1 signaling.
  • the second information indicates that the first layer and the second layer are both PDCP layers.
  • the second information indicates that the first layer and the second layer are both NAS layers.
  • the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the QoS requirements of the service are independently configured.
  • the security requirements corresponding to the service are independently configured.
  • the first service group is a network slice.
  • all services in the first service group share the same security requirements.
  • all services in the first service group share the same QoS requirements.
  • the first layer is a packet data convergence protocol layer
  • the second layer is a non-access layer
  • the above aspects can meet variable QoS requirements and security requirements for different services.
  • the invention discloses a method in a non-access network device, which comprises the following steps:
  • first bit group is used for the input of the third operation
  • first modified bit group is the output of the third operation
  • second bit group is used for the input of the fourth operation
  • second modified bit The group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇
  • the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the third operation is not performed in the second layer.
  • the first layer is maintained by a device other than the non-access network device.
  • the first layer is maintained by a base station.
  • the base station supports 3GPP Rel-15 and later versions.
  • the first layer and the second layer are connected by an S1 interface.
  • the first bit group is an Internet Protocol (IP).
  • IP Internet Protocol
  • the second bit group is an Internet Protocol (IP) packet Payload (load).
  • the second modified bit group is a PDCP SDU (Service Data Unit).
  • PDCP SDU Service Data Unit
  • the step A further includes the following steps:
  • Step A Passing the first bit group and the second modified bit group from the second layer to the first layer;
  • the third operation is performed in the first layer.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the step A further includes the following steps:
  • the first information is sent via the S1 interface.
  • the first information is used for the third operation and the fourth operation.
  • the first information is related to an S1 signaling.
  • the first information is carried in a Non-Access Stratum (NAS) message.
  • NAS Non-Access Stratum
  • the step A further includes the following steps:
  • Step A11 Send the second information via the S1 interface.
  • the second information is used to determine at least one of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine the first layer and the second Whether the layers are the same.
  • the second information is related to an S1 signaling.
  • the second information is carried in non-access stratum (NAS) information.
  • NAS non-access stratum
  • the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the first layer is a packet data convergence protocol layer
  • the second layer is a non-access layer
  • the above aspects can meet variable QoS requirements for different services. And safety requirements
  • the invention discloses a user equipment used for wireless communication, which comprises the following modules:
  • a first processing module for performing a first operation at the first layer
  • a second processing module for performing a second operation at the second layer.
  • first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the bit group includes a positive integer number of bits.
  • the first operation includes at least one of ⁇ decompression, decryption, integrity verification ⁇ , and the second operation includes at least one of ⁇ decryption, integrity verification ⁇ .
  • the user equipment is characterized in that: the first processing module is further configured to: pass a first set of bits from the lower layer to the first layer; and the second processing module is further configured to use the first layer Passing the first bit group and the second modified bit group to the second layer.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the user equipment is characterized in that the first processing module is further configured to receive the first information. Wherein the first information is used for the first operation and the second operation.
  • the user equipment is characterized in that the first processing module is further configured to receive the second information.
  • the second information is used to determine at least one of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine the first layer and the second Whether the layers are the same.
  • the foregoing user equipment is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the foregoing user equipment is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
  • the invention discloses a base station device used for wireless communication, which comprises the following modules:
  • a third processing module for performing a third operation in the ⁇ third operation, fourth operation ⁇ at the first layer.
  • first bit group is used for the input of the third operation
  • first modified bit group is the output of the third operation
  • second bit group is used for the input of the fourth operation
  • second modified bit The group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇
  • the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the foregoing base station device is characterized in that: the third processing module is further configured to receive the first bit group and the second modified bit group from a second layer, and transmit the first bit from the first layer A set of bits is given to the lower layer.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the fourth operation is performed in the second layer.
  • the foregoing base station device is characterized in that the third processing module is further used for at least one of the following:
  • the first information is used for the third operation and the fourth operation.
  • the second information is used to determine at least the latter of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine whether the first layer and the second layer are the same.
  • the foregoing base station device is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the foregoing base station device is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
  • the invention discloses a non-access network device, which comprises the following modules:
  • a fourth processing module for performing a fourth operation in the ⁇ third operation, fourth operation ⁇ at the second layer.
  • first bit group is used for the input of the third operation
  • first modified bit group is the output of the third operation
  • second bit group is used for the input of the fourth operation
  • second modified bit The group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇
  • the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the non-access network device is characterized in that: the fourth processing module is further configured to: deliver the first bit group and the second modified bit group from the second layer to the first layer. Wherein the third operation is performed in the first layer.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the non-access network device is characterized in that: the fourth processing module is further used to At least one of the following:
  • Step A0 Sending the first information through the S1 interface
  • Step A2 Send the second message via the S1 interface.
  • the first information is used for the third operation and the fourth operation.
  • the second information is used to determine at least the latter of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine whether the first layer and the second layer are the same.
  • the non-access network device is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  • the non-access network device is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
  • the present invention has the following technical advantages over the prior art:
  • Figure 1 shows a schematic diagram of a first operation in accordance with one embodiment of the present invention
  • Figure 2 shows a schematic diagram of a third operation in accordance with one embodiment of the present invention
  • Figure 3 shows a schematic diagram of a second operation in accordance with one embodiment of the present invention
  • Figure 4 shows a schematic diagram of a fourth operation in accordance with one embodiment of the present invention.
  • Figure 5 shows a schematic diagram of a first operation and a third operation in accordance with one embodiment of the present invention
  • Figure 6 shows a schematic diagram of a second operation and a fourth operation in accordance with one embodiment of the present invention
  • Figure 7 is a flow chart showing the transmission and reception of downlink data in accordance with one embodiment of the present invention.
  • Figure 8 is a flow chart showing the reception of downlink data in accordance with one embodiment of the present invention.
  • Figure 9 is a flow chart showing the transmission of downlink data in accordance with one embodiment of the present invention.
  • Figure 10 shows a schematic diagram of a first set of bits in accordance with one embodiment of the present invention
  • Figure 11 shows a schematic diagram of a network slice in accordance with one embodiment of the present invention.
  • FIG. 12 is a block diagram showing the structure of a processing device in a UE according to an embodiment of the present invention.
  • Figure 13 is a block diagram showing the structure of a processing device in a base station according to an embodiment of the present invention.
  • Figure 14 is a block diagram showing the structure of a processing device in a core network device in accordance with one embodiment of the present invention.
  • Embodiment 1 illustrates a schematic diagram of the first operation, as shown in FIG.
  • the first modified bit group becomes the first bit group after the first operation.
  • the first bit group and the first modified bit group respectively comprise a positive integer number of bits.
  • the first operation includes at least one of ⁇ decompression, decryption, integrity verification ⁇ .
  • the first bit group is an IP header.
  • the first operation is performed in a PDCP layer in the UE.
  • the first operation includes ⁇ decompression, decryption ⁇ ; or the first operation includes ⁇ decompression, decryption, integrity verification ⁇ .
  • the first bit group is generated by the first modified bit group after the integrity verification, the decryption and the decompression.
  • the first bit group is generated after the first modified bit group is sequentially subjected to the decryption and the decompression.
  • the number of bits after the first modified bit group is decompressed is greater than the number of bits in the first modified bit group.
  • the decompression is to compare the original header and the compressed header to obtain a header before compression.
  • the decompression is an inverse operation of a Robust Header Compression (ROHC) algorithm.
  • ROHC Robust Header Compression
  • the decompression is an inverse of the compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
  • the decryption is raw data and a string of keys to mask.
  • the de-masking is a data and mask operation or operation.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a radio bearer identifier (Radio Bearer ID).
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the decryption is a decryption algorithm described by TS 36.323.
  • the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
  • the X message verification code-integrity is implemented by an integrity verification algorithm.
  • the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters of the integrity verification algorithm include a Radio Bearer ID.
  • the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
  • the input parameters of the integrity verification algorithm include a first security key.
  • the input parameters of the integrity verification algorithm include data.
  • the first operation is performed in a user equipment.
  • the first operation is implemented by a software program in the user device.
  • Embodiment 2 exemplifies a schematic view of the third operation, as shown in FIG.
  • the first bit group becomes the first modified bit group after the third operation.
  • the first bit group and the first modified bit group respectively comprise a positive integer number of bits.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇ .
  • the first bit group is an IP header.
  • the third operation is performed in the PDCP layer in the base station.
  • the third operation includes ⁇ compression, encryption ⁇ ; or the third operation includes ⁇ compression, encryption, integrity protection ⁇ .
  • the first modified bit group is generated after the first bit group is sequentially subjected to the integrity protection, the encryption and the compression.
  • the first bit group is generated after the first modified bit group is sequentially subjected to the encryption and the compression.
  • the number of bits of the first bit group after compression is smaller than the number of bits in the first bit group.
  • the number of bits output is less than the number of bits input.
  • the compression is Robust Header Compression (ROHC).
  • ROIHC Robust Header Compression
  • the compression employs the compression algorithm exemplified in Table 5.5.1.1 of 3GPP TS 36.323.
  • the encryption is used to ensure that the data remains confidential between the originating and terminating ends.
  • the encryption uses a string of keys to mask the original data.
  • the masking is an XOR operation of two data.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a Radio Bearer ID.
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the encryption uses the encryption algorithm described in TS 36.323.
  • the integrity protection refers to: Implementing Message Authentication Code-Integrity (MAC-I) and data masking.
  • MAC-I Message Authentication Code-Integrity
  • the message verification code-integrity is implemented by an integrity protection algorithm.
  • the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters protected by the integrity algorithm include a Radio Bearer ID.
  • the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the input parameters of the integrity protection algorithm include a first security key.
  • the input parameters of the integrity protection algorithm include data.
  • the first operation is performed in a base station device.
  • the first operation is implemented by a software program in a base station device.
  • Embodiment 3 illustrates a schematic diagram of the second operation, as shown in FIG.
  • the second modified bit group becomes a second bit group after the second operation.
  • the second bit group and the second modified bit group respectively comprise a positive integer number of bits.
  • the second operation includes at least one of ⁇ decryption, integrity verification ⁇ .
  • the second bit group is an IP payload.
  • the second operation is performed in the NAS of the UE.
  • the second operation comprises decryption; or the second operation comprises ⁇ integrity verification, decryption ⁇ .
  • the second bit group is generated after the second modified bit group is sequentially subjected to the integrity verification and the decryption.
  • the second bit group is generated after the second modified bit group is subjected to the decryption.
  • the decryption is raw data and a string of keys to mask.
  • the de-masking is a data and mask operation or operation.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a radio bearer identifier (Radio Bearer ID).
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the decryption is a decryption algorithm described by TS 36.323.
  • the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
  • the X message verification code-integrity is implemented by an integrity verification algorithm.
  • the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters of the integrity verification algorithm include a Radio Bearer ID.
  • the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
  • the input parameters of the integrity verification algorithm include a first security key.
  • the input parameters of the integrity verification algorithm include data.
  • the second operation is performed in a user equipment.
  • the second operation is implemented by a software program in the user device.
  • Embodiment 4 exemplifies a schematic view of the fourth operation, as shown in FIG.
  • the second bit group becomes the second modified bit group after the fourth operation.
  • the second bit group and the second modified bit group respectively comprise a positive integer number of bits.
  • the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the second bit group is an IP payload.
  • the fourth operation is performed in a NAS in the core network device.
  • the fourth operation includes encryption; or the fourth operation includes ⁇ encryption, Integrity protection ⁇ .
  • the second modified bit group is generated after the second bit group sequentially passes the encryption and the integrity protection.
  • the second modified bit group is generated after the second bit group is subjected to the encryption.
  • the encryption is used to ensure that the data remains confidential between the originating and terminating ends.
  • the encryption uses a string of keys to mask the original data.
  • the masking is an XOR operation of two data.
  • the string of keys includes a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the string of keys includes a Radio Bearer ID.
  • the string of keys includes a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the string of keycasts includes a first security key.
  • the encryption uses the encryption algorithm described in TS 36.323.
  • the integrity protection refers to: Implementing Message Authentication Code-Integrity (MAC-I) and data masking.
  • MAC-I Message Authentication Code-Integrity
  • the message verification code-integrity is implemented by an integrity protection algorithm.
  • the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
  • HFN Hyper Frame Number
  • the input parameters protected by the integrity algorithm include a Radio Bearer ID.
  • the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
  • PDCP SN PDCP sequence number
  • the input parameters of the integrity protection algorithm include a first security key.
  • the input parameters of the integrity protection algorithm include data.
  • the fourth operation is performed in a non-access network device, ie, a core network device.
  • the fourth operation is implemented by a software program in the core network device.
  • Embodiment 5 exemplifies a first operation and a third operation, as shown in FIG.
  • the third operation includes at least a front of ⁇ compression, encryption, integrity protection ⁇ Both; the first operation includes at least two of ⁇ integrity verification, decryption, decompression ⁇ .
  • the compression and the decompression are inverse operations
  • the encryption and the decryption are inverse operations
  • the integrity protection and the integrity verification are inverse operations.
  • the first operation and the third operation are performed in a UE and a base station, respectively.
  • the first operation and the third operation are performed in a PDCP layer of a UE and a PDCP layer of a base station, respectively.
  • the first operation and the third operation are performed in a peer-to-peer layer of the UE and the base station, respectively.
  • Embodiment 6 exemplifies a schematic diagram of the second operation and the fourth operation, as shown in FIG.
  • the fourth operation includes at least the former of ⁇ Encryption, Integrity Protection ⁇ , and the second operation includes at least the latter of ⁇ Integrity Verification, Decryption ⁇ .
  • Embodiment 6 the encryption and the decryption are inverse operations, and the integrity protection and the integrity verification are mutually reverse operations.
  • the second operation and the fourth operation are performed in the UE and the core network device, respectively.
  • the second operation and the fourth operation are performed in a NAS of a UE and a NAS of a core network device, respectively.
  • the first operation and the third operation are performed in a peer-to-peer layer of the UE and the core network device, respectively.
  • Embodiment 7 exemplifies a flow chart of transmission and reception of downlink data, as shown in FIG. In Fig. 7, step S31 is optional.
  • the UE maintains the lower layer D0, the first layer D1, and the second layer D2; the base station maintains the lower layer C0 and the first layer C1; and the core network device maintains the second layer C2.
  • step S10 the second layer C2 performs a fourth operation of transferring the first bit group and the second modified bit group to the first layer C1; in step S11, the first layer C1 performs a third operation, Pass The first set of bits is handed to the lower layer C0.
  • step S21 the first layer D1 receives the first bit set from the lower layer D0, the first layer D1 performs a first operation; in step S20, the first layer D1 delivers the first bit group and the second modified bit group A second operation is performed on the second layer D2, the second layer D2.
  • the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, The second modified bit group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇ , and the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, the second bit group is The output of the second operation.
  • the first operation includes at least one of ⁇ decompression, decryption, integrity verification ⁇
  • the second operation includes at least one of ⁇ decryption, integrity verification ⁇ .
  • the first modified bit group and the second modified bit group belong to the same protocol data unit.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the protocol data unit is a PDCP PDU.
  • step S31 the second layer C2 transmits the target information to the second layer D2.
  • the data channel between the second layer C2 and the second layer D2 includes ⁇ first layer C1, lower layer C0, wireless channel, lower layer D0, first layer D1 ⁇ .
  • the target information includes at least one of ⁇ the first information in the present invention, the second information in the present invention ⁇ .
  • the target information is carried by RRC signaling.
  • the target information is carried by NAS information.
  • the lower layer C0, the first layer C1, the second layer C2, the lower layer D0, and the first layer D1 and the second layer D2 respectively include an RLC layer, a PDCP layer, a NAS, an RLC layer, a PDCP layer, and a NAS.
  • the first layer C1 further includes an RRC (Radio Resource Control) layer
  • the first layer D1 further includes an RRC layer.
  • RRC Radio Resource Control
  • the lower layer D0 further includes a MAC (Media Access Control) layer and a physical layer
  • the lower layer C0 further includes a MAC layer and a physical layer
  • the core network device and the base station are connected through an S1 interface.
  • the first modified bit group and the second modified bit group belong to the same PDCP PDU.
  • Embodiment 8 exemplifies a flowchart of reception of downlink data, as shown in FIG. In Figure 8, the second layer, the first layer and the lower layer are all maintained by the UE.
  • the first layer receives the first modified bit group and the second modified bit group from the lower layer; the first layer performs a first operation on the first modified bit group therein, and the second modified The bit group is transparently passed to the second layer; the second layer performs a second operation on the received second modified bit group.
  • the first modified bit group and the second modified bit group belong to one higher layer PDU.
  • the lower layer is an RLC layer.
  • the first layer and the second layer are a PDCP layer and a NAS, respectively.
  • the second information in the present invention is used to determine:
  • the first layer and the second layer are respectively a PDCP layer and a NAS; or
  • the first layer and the second layer both belong to the PDCP layer
  • the first layer and the second layer both belong to the NAS.
  • Embodiment 9 exemplifies a flow chart of transmission of downlink data, as shown in FIG. In Figure 9, the lower layer is maintained by the base station.
  • the second layer performs the fourth operation on the latter of the ⁇ first bit group, the second bit group ⁇ and then passes the diliver to the lower layer; the first layer pairs the ⁇ first bit from the second layer.
  • the former of the group, the second modified bit group ⁇ is subjected to the third operation and then passed to the lower layer; the first layer transparently passes the second modified bit group from the second layer to the lower layer.
  • the first modified bit group and the second modified bit group belong to one higher layer PDU.
  • the lower layer is an RLC layer.
  • the first layer includes at least a former one of a ⁇ PDCP layer, an RRC layer ⁇ , and the second layer is a NAS.
  • the first layer and the second layer are respectively maintained by the base station and the UPS
  • the second information in the present invention is used to determine:
  • the first layer and the second layer are respectively a PDCP layer and a NAS; or
  • the first layer and the second layer both belong to the PDCP layer
  • the first layer and the second layer both belong to the NAS.
  • Embodiment 10 illustrates a schematic diagram of a first set of bits, as shown in FIG.
  • the first set of bits is formed by a third bit group, the first modified bit group and the second modified bit group are sequentially cascaded.
  • the first set of bits is a PDCP PDU
  • the third set of bits includes a PDCP header.
  • Embodiment 11 illustrates a schematic diagram of a network slice, as shown in FIG.
  • a given RAT Radio Access Technology
  • the network slice #1 shown corresponds to user type #1
  • the network slice #2 shown corresponds to user type #2
  • the network slice #3 shown corresponds to user type #3.
  • the network slice #1 shown corresponds to the service group #1
  • the network slice #2 shown corresponds to the service group #2
  • the network slice #3 shown corresponds to the service group #3.
  • the user type #1 is for a mobile broadband user.
  • the user type #2 is for a general IOT (Internet of Things) user.
  • the user type #3 is for an IOT user with special needs.
  • the special demanded IOT user corresponds to a medical IOT user.
  • the special demanded IOT user corresponds to a car network IOT user.
  • the special demanded IOT user corresponds to an industrial robot IOT user.
  • the service group #1 includes at least one of ⁇ wireless communication, Internet ⁇ services.
  • the business group #2 includes at least one of ⁇ logistics, agriculture, weather ⁇ services.
  • the service group #3 includes ⁇ autopilot, industrial manufacturing ⁇ business At least one of them.
  • the given RAT is a RAT based on 5G technology.
  • the given RAT is a RAT based on NR (New Radio) technology.
  • Embodiment 12 exemplifies a structural block diagram of a processing device in a UE, as shown in FIG.
  • the UE processing apparatus 100 is mainly composed of a first processing module 101 and a second processing module 102.
  • the first processing module 101 is configured to perform a first operation at the first layer; the second processing module 102 is configured to perform a second operation at the second layer.
  • the first modified bit group is used for the input of the first operation, the first bit group is an output of the first operation; the second modified bit group is used for the second operation Input, the second set of bits is the output of the second operation.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the bit group includes a positive integer number of bits.
  • the first operation includes ⁇ integrity verification, decryption, decompression ⁇ , the second operation includes ⁇ integrity verification, decryption ⁇ ; or the first operation includes ⁇ decryption, decompression ⁇ , the second operation Includes decryption.
  • the first processing module 101 is further used for at least one of the following:
  • the first information is used for the first operation and the second operation.
  • the second information is used to determine that the first operation and the second operation are performed in the first layer and the second layer, respectively.
  • the first layer includes a PDCP layer and the second layer is a NAS.
  • the first processing module 101 is further configured to: pass the first set of bits from the lower layer to the first layer; and the second processing module 102 is further configured to deliver the first bit group from the first layer. And the second modified bit group is given to the second layer.
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the first bit block is an IP header and the second bit block is an IP payload.
  • Embodiment 13 exemplifies a structural block diagram of a processing device in a base station, as shown in FIG.
  • the base station processing apparatus 200 is mainly composed of a third processing module 201.
  • the third processing module 201 is configured to perform the third operation in the ⁇ third operation, the fourth operation ⁇ in the first layer.
  • the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second The modified bit group is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇ , and the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the third processing module 201 is further configured to:
  • the first set of bits includes the first modified bit group and the second modified bit group.
  • the fourth operation is performed in the second layer.
  • the third processing module 201 is further used for at least one of the following:
  • Step A10 Receive the first information over the S1 interface; and transmit the first information over the air interface.
  • Step A11 Receive the second information via the S1 interface; or send the second information over the air interface.
  • first information is used for the third operation and the fourth operation.
  • the second information is used to determine the first layer and the second layer; or the second information is used to determine whether ⁇ the first layer, the second layer ⁇ are the same.
  • Embodiment 14 exemplifies a structural block diagram of a processing device in a core king device, as shown in FIG.
  • the processing device 300 of the core network device is mainly composed of a fourth processing module 301.
  • the fourth processing module 301 is configured to perform the fourth operation in the ⁇ third operation, fourth operation ⁇ in the second layer.
  • the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second Modified bit group Is the output of the fourth operation.
  • the third operation includes at least one of ⁇ compression, encryption, integrity protection ⁇ , and the fourth operation includes at least one of ⁇ encryption, integrity protection ⁇ .
  • the first modified bit group and the second modified bit group correspond to the same PDCP PDU.
  • the fourth processing module 301 is further configured to:
  • the third operation is performed in the first layer.
  • the first modified bit group and the second modified bit group correspond to the same protocol data unit.
  • the first layer is maintained by a base station device.
  • the fourth processing module 301 is further used for at least one of the following:
  • the first information is used for the third operation and the fourth operation.
  • the second information is used to determine at least the latter of ⁇ the first layer, the second layer ⁇ ; or the second information is used to determine ⁇ the first layer, the second layer ⁇ Is it the same?
  • the second layer is a NAS, and the first layer is a PDCP layer.
  • the first information is a network slice (Slice) specific.
  • the second information is a network slice (Slice) specific.
  • each module unit in the above embodiment may be implemented in hardware form or in the form of a software function module.
  • the application is not limited to any specific combination of software and hardware.
  • the UE and the terminal in the present invention include but are not limited to RFID, IoT terminal equipment, MTC (Machine Type Communication) terminal, vehicle communication device, wireless sensor, network card, mobile phone, tablet computer, notebook and other wireless communication devices.
  • the base station, the base station device, and the network side device in the present invention include, but are not limited to, a macro communication base station, a micro cell base station, a home base station, a relay base station, and the like.

Abstract

Disclosed are a method and device for use in downlink transmission. A UE first executes a first operation in a first layer then executes a second operation in a second layer. A first modified byte is used for the input of the first operation, a first byte is for the output of the first operation; a second modified byte is used for the input of the second operation, and a second byte is for the output of the second operation. The first modified byte and the second modified byte correspond to a same protocol data unit. The bytes comprise a positive integer-number of bits. The first operation comprises at least one of {decompression, decryption, and integrity verification}; the second operation comprises at least one of {decryption and integrity verification}. The present invention meets QoS requirements and security requirements of different services. In addition, the present invention reduces the access network delay of downlink transmission and increases the access network confidentiality of downlink transmission.

Description

一种用于下行传输的方法和装置Method and device for downlink transmission 技术领域Technical field
本发明涉及无线通信系统中的下行传输的方案,特别是涉及安全传输的方法和装置。The present invention relates to a scheme for downlink transmission in a wireless communication system, and more particularly to a method and apparatus for secure transmission.
背景技术Background technique
LTE(Long Term Evolution)系统中,分组数据汇聚协议(PDCP,Packet Data Convergence Protocol)层位于无线链路控制(RLC,Radio Link Control)层之上,网际通信协议(IP,Internet Protocol)层之下,或者无线资源控制(RRC,Radio Resource Control)层之下。PDCP层支持报头压缩(Header Compression)功能,主要使用鲁棒性报头压缩(ROHC,Robust Header Compression)算法。报头压缩主要用于对IP包进行报头压缩。报头压缩主要针对数据无线承载(DRB,Data Radio Bearer)。PDCP层还支持安全功能,主要包括完整性保护(integrity protection)和加密(ciphering)。其中完整性保护主要针对信令无线承载(SRB,Signaling Radio Bearer),加密主要针对数据无线承载和信令无线承载。In the LTE (Long Term Evolution) system, the Packet Data Convergence Protocol (PDCP) layer is located on the Radio Link Control (RLC) layer and under the Internet Protocol (IP) layer. , or under the Radio Resource Control (RRC) layer. The PDCP layer supports the header compression (Header Compression) function, mainly using the Robust Header Compression (ROHC) algorithm. Header compression is mainly used for header compression of IP packets. Header compression is mainly for data radio bearers (DRB, Data Radio Bearer). The PDCP layer also supports security functions, including integrity protection and ciphering. The integrity protection is mainly for the Signaling Radio Bearer (SRB), and the encryption is mainly for the data radio bearer and the signaling radio bearer.
NR(New Radio)系统中存在多种业务,不同业务的QoS不同,同时对安全功能的要求也不同。在NR系统中,不同的业务可能在不同的网络切片中传输。网络切片是一个逻辑网络,包括核心网和接入网。There are multiple services in the NR (New Radio) system. The QoS of different services is different, and the requirements for security functions are also different. In the NR system, different services may be transmitted in different network slices. A network slice is a logical network that includes a core network and an access network.
发明内容Summary of the invention
发明人通过研究发现:如果类似于LTE系统那样,NR系统只在PDCP层对下行数据进行安全操作,则PDCP层需要针对每一个网络切片进行网络切片专属的安全操作,这样会增加PDCP层的复杂度。The inventor found through research that if the NR system only performs security operations on the downlink data at the PDCP layer, similar to the LTE system, the PDCP layer needs to perform network slice-specific security operations for each network slice, which increases the complexity of the PDCP layer. degree.
发明人通过进一步研究发现:对于时延敏感的业务,在接入网侧进行的安全操作可能增加接入网侧的时延;对于一些安全性要求较高的业务,在接入网侧进行的加密可能增大接入网侧泄密的可能性。The inventor has further researched that, for delay-sensitive services, the security operations performed on the access network side may increase the delay on the access network side; for some services with higher security requirements, on the access network side. Encryption may increase the possibility of leaking on the access network side.
根据上述发明人的研究,NR系统中的不同业务可能采用不同的加密和 完整性保护操作的实体。这些实体可以分属于不同的网络切片,位于不同的协议实体中。对于下行传输,用户设备在非接入层对数据(报头+负载)进行加密,用户设备在PDCP发送端对上层下发的已加密的数据(报头+负载)进行报头压缩。基站侧PDCP接收端不能正确解压缩。According to the above inventor's research, different services in the NR system may adopt different encryption and An entity that integrity protects operations. These entities can be grouped into different network slices and located in different protocol entities. For the downlink transmission, the user equipment encrypts the data (header + load) at the non-access layer, and the user equipment performs header compression on the encrypted data (header + load) sent by the upper layer at the PDCP sending end. The PDCP receiving end of the base station side cannot be decompressed correctly.
针对上述问题,本发明提供了解决方案。需要说明的是,在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。例如本申请的UE中的实施例和实施例中的特征可应用到基站或者核心网设备中,反之亦然。In response to the above problems, the present invention provides a solution. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present application may be combined with each other arbitrarily. For example, the features in the embodiments and embodiments in the UE of the present application can be applied to a base station or a core network device, and vice versa.
本发明公开了一种被用于无线通信的用户设备中的方法,其中,包括如下步骤:The invention discloses a method in a user equipment used for wireless communication, which comprises the following steps:
-步骤A.在第一层执行第一操作;- Step A. Performing the first operation at the first level;
-步骤B.在第二层执行第二操作。- Step B. Perform a second operation at the second level.
其中,第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于所述第二操作的输入,第二比特组是所述第二操作的输出。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述比特组中包括正整数个比特。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一,所述第二操作包括{解密,完整性验证}中的至少之一。Wherein the first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The bit group includes a positive integer number of bits. The first operation includes at least one of {decompression, decryption, integrity verification}, and the second operation includes at least one of {decryption, integrity verification}.
作为一个实施例,所述第一比特组是网际通信协议(IP,Internet Protocol)报头,所述第二比特组是网际通信协议(IP,Internet Protocol)包Payload(负载)。In one embodiment, the first bit group is an Internet Protocol (IP) header, and the second bit group is an Internet Protocol (IP) packet Payload.
作为上述实施例的一个子实施例,所述第二修改的比特组是一个PDCP SDU(Service Data Unit,服务数据单元)。As a sub-embodiment of the foregoing embodiment, the second modified bit group is a PDCP SDU (Service Data Unit).
作为一个实施例,所述第二层是所述第一层的上层。As an embodiment, the second layer is an upper layer of the first layer.
作为一个实施例,所述第一层是PDCP层,所述第二层是非接入层(NAS,Non Access Stratum)。As an embodiment, the first layer is a PDCP layer and the second layer is a non-access stratum (NAS, Non Access Stratum).
作为上述实施例的一个子实施例,所述第一修改的比特组和所述第二修改的比特组属于同一个PDCP PDU(Protocol Data Unit,协议数据单元)。As a sub-embodiment of the foregoing embodiment, the first modified bit group and the second modified bit group belong to the same PDCP PDU (Protocol Data Unit).
作为一个实施例,所述第二层和所述第一层是否相同是可以配置的。As an embodiment, whether the second layer and the first layer are the same is configurable.
作为一个实施例,对于所述解压缩,输出数据比特数大于输入数据比特数。 As an embodiment, for the decompression, the number of output data bits is greater than the number of input data bits.
作为一个实施例,所述解压缩是比较原始报头和压缩后的报头获得压缩前的报头。As an embodiment, the decompression is to compare the original header and the compressed header to obtain a header before compression.
作为一个实施例,所述解压缩是对鲁棒性报头压缩(ROHC,Robust Header Compression)算法的逆操作。As an embodiment, the decompression is an inverse operation of a Robust Header Compression (ROHC) algorithm.
作为一个实施例,所述解压缩是对TS36.323表5.5.1.1中示例的压缩算法的逆操作。As an embodiment, the decompression is an inverse of the compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
作为一个实施例,所述解密是原始数据和一串密钥去掩。As an embodiment, the decryption is raw data and a string of keys to mask.
作为一个子实施例,所述去掩是数据和掩码做抑或操作。As a sub-embodiment, the de-masking is a data and mask operation or operation.
作为一个子实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个子实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the string of keys includes a radio bearer identifier (Radio Bearer ID).
作为一个子实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As a sub-embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个子实施例,所述一串密钥播包括第一安全密钥。As a sub-embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述解密是TS36.323描述的解密算法。As an embodiment, the decryption is a decryption algorithm described by TS 36.323.
作为一个实施例,所述完整性验证通过比较X消息验证码-完整性(XMAC-I,Message Authentication Code-Integrity)与消息验证码-完整性实现。As an embodiment, the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
作为一个子实施例,所述X消息验证码-完整性与消息验证码-完整性一致,则完整性验证通过,反之则不通过。As a sub-embodiment, if the X message verification code-integrity is consistent with the message verification code-integrity, the integrity verification is passed, and vice versa.
作为一个子实施例,所述X消息验证码-完整性是通过完整性验证算法实现。As a sub-embodiment, the X message verification code-integrity is implemented by an integrity verification algorithm.
作为一个子实施例,所述完整性验证算法的输入参数包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
作为一个子实施例,所述完整性验证算法的输入参数包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Radio Bearer ID.
作为一个子实施例,所述完整性验证算法的输入参数包括PDCP序列号(PDCP SN)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
作为一个子实施例,所述完整性验证算法的输入参数包括第一安全密钥。As a sub-embodiment, the input parameters of the integrity verification algorithm include a first security key.
作为一个子实施例,所述完整性验证算法的输入参数包括数据。As a sub-embodiment, the input parameters of the integrity verification algorithm include data.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤A1,所述步骤B还包括如下步骤B1:Specifically, according to an aspect of the present invention, the step A further includes the following step A1, the step B further comprising the following step B1:
-步骤A1.从下层传递第一比特集合给所述第一层; Step A1. Passing a first set of bits from the lower layer to the first layer;
-步骤B1.从所述第一层传递第一比特组和所述第二修改的比特组给所述第二层。Step B1. Passing the first bit group and the second modified bit group from the first layer to the second layer.
其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。The first set of bits includes the first modified bit group and the second modified bit group.
作为一个实施例,所述第一比特集合是一个PDCP PDU。As an embodiment, the first set of bits is a PDCP PDU.
作为一个实施例,所述第一比特集合是一个下行的高层PDU。As an embodiment, the first set of bits is a downlink high layer PDU.
作为一个实施例,所述第一比特集合是一个下行的PDCP PDU。As an embodiment, the first set of bits is a downlink PDCP PDU.
作为一个实施例,所述第一比特集合包括{PDCP报头,所述第一修改的比特组,所述第二修改的比特组}。As an embodiment, the first set of bits includes a {PDCP header, the first modified bit group, and the second modified bit group}.
作为一个实施例,所述第一层是PDCP层,所述下层是RLC层。As an embodiment, the first layer is a PDCP layer and the lower layer is an RLC layer.
作为一个实施例,所述第二层是非接入层(NAS,Non Access Stratum)。As an embodiment, the second layer is a non-access stratum (NAS, Non Access Stratum).
作为一个实施例,所述第二层是PDCP层。As an embodiment, the second layer is a PDCP layer.
作为一个实施例,所述第二层所在实体是支持3GPP Rel-15版本之后的核心网设备。As an embodiment, the entity where the second layer is located is a core network device after supporting the 3GPP Rel-15 version.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A10.接收第一信息。- Step A10. Receive the first information.
其中,所述第一信息被用于所述第一操作和所述第二操作。Wherein the first information is used for the first operation and the second operation.
作为一个实施例,所述第一信息和第一业务组相关联。所述第一业务组包括一种或者多种业务。As an embodiment, the first information is associated with a first service group. The first service group includes one or more services.
作为一个实施例,所述第一信息承载在RRC(Radio Resource Control,无线资源控制)信令中。As an embodiment, the first information is carried in RRC (Radio Resource Control) signaling.
作为一个实施例,所述第一信息承载在NAS信息中。As an embodiment, the first information is carried in the NAS information.
作为一个实施例,所述第一信息承载在高层信令中。As an embodiment, the first information is carried in higher layer signaling.
作为一个实施例,所述第一信息与S1信令相关。As an embodiment, the first information is related to S1 signaling.
作为一个实施例,所述第一信息包含第一安全密钥,所述第一安全密钥由高层配置。In one embodiment, the first information includes a first security key, and the first security key is configured by a higher layer.
作为一个实施例,所述第一安全密钥是KASME。As an embodiment, the first security key is KASME.
作为一个实施例,所述加密被用于PDCP层的信号无线承载(SRB,Signaling Radio Bearer)和数据无线承载(DRB,Data Radio Bearer)。 As an embodiment, the encryption is used for a Signal Radio Bearer (SRB) and a Data Radio Bearer (DRB) of the PDCP layer.
作为一个实施例,所述完整性保护被用于PDCP层的信号无线承载(SRB,Signaling Radio Bearer)。As an embodiment, the integrity protection is used for a Signal Radio Bearer (SRB) of the PDCP layer.
作为一个实施例,所述加密需要的第二安全密钥从第一安全密钥获得。As an embodiment, the second security key required for the encryption is obtained from the first security key.
作为一个实施例,所述第二安全密钥是KRRCenc。As an embodiment, the second security key is KRRCenc.
作为一个实施例,所述第二安全密钥是KUPenc。As an embodiment, the second security key is KUPenc.
作为一个实施例,所述完整性保护需要的第三安全密钥从第一安全密钥获得。As an embodiment, the third security key required for the integrity protection is obtained from the first security key.
作为一个实施例,所述第三安全密钥是KRRCint。As an embodiment, the third security key is KRRCint.
作为一个实施例,所述第一信息的发送者是支持3GPP Rel-15及之后版本的基站设备。As an embodiment, the sender of the first information is a base station device supporting 3GPP Rel-15 and later versions.
作为一个实施例,所述第一信息的发送者是基站设备。As an embodiment, the sender of the first information is a base station device.
作为一个实施例,所述第一信息的发送者是用户分组系统(UPS,User Packet System)。As an embodiment, the sender of the first information is a User Packet System (UPS).
作为一个实施例,所述第一信息在网络侧设备的NAS层中被生成。As an embodiment, the first information is generated in a NAS layer of the network side device.
作为一个实施例,所述第一信息在网络侧设备的所述第二层中被生成。As an embodiment, the first information is generated in the second layer of the network side device.
作为一个实施例,所述第一信息在用户分组系统(UPS,User Packet System)中生成。As an embodiment, the first information is generated in a User Packet System (UPS).
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A11.接收第二信息。- Step A11. Receiving the second information.
其中,所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the second information is used to determine at least one of {the first layer, the second layer}; or the second information is used to determine the first layer and the second Whether the layers are the same.
作为一个实施例,所述第二信息和第一业务组相关联。所述第一业务组包括一种或者多种业务。As an embodiment, the second information is associated with the first service group. The first service group includes one or more services.
作为一个实施例,所述第二信息被应用于第一无线承载。所述第一比特组和所述第二比特组在所述第一无线承载中传输。As an embodiment, the second information is applied to the first radio bearer. The first bit group and the second bit group are transmitted in the first radio bearer.
作为一个实施例,所述第二信息被基站设备生成。As an embodiment, the second information is generated by a base station device.
作为一个实施例,所述第二信息承载在RRC信令中。As an embodiment, the second information is carried in RRC signaling.
作为一个实施例,所述第二信息在网络侧设备的所述第二层生成。As an embodiment, the second information is generated at the second layer of the network side device.
作为一个实施例,所述第二信息在网络侧设备的NAS层生成。As an embodiment, the second information is generated at a NAS layer of the network side device.
作为一个实施例,所述第二信息承载在NAS信息中。 As an embodiment, the second information is carried in the NAS information.
作为一个实施例,所述第二信息在网络侧设备的PDCP层生成。As an embodiment, the second information is generated at a PDCP layer of the network side device.
作为一个实施例,所述第二信息指示所述第一层和所述第二层都是PDCP层。As an embodiment, the second information indicates that the first layer and the second layer are both PDCP layers.
作为一个实施例,所述第二信息指示所述第一层和所述第二层都是NAS层。As an embodiment, the second information indicates that the first layer and the second layer are both NAS layers.
具体的,根据本发明的一个方面,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。Specifically, according to an aspect of the present invention, the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
作为一个实施例,所述第一业务组是一个网络切片。As an embodiment, the first service group is a network slice.
作为一个实施例,所述业务包含不同的QoS要求。As an embodiment, the service includes different QoS requirements.
作为一个实施例,所述业务包含不同的安全要求。As an embodiment, the service contains different security requirements.
具体的,根据本发明的一个方面,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。Specifically, according to an aspect of the present invention, the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
本发明公开了一种被用于无线通信的基站设备中的方法,其中,包括如下步骤:The invention discloses a method in a base station device used for wireless communication, which comprises the following steps:
-步骤A.在第一层执行{第三操作,第四操作}中的第三操作。- Step A. The third operation in the {third operation, fourth operation} is performed at the first layer.
其中,第一比特组被用于所述第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modification The bit group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,上述方面中,第四操作不在所述第一层中被执行。As an embodiment, in the above aspect, the fourth operation is not performed in the first layer.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A1.从第二层接收所述第一比特组和所述第二修改的比特组,从所述第一层传递第一比特集合给下层。Step A1. Receiving the first bit group and the second modified bit group from the second layer, and transmitting the first bit set from the first layer to the lower layer.
其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。所述第四操作是在所述第二层中被执行。The first set of bits includes the first modified bit group and the second modified bit group. The fourth operation is performed in the second layer.
作为一个实施例,所述第二层由所述基站设备之外的设备维护。As an embodiment, the second layer is maintained by a device other than the base station device.
作为一个实施例,所述第一层和所述第二层之间通过S1接口连接。As an embodiment, the first layer and the second layer are connected by an S1 interface.
作为一个子实施例,所述核心网侧设备是属于户分组系统(UPS,User  Packet System)。As a sub-embodiment, the core network side device belongs to a household grouping system (UPS, User). Packet System).
作为一个实施例,所述第一比特组是网际通信协议(IP,Internet Protocol)报头,所述第二比特组是网际通信协议(IP,Internet Protocol)包Payload(负载)。In one embodiment, the first bit group is an Internet Protocol (IP) header, and the second bit group is an Internet Protocol (IP) packet Payload.
作为上述实施例的一个子实施例,所述第二修改的比特组是一个PDCP SDU(Service Data Unit,服务数据单元)。As a sub-embodiment of the foregoing embodiment, the second modified bit group is a PDCP SDU (Service Data Unit).
作为一个实施例,所述第二层是所述第一层的上层。As an embodiment, the second layer is an upper layer of the first layer.
作为一个实施例,所述第一层是PDCP层,所述第二层是非接入层(NAS,Non Access Stratum)。As an embodiment, the first layer is a PDCP layer and the second layer is a non-access stratum (NAS, Non Access Stratum).
作为上述实施例的一个子实施例,所述第一修改的比特组和所述第二修改的比特组属于同一个PDCP PDU。As a sub-embodiment of the foregoing embodiment, the first modified bit group and the second modified bit group belong to the same PDCP PDU.
作为一个实施例,所述第二层和所述第一层是否相同是可以配置的。As an embodiment, whether the second layer and the first layer are the same is configurable.
作为一个实施例,所述第一比特集合是一个PDCP PDU。As an embodiment, the first set of bits is a PDCP PDU.
作为一个实施例,所述第一比特集合是一个下行的高层PDU。As an embodiment, the first set of bits is a downlink high layer PDU.
作为一个实施例,所述第一比特集合是一个下行的PDCP PDU。As an embodiment, the first set of bits is a downlink PDCP PDU.
作为一个实施例,所述第一比特集合包括{PDCP报头,所述第一比特组,所述第二比特组}。As an embodiment, the first set of bits includes a {PDCP header, the first bit group, the second bit group}.
作为一个实施例,所述第一层是PDCP层,所述下层是RLC层。As an embodiment, the first layer is a PDCP layer and the lower layer is an RLC layer.
作为一个实施例,所述压缩是输入数据比特数小于输出数据比特数。As an embodiment, the compression is that the number of input data bits is less than the number of output data bits.
作为一个实施例,所述压缩是鲁棒性报头压缩(ROHC,Robust Header Compression)。As an embodiment, the compression is Robust Header Compression (ROHC).
作为一个实施例,所述压缩是TS36.323表5.5.1.1中示例的压缩算法。As an embodiment, the compression is a compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
作为一个实施例,所述加密是保证数据在发端和收端之间保持机密。As an embodiment, the encryption is to ensure that the data remains confidential between the originating and the terminating end.
作为一个实施例,所述加密是原始数据和一串密钥加掩。As an embodiment, the encryption is raw data and a string of key masking.
作为一个子实施例,所述加掩是两个数据做抑或操作。As a sub-embodiment, the masking is two data operations or operations.
作为一个子实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个子实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the string of keys includes a radio bearer identifier (Radio Bearer ID).
作为一个子实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As a sub-embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个子实施例,所述一串密钥播包括第一安全密钥。As a sub-embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述加密是TS36.323描述的加密算法。 As an embodiment, the encryption is an encryption algorithm described by TS 36.323.
作为一个实施例,所述完整性保护通过消息验证码-完整性(MAC-I,Message Authentication Code-Integrity)与数据加掩实现。As an embodiment, the integrity protection is implemented by Message Authentication Code-Integrity (MAC-I) and data masking.
作为一个子实施例,所述消息验证码-完整性是通过完整性保护算法实现。As a sub-embodiment, the message verification code-integrity is implemented by an integrity protection algorithm.
作为一个子实施例,所述完整性算法保护的输入参数包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
作为一个子实施例,所述完整性算法保护的输入参数包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the input parameters protected by the integrity algorithm include a Radio Bearer ID.
作为一个子实施例,所述完整性算法保护的输入参数包括PDCP序列号(PDCP SN)。As a sub-embodiment, the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
作为一个子实施例,所述完整性保护算法的输入参数包括第一安全密钥。As a sub-embodiment, the input parameters of the integrity protection algorithm include a first security key.
作为一个子实施例,所述完整性保护算法的输入参数包括数据。As a sub-embodiment, the input parameters of the integrity protection algorithm include data.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A10.通过S1接口接收第一信息;或者通过空中接口发送第一信息。Step A10. Receive the first information via the S1 interface; or send the first information over the air interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。Wherein the first information is used for the third operation and the fourth operation.
作为一个实施例,所述第一信息和第一业务组相关联。所述第一业务组包括一种或者多种业务。As an embodiment, the first information is associated with a first service group. The first service group includes one or more services.
作为一个实施例,所述第一信息包含第一安全密钥,所述第一安全密钥由高层配置。In one embodiment, the first information includes a first security key, and the first security key is configured by a higher layer.
作为一个实施例,所述第一安全密钥是KASME。As an embodiment, the first security key is KASME.
作为一个实施例,所述加密被用于PDCP层的信号无线承载(SRB,Signaling Radio Bearer)和数据无线承载(DRB,Data Radio Bearer)。As an embodiment, the encryption is used for a Signal Radio Bearer (SRB) and a Data Radio Bearer (DRB) of the PDCP layer.
作为一个实施例,所述完整性保护被用于PDCP层的信号无线承载(SRB,Signaling Radio Bearer)。As an embodiment, the integrity protection is used for a Signal Radio Bearer (SRB) of the PDCP layer.
作为一个实施例,所述加密需要的第二安全密钥从第一安全密钥获得。As an embodiment, the second security key required for the encryption is obtained from the first security key.
作为一个实施例,所述第二安全密钥是KRRCenc。As an embodiment, the second security key is KRRCenc.
作为一个实施例,所述第二安全密钥是KUPenc。As an embodiment, the second security key is KUPenc.
作为一个实施例,所述完整性保护需要的第三安全密钥从第一安全密钥获得。As an embodiment, the third security key required for the integrity protection is obtained from the first security key.
作为一个实施例,所述第三安全密钥是KRRCint。As an embodiment, the third security key is KRRCint.
作为一个实施例,所述第一信息的发送者是支持3GPP Rel-15及之后版本的 基站设备。As an embodiment, the sender of the first information is supported by 3GPP Rel-15 and later versions. Base station equipment.
作为一个实施例,所述第一信息的发送者是基站设备。As an embodiment, the sender of the first information is a base station device.
作为一个实施例,所述第一信息承载在RRC信令中。As an embodiment, the first information is carried in RRC signaling.
作为一个实施例,所述第一信息的发送者是用户分组系统(UPS,User Packet System)。As an embodiment, the sender of the first information is a User Packet System (UPS).
作为一个实施例,所述第一信息承载在高层信令中。As an embodiment, the first information is carried in higher layer signaling.
作为一个实施例,所述第一信息和一个S1信令相关。As an embodiment, the first information is related to an S1 signaling.
作为一个实施例,所述S1信令的发送者是用户分组系统(UPS,User Packet System)。As an embodiment, the sender of the S1 signaling is a User Packet System (UPS).
作为一个实施例,所述第一信息在网络侧设备的NAS层中被生成。As an embodiment, the first information is generated in a NAS layer of the network side device.
作为一个实施例,所述第一信息在网络侧设备的所述第二层中被生成。As an embodiment, the first information is generated in the second layer of the network side device.
作为一个实施例,所述第一信息在用户分组系统(UPS,User Packet System)中生成。As an embodiment, the first information is generated in a User Packet System (UPS).
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A11.通过S1接口接收第二信息;或者通过空中接口发送第二信息。- Step A11. Receive the second information via the S1 interface; or send the second information over the air interface.
其中,所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the second information is used to determine at least one of {the first layer, the second layer}; or the second information is used to determine the first layer and the second Whether the layers are the same.
作为一个实施例,上述方面确保基站能够对所述第一修改的比特组和所述第二修改的比特组采取正确的操作,避免了基站对所述第二修改的比特组执行所述第四操作。As an embodiment, the foregoing aspect ensures that the base station can perform correct operations on the first modified bit group and the second modified bit group, preventing the base station from performing the fourth on the second modified bit group. operating.
作为一个实施例,所述第二信息和第一业务组相关联。所述第一业务组包括一种或者多种业务。As an embodiment, the second information is associated with the first service group. The first service group includes one or more services.
作为一个实施例,所述第二信息被应用于第一无线承载。所述第一比特组和所述第二比特组在所述第一无线承载中传输。As an embodiment, the second information is applied to the first radio bearer. The first bit group and the second bit group are transmitted in the first radio bearer.
作为一个实施例,所述第二信息承载在RRC信令中。As an embodiment, the second information is carried in RRC signaling.
作为一个实施例,所述第二信息被基站设备生成。As an embodiment, the second information is generated by a base station device.
作为一个实施例,所述第二信息在网络侧设备的所述第二层生成。As an embodiment, the second information is generated at the second layer of the network side device.
作为一个实施例,所述第二信息在网络侧设备的NAS层生成。As an embodiment, the second information is generated at a NAS layer of the network side device.
作为一个实施例,所述第二信息在网络侧设备的PDCP层生成。 As an embodiment, the second information is generated at a PDCP layer of the network side device.
作为一个实施例,所述第二信息承载在高层信令中。As an embodiment, the second information is carried in higher layer signaling.
作为一个实施例,所述第二信息与一个S1信令相关。As an embodiment, the second information is related to an S1 signaling.
作为一个实施例,所述第二信息指示所述第一层和所述第二层都是PDCP层。As an embodiment, the second information indicates that the first layer and the second layer are both PDCP layers.
作为一个实施例,所述第二信息指示所述第一层和所述第二层都是NAS层。As an embodiment, the second information indicates that the first layer and the second layer are both NAS layers.
具体的,根据本发明的一个方面,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。Specifically, according to an aspect of the present invention, the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
作为一个实施例,所述业务的QoS要求是独立配置的。As an embodiment, the QoS requirements of the service are independently configured.
作为一个实施例,所述业务对应的安全要求是独立配置的。As an embodiment, the security requirements corresponding to the service are independently configured.
作为一个实施例,所述第一业务组是一个网络切片。As an embodiment, the first service group is a network slice.
作为一个实施例,所述第一业务组中的所有业务共享相同的安全要求。As an embodiment, all services in the first service group share the same security requirements.
作为一个实施例,所述第一业务组中的所有业务共享相同的QoS要求。As an embodiment, all services in the first service group share the same QoS requirements.
具体的,根据本发明的一个方面,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。Specifically, according to an aspect of the present invention, the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
作为一个实施例,针对不同业务,上述方面能满足可变的QoS要求以及安全要求As an embodiment, the above aspects can meet variable QoS requirements and security requirements for different services.
本发明公开了一种非接入网设备中的方法,其中,包括如下步骤:The invention discloses a method in a non-access network device, which comprises the following steps:
-步骤A.在第二层执行{第三操作,第四操作}中的第四操作。- Step A. The fourth operation in the {third operation, fourth operation} is performed at the second layer.
其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,上述方面中,所述第三操作不在所述第二层中被执行。As an embodiment, in the above aspect, the third operation is not performed in the second layer.
作为一个实施例,所述第一层由所述非接入网设备之外的设备维护。As an embodiment, the first layer is maintained by a device other than the non-access network device.
作为一个实施例,所述第一层由基站维护。As an embodiment, the first layer is maintained by a base station.
作为一个子实施例,所述基站支持3GPP Rel-15及之后的版本。As a sub-embodiment, the base station supports 3GPP Rel-15 and later versions.
作为一个实施例,所述第一层和所述第二层之间通过S1接口连接。As an embodiment, the first layer and the second layer are connected by an S1 interface.
作为一个实施例,所述第一比特组是网际通信协议(IP,Internet Protocol) 报头,所述第二比特组是网际通信协议(IP,Internet Protocol)包Payload(负载)。As an embodiment, the first bit group is an Internet Protocol (IP). In the header, the second bit group is an Internet Protocol (IP) packet Payload (load).
作为上述实施例的一个子实施例,所述第二修改的比特组是一个PDCP SDU(Service Data Unit,服务数据单元)。As a sub-embodiment of the foregoing embodiment, the second modified bit group is a PDCP SDU (Service Data Unit).
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A1.从第二层传递所述第一比特组和所述第二修改的比特组给第一层;Step A1. Passing the first bit group and the second modified bit group from the second layer to the first layer;
其中,所述第三操作是在所述第一层中被执行。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the third operation is performed in the first layer. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A10.通过S1接口发送第一信息。- Step A10. The first information is sent via the S1 interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。Wherein the first information is used for the third operation and the fourth operation.
作为一个实施例,所述第一信息和一个S1信令相关。As an embodiment, the first information is related to an S1 signaling.
作为一个实施例,所述第一信息承载在非接入层(NAS,Non Access Stratum)信息中。As an embodiment, the first information is carried in a Non-Access Stratum (NAS) message.
具体的,根据本发明的一个方面,其特征在于,所述步骤A还包括如下步骤:Specifically, according to an aspect of the present invention, the step A further includes the following steps:
-步骤A11.通过S1接口发送第二信息。- Step A11. Send the second information via the S1 interface.
其中,所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the second information is used to determine at least one of {the first layer, the second layer}; or the second information is used to determine the first layer and the second Whether the layers are the same.
作为一个实施例,所述第二信息和一个S1信令相关。As an embodiment, the second information is related to an S1 signaling.
作为一个实施例,所述第二信息承载在非接入层(NAS,Non Access Stratum)信息中。As an embodiment, the second information is carried in non-access stratum (NAS) information.
具体的,根据本发明的一个方面,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。Specifically, according to an aspect of the present invention, the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
具体的,根据本发明的一个方面,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。Specifically, according to an aspect of the present invention, the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
作为一个实施例,针对不同业务,上述方面能满足可变的QoS要求以 及安全要求As an embodiment, the above aspects can meet variable QoS requirements for different services. And safety requirements
本发明公开了一种被用于无线通信的用户设备,其中,包括如下模块:The invention discloses a user equipment used for wireless communication, which comprises the following modules:
-第一处理模块:用于在第一层执行第一操作;a first processing module: for performing a first operation at the first layer;
-第二处理模块:用于在第二层执行第二操作。- a second processing module: for performing a second operation at the second layer.
其中,第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于所述第二操作的输入,第二比特组是所述第二操作的输出。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述比特组中包括正整数个比特。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一,所述第二操作包括{解密,完整性验证}中的至少之一。Wherein the first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The bit group includes a positive integer number of bits. The first operation includes at least one of {decompression, decryption, integrity verification}, and the second operation includes at least one of {decryption, integrity verification}.
作为一个实施例,上述用户设备的特征在于:所述第一处理模块还用于从下层传递第一比特集合给所述第一层;所述第二处理模块还用于从所述第一层传递第一比特组和所述第二修改的比特组给所述第二层。其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。As an embodiment, the user equipment is characterized in that: the first processing module is further configured to: pass a first set of bits from the lower layer to the first layer; and the second processing module is further configured to use the first layer Passing the first bit group and the second modified bit group to the second layer. The first set of bits includes the first modified bit group and the second modified bit group.
作为一个实施例,上述用户设备的特征在于,所述第一处理模块还用于接收第一信息。其中,所述第一信息被用于所述第一操作和所述第二操作。As an embodiment, the user equipment is characterized in that the first processing module is further configured to receive the first information. Wherein the first information is used for the first operation and the second operation.
作为一个实施例,上述用户设备的特征在于,所述第一处理模块还用于接收第二信息。其中,所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。As an embodiment, the user equipment is characterized in that the first processing module is further configured to receive the second information. Wherein the second information is used to determine at least one of {the first layer, the second layer}; or the second information is used to determine the first layer and the second Whether the layers are the same.
作为一个实施例,上述用户设备的特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。As an embodiment, the foregoing user equipment is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
作为一个实施例,上述用户设备的特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。As an embodiment, the foregoing user equipment is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
本发明公开了一种被用于无线通信的基站设备,其中,包括如下模块:The invention discloses a base station device used for wireless communication, which comprises the following modules:
-第三处理模块:用于在第一层执行{第三操作,第四操作}中的第三操作。a third processing module: for performing a third operation in the {third operation, fourth operation} at the first layer.
其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一, 所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, The fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,上述基站设备的特征在于:所述第三处理模块还用于从第二层接收所述第一比特组和所述第二修改的比特组,从所述第一层传递第一比特集合给下层。其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。所述第四操作是在所述第二层中被执行。As an embodiment, the foregoing base station device is characterized in that: the third processing module is further configured to receive the first bit group and the second modified bit group from a second layer, and transmit the first bit from the first layer A set of bits is given to the lower layer. The first set of bits includes the first modified bit group and the second modified bit group. The fourth operation is performed in the second layer.
作为一个实施例,上述基站设备的特征在于:所述第三处理模块还用于以下至少之一:As an embodiment, the foregoing base station device is characterized in that the third processing module is further used for at least one of the following:
-.通过S1接口接收第一信息;或者通过空中接口发送第一信息。- receiving the first information through the S1 interface; or transmitting the first information over the air interface.
-.通过S1接口接收第二信息;或者通过空中接口发送第二信息。- receiving the second information via the S1 interface; or transmitting the second information over the air interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine at least the latter of {the first layer, the second layer}; or the second information is used to determine whether the first layer and the second layer are the same.
作为一个实施例,上述基站设备的特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。As an embodiment, the foregoing base station device is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
作为一个实施例,上述基站设备的特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。As an embodiment, the foregoing base station device is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
本发明公开了一种非接入网设备,其中,包括如下模块:The invention discloses a non-access network device, which comprises the following modules:
-第四处理模块:用于在第二层执行{第三操作,第四操作}中的第四操作。a fourth processing module: for performing a fourth operation in the {third operation, fourth operation} at the second layer.
其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,上述非接入网设备的特征在于:所述第四处理模块还用于从第二层传递所述第一比特组和所述第二修改的比特组给第一层。其中,所述第三操作是在所述第一层中被执行。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。As an embodiment, the non-access network device is characterized in that: the fourth processing module is further configured to: deliver the first bit group and the second modified bit group from the second layer to the first layer. Wherein the third operation is performed in the first layer. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,上述非接入网设备的特征在于:所述第四处理模块还用于 以下至少之一:As an embodiment, the non-access network device is characterized in that: the fourth processing module is further used to At least one of the following:
-步骤A0.通过S1接口发送第一信息;- Step A0. Sending the first information through the S1 interface;
-步骤A2.通过S1接口发送第二信息。- Step A2. Send the second message via the S1 interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine at least the latter of {the first layer, the second layer}; or the second information is used to determine whether the first layer and the second layer are the same.
作为一个实施例,上述非接入网设备的特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。As an embodiment, the non-access network device is characterized in that the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
作为一个实施例,上述非接入网设备的特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。As an embodiment, the non-access network device is characterized in that the first layer is a packet data convergence protocol layer, and the second layer is a non-access layer.
作为一个实施例,相比现有公开技术,本发明具有如下技术优势:As an embodiment, the present invention has the following technical advantages over the prior art:
-.通过将数据包的报头和负载在不同的实体进行加密满足了不同业务的QoS要求,同时满足了对不同业务的安全要求;- By encrypting the header and payload of the data packet in different entities to meet the QoS requirements of different services, while meeting the security requirements for different services;
-.通过指示数据包的报头和负载在用户设备某个实体发送端加密,帮助基站侧实体接收端解压缩;- Helping the base station side entity to decompress the receiving end by indicating that the header and payload of the data packet are encrypted at the transmitting end of an entity of the user equipment;
-.降低了接入网的延迟;- Reduce the delay of the access network;
-.降低了接入网失密的风险,提高了传输的安全性。-. Reduces the risk of access network loss and improves the security of transmission.
附图说明DRAWINGS
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更加明显:Other features, objects, and advantages of the present invention will become more apparent from the Detailed Description of Description
图1示出了根据本发明的一个实施例的第一操作的示意图;Figure 1 shows a schematic diagram of a first operation in accordance with one embodiment of the present invention;
图2示出了根据本发明的一个实施例的第三操作的示意图;Figure 2 shows a schematic diagram of a third operation in accordance with one embodiment of the present invention;
图3示出了根据本发明的一个实施例的第二操作的示意图;Figure 3 shows a schematic diagram of a second operation in accordance with one embodiment of the present invention;
图4示出了根据本发明的一个实施例的第四操作的示意图;Figure 4 shows a schematic diagram of a fourth operation in accordance with one embodiment of the present invention;
图5示出了根据本发明的一个实施例的第一操作和第三操作的示意图;Figure 5 shows a schematic diagram of a first operation and a third operation in accordance with one embodiment of the present invention;
图6示出了根据本发明的一个实施例的第二操作和第四操作的示意图; Figure 6 shows a schematic diagram of a second operation and a fourth operation in accordance with one embodiment of the present invention;
图7示出了根据本发明的一个实施例的下行数据的发送和接收的流程图;Figure 7 is a flow chart showing the transmission and reception of downlink data in accordance with one embodiment of the present invention;
图8示出了根据本发明的一个实施例的下行数据的接收的流程图;Figure 8 is a flow chart showing the reception of downlink data in accordance with one embodiment of the present invention;
图9示出了根据本发明的一个实施例的下行数据的发送的流程图;Figure 9 is a flow chart showing the transmission of downlink data in accordance with one embodiment of the present invention;
图10示出了根据本发明的一个实施例的第一比特集合的示意图;Figure 10 shows a schematic diagram of a first set of bits in accordance with one embodiment of the present invention;
图11示出了根据本发明的一个实施例的网络切片的示意图;Figure 11 shows a schematic diagram of a network slice in accordance with one embodiment of the present invention;
图12示出了根据本发明的一个实施例的UE中的处理装置的结构框图;FIG. 12 is a block diagram showing the structure of a processing device in a UE according to an embodiment of the present invention; FIG.
图13示出了根据本发明的一个实施例的基站中的处理装置的结构框图;Figure 13 is a block diagram showing the structure of a processing device in a base station according to an embodiment of the present invention;
图14示出了根据本发明的一个实施例的核心网设备中的处理装置的结构框图。Figure 14 is a block diagram showing the structure of a processing device in a core network device in accordance with one embodiment of the present invention.
具体实施方式detailed description
下文将结合附图对本发明的技术方案作进一步详细说明,需要说明的是,在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。The technical solutions of the present invention will be further described in detail below with reference to the accompanying drawings. It should be noted that the features of the embodiments and the embodiments of the present application may be combined with each other without conflict.
实施例1Example 1
实施例1示例了第一操作的示意图,如附图1所示。Embodiment 1 illustrates a schematic diagram of the first operation, as shown in FIG.
实施例1中,第一修改的比特组经过第一操作之后变成第一比特组。所述第一比特组和所述第一修改的比特组分别包括正整数个比特。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一。In Embodiment 1, the first modified bit group becomes the first bit group after the first operation. The first bit group and the first modified bit group respectively comprise a positive integer number of bits. The first operation includes at least one of {decompression, decryption, integrity verification}.
作为一个实施例,所述第一比特组是IP报头。所述第一操作在UE中的PDCP层中被执行。As an embodiment, the first bit group is an IP header. The first operation is performed in a PDCP layer in the UE.
作为一个实施例,所述第一操作包括{解压缩,解密};或者所述第一操作包括{解压缩,解密,完整性验证}。As an embodiment, the first operation includes {decompression, decryption}; or the first operation includes {decompression, decryption, integrity verification}.
作为一个实施例,所述第一比特组是所述第一修改的比特组依次经过所述完整性验证,所述解密和所述解压缩之后生成的。As an embodiment, the first bit group is generated by the first modified bit group after the integrity verification, the decryption and the decompression.
作为一个实施例,所述第一比特组是所述第一修改的比特组依次经过所述解密和所述解压缩之后生成的。 As an embodiment, the first bit group is generated after the first modified bit group is sequentially subjected to the decryption and the decompression.
作为一个实施例,所述第一修改的比特组经过解压缩之后的比特的数量大于所述第一修改的比特组中的比特的数量。As an embodiment, the number of bits after the first modified bit group is decompressed is greater than the number of bits in the first modified bit group.
作为一个实施例,所述解压缩是比较原始报头和压缩后的报头获得压缩前的报头。As an embodiment, the decompression is to compare the original header and the compressed header to obtain a header before compression.
作为一个实施例,所述解压缩是对鲁棒性报头压缩(ROHC,Robust Header Compression)算法的逆操作。As an embodiment, the decompression is an inverse operation of a Robust Header Compression (ROHC) algorithm.
作为一个实施例,所述解压缩是对TS36.323表5.5.1.1中示例的压缩算法的逆操作。As an embodiment, the decompression is an inverse of the compression algorithm exemplified in TS 36.323 Table 5.5.1.1.
作为一个实施例,所述解密是原始数据和一串密钥去掩。As an embodiment, the decryption is raw data and a string of keys to mask.
作为一个子实施例,所述去掩是数据和掩码做抑或操作。As a sub-embodiment, the de-masking is a data and mask operation or operation.
作为一个子实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个子实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the string of keys includes a radio bearer identifier (Radio Bearer ID).
作为一个子实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As a sub-embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个子实施例,所述一串密钥播包括第一安全密钥。As a sub-embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述解密是TS36.323描述的解密算法。As an embodiment, the decryption is a decryption algorithm described by TS 36.323.
作为一个实施例,所述完整性验证通过比较X消息验证码-完整性(XMAC-I,Message Authentication Code-Integrity)与消息验证码-完整性实现。As an embodiment, the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
作为一个子实施例,所述X消息验证码-完整性与消息验证码-完整性一致,则完整性验证通过,反之则不通过。As a sub-embodiment, if the X message verification code-integrity is consistent with the message verification code-integrity, the integrity verification is passed, and vice versa.
作为一个子实施例,所述X消息验证码-完整性是通过完整性验证算法实现。As a sub-embodiment, the X message verification code-integrity is implemented by an integrity verification algorithm.
作为一个子实施例,所述完整性验证算法的输入参数包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
作为一个子实施例,所述完整性验证算法的输入参数包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Radio Bearer ID.
作为一个子实施例,所述完整性验证算法的输入参数包括PDCP序列号(PDCP SN)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
作为一个子实施例,所述完整性验证算法的输入参数包括第一安全密钥。As a sub-embodiment, the input parameters of the integrity verification algorithm include a first security key.
作为一个子实施例,所述完整性验证算法的输入参数包括数据。As a sub-embodiment, the input parameters of the integrity verification algorithm include data.
作为一个实施例,所述第一操作是在用户设备中被执行。 As an embodiment, the first operation is performed in a user equipment.
作为一个实施例,所述第一操作是由用户设备中的软件程序实现。As an embodiment, the first operation is implemented by a software program in the user device.
实施例2Example 2
实施例2示例了第三操作的示意图,如附图2所示。Embodiment 2 exemplifies a schematic view of the third operation, as shown in FIG.
实施例2中,第一比特组经过第三操作之后变成第一修改的比特组。所述第一比特组和所述第一修改的比特组分别包括正整数个比特。所述第三操作包括{压缩,加密,完整性保护}中的至少之一。In Embodiment 2, the first bit group becomes the first modified bit group after the third operation. The first bit group and the first modified bit group respectively comprise a positive integer number of bits. The third operation includes at least one of {compression, encryption, integrity protection}.
作为一个实施例,所述第一比特组是IP报头。所述第三操作在基站中的PDCP层中被执行。As an embodiment, the first bit group is an IP header. The third operation is performed in the PDCP layer in the base station.
作为一个实施例,所述第三操作包括{压缩,加密};或者所述第三操作包括{压缩,加密,完整性保护}。As an embodiment, the third operation includes {compression, encryption}; or the third operation includes {compression, encryption, integrity protection}.
作为一个实施例,所述第一修改的比特组是所述第一比特组依次经过所述完整性保护,所述加密和所述压缩之后生成的。As an embodiment, the first modified bit group is generated after the first bit group is sequentially subjected to the integrity protection, the encryption and the compression.
作为一个实施例,所述第一比特组是所述第一修改的比特组依次经过所述加密和所述压缩之后生成的。As an embodiment, the first bit group is generated after the first modified bit group is sequentially subjected to the encryption and the compression.
作为一个实施例,所述第一比特组在压缩之后的比特的数量小于所述第一比特组中的比特的数量。As an embodiment, the number of bits of the first bit group after compression is smaller than the number of bits in the first bit group.
作为一个实施例,对于所述压缩,输出的比特的数量小于输入的比特的数量。As an embodiment, for the compression, the number of bits output is less than the number of bits input.
作为一个实施例,所述压缩是鲁棒性报头压缩(ROHC,Robust Header Compression)。As an embodiment, the compression is Robust Header Compression (ROHC).
作为一个实施例,所述压缩采用3GPP TS36.323中的表5.5.1.1中示例的压缩算法。As an embodiment, the compression employs the compression algorithm exemplified in Table 5.5.1.1 of 3GPP TS 36.323.
作为一个实施例,所述加密被用于保证数据在发端和收端之间保持机密。As an embodiment, the encryption is used to ensure that the data remains confidential between the originating and terminating ends.
作为一个实施例,所述加密是采用一串密钥对原始数据加掩。As an embodiment, the encryption uses a string of keys to mask the original data.
作为一个实施例,所述加掩是两个数据做异或操作。As an embodiment, the masking is an XOR operation of two data.
作为一个实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As an embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As an embodiment, the string of keys includes a Radio Bearer ID.
作为一个实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As an embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个实施例,所述一串密钥播包括第一安全密钥。 As an embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述加密采用TS36.323中描述的加密算法。As an embodiment, the encryption uses the encryption algorithm described in TS 36.323.
作为一个实施例,所述完整性保护是指:通过消息验证码-完整性(MAC-I,Message Authentication Code-Integrity)与数据加掩实现。As an embodiment, the integrity protection refers to: Implementing Message Authentication Code-Integrity (MAC-I) and data masking.
作为一个实施例,所述消息验证码-完整性是通过完整性保护算法实现。As an embodiment, the message verification code-integrity is implemented by an integrity protection algorithm.
作为一个实施例,所述完整性算法保护的输入参数包括超帧号(HFN,Hyper Frame Number)。As an embodiment, the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
作为一个实施例,所述完整性算法保护的输入参数包括无线承载标识(Radio Bearer ID)。As an embodiment, the input parameters protected by the integrity algorithm include a Radio Bearer ID.
作为一个实施例,所述完整性算法保护的输入参数包括PDCP序列号(PDCP SN)。As an embodiment, the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
作为一个实施例,所述完整性保护算法的输入参数包括第一安全密钥。As an embodiment, the input parameters of the integrity protection algorithm include a first security key.
作为一个实施例,所述完整性保护算法的输入参数包括数据。As an embodiment, the input parameters of the integrity protection algorithm include data.
作为一个实施例,所述第一操作是在基站设备中被执行。As an embodiment, the first operation is performed in a base station device.
作为一个实施例,所述第一操作是由基站设备中的软件程序实现。As an embodiment, the first operation is implemented by a software program in a base station device.
实施例3Example 3
实施例3示例了第二操作的示意图,如附图3所示。Embodiment 3 illustrates a schematic diagram of the second operation, as shown in FIG.
实施例3中,第二修改的比特组经过第二操作之后变成第二比特组。所述第二比特组和所述第二修改的比特组分别包括正整数个比特。所述第二操作包括{解密,完整性验证}中的至少之一。In Embodiment 3, the second modified bit group becomes a second bit group after the second operation. The second bit group and the second modified bit group respectively comprise a positive integer number of bits. The second operation includes at least one of {decryption, integrity verification}.
作为一个实施例,所述第二比特组是IP负载。所述第二操作在UE的NAS中被执行。As an embodiment, the second bit group is an IP payload. The second operation is performed in the NAS of the UE.
作为一个实施例,所述第二操作包括解密;或者所述第二操作包括{完整性验证,解密}。As an embodiment, the second operation comprises decryption; or the second operation comprises {integrity verification, decryption}.
作为一个实施例,所述第二比特组是所述第二修改的比特组依次经过所述完整性验证和所述解密之后生成的。In one embodiment, the second bit group is generated after the second modified bit group is sequentially subjected to the integrity verification and the decryption.
作为一个实施例,所述第二比特组是所述第二修改的比特组经过所述解密之后生成的。As an embodiment, the second bit group is generated after the second modified bit group is subjected to the decryption.
作为一个实施例,所述解密是原始数据和一串密钥去掩。As an embodiment, the decryption is raw data and a string of keys to mask.
作为一个子实施例,所述去掩是数据和掩码做抑或操作。 As a sub-embodiment, the de-masking is a data and mask operation or operation.
作为一个子实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个子实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the string of keys includes a radio bearer identifier (Radio Bearer ID).
作为一个子实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As a sub-embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个子实施例,所述一串密钥播包括第一安全密钥。As a sub-embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述解密是TS36.323描述的解密算法。As an embodiment, the decryption is a decryption algorithm described by TS 36.323.
作为一个实施例,所述完整性验证通过比较X消息验证码-完整性(XMAC-I,Message Authentication Code-Integrity)与消息验证码-完整性实现。As an embodiment, the integrity verification is implemented by comparing X Message-Code-Integrity (XMAC-I) with Message Authentication Code-Integrity.
作为一个子实施例,所述X消息验证码-完整性与消息验证码-完整性一致,则完整性验证通过,反之则不通过。As a sub-embodiment, if the X message verification code-integrity is consistent with the message verification code-integrity, the integrity verification is passed, and vice versa.
作为一个子实施例,所述X消息验证码-完整性是通过完整性验证算法实现。As a sub-embodiment, the X message verification code-integrity is implemented by an integrity verification algorithm.
作为一个子实施例,所述完整性验证算法的输入参数包括超帧号(HFN,Hyper Frame Number)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Hyper Frame Number (HFN).
作为一个子实施例,所述完整性验证算法的输入参数包括无线承载标识(Radio Bearer ID)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a Radio Bearer ID.
作为一个子实施例,所述完整性验证算法的输入参数包括PDCP序列号(PDCP SN)。As a sub-embodiment, the input parameters of the integrity verification algorithm include a PDCP sequence number (PDCP SN).
作为一个子实施例,所述完整性验证算法的输入参数包括第一安全密钥。As a sub-embodiment, the input parameters of the integrity verification algorithm include a first security key.
作为一个子实施例,所述完整性验证算法的输入参数包括数据。As a sub-embodiment, the input parameters of the integrity verification algorithm include data.
作为一个实施例,所述第二操作是在用户设备中被执行。As an embodiment, the second operation is performed in a user equipment.
作为一个实施例,所述第二操作是由用户设备中的软件程序实现。As an embodiment, the second operation is implemented by a software program in the user device.
实施例4Example 4
实施例4示例了第四操作的示意图,如附图4所示。Embodiment 4 exemplifies a schematic view of the fourth operation, as shown in FIG.
实施例4中,第二比特组经过第四操作之后变成第二修改的比特组。所述第二比特组和所述第二修改的比特组分别包括正整数个比特。所述第四操作包括{加密,完整性保护}中的至少之一。In Embodiment 4, the second bit group becomes the second modified bit group after the fourth operation. The second bit group and the second modified bit group respectively comprise a positive integer number of bits. The fourth operation includes at least one of {encryption, integrity protection}.
作为一个实施例,所述第二比特组是IP负载。所述第四操作在核心网设备中的NAS中被执行。As an embodiment, the second bit group is an IP payload. The fourth operation is performed in a NAS in the core network device.
作为一个实施例,所述第四操作包括加密;或者所述第四操作包括{加密, 完整性保护}。As an embodiment, the fourth operation includes encryption; or the fourth operation includes {encryption, Integrity protection}.
作为一个实施例,所述第二修改的比特组是所述第二比特组依次经过所述加密和所述完整性保护之后生成的。As an embodiment, the second modified bit group is generated after the second bit group sequentially passes the encryption and the integrity protection.
作为一个实施例,所述第二修改的比特组是所述第二比特组经过所述加密之后生成的。As an embodiment, the second modified bit group is generated after the second bit group is subjected to the encryption.
作为一个实施例,所述加密被用于保证数据在发端和收端之间保持机密。As an embodiment, the encryption is used to ensure that the data remains confidential between the originating and terminating ends.
作为一个实施例,所述加密是采用一串密钥对原始数据加掩。As an embodiment, the encryption uses a string of keys to mask the original data.
作为一个实施例,所述加掩是两个数据做异或操作。As an embodiment, the masking is an XOR operation of two data.
作为一个实施例,所述一串密钥包括超帧号(HFN,Hyper Frame Number)。As an embodiment, the string of keys includes a Hyper Frame Number (HFN).
作为一个实施例,所述一串密钥包括无线承载标识(Radio Bearer ID)。As an embodiment, the string of keys includes a Radio Bearer ID.
作为一个实施例,所述一串密钥包括PDCP序列号(PDCP SN)。As an embodiment, the string of keys includes a PDCP sequence number (PDCP SN).
作为一个实施例,所述一串密钥播包括第一安全密钥。As an embodiment, the string of keycasts includes a first security key.
作为一个实施例,所述加密采用TS36.323中描述的加密算法。As an embodiment, the encryption uses the encryption algorithm described in TS 36.323.
作为一个实施例,所述完整性保护是指:通过消息验证码-完整性(MAC-I,Message Authentication Code-Integrity)与数据加掩实现。As an embodiment, the integrity protection refers to: Implementing Message Authentication Code-Integrity (MAC-I) and data masking.
作为一个实施例,所述消息验证码-完整性是通过完整性保护算法实现。As an embodiment, the message verification code-integrity is implemented by an integrity protection algorithm.
作为一个实施例,所述完整性算法保护的输入参数包括超帧号(HFN,Hyper Frame Number)。As an embodiment, the input parameters protected by the integrity algorithm include a Hyper Frame Number (HFN).
作为一个实施例,所述完整性算法保护的输入参数包括无线承载标识(Radio Bearer ID)。As an embodiment, the input parameters protected by the integrity algorithm include a Radio Bearer ID.
作为一个实施例,所述完整性算法保护的输入参数包括PDCP序列号(PDCP SN)。As an embodiment, the input parameters protected by the integrity algorithm include a PDCP sequence number (PDCP SN).
作为一个实施例,所述完整性保护算法的输入参数包括第一安全密钥。As an embodiment, the input parameters of the integrity protection algorithm include a first security key.
作为一个实施例,所述完整性保护算法的输入参数包括数据。As an embodiment, the input parameters of the integrity protection algorithm include data.
作为一个实施例,所述第四操作是在非接入网设备即核心网设备中被执行。As an embodiment, the fourth operation is performed in a non-access network device, ie, a core network device.
作为一个实施例,所述第四操作是由核心网设备中的软件程序实现。As an embodiment, the fourth operation is implemented by a software program in the core network device.
实施例5Example 5
实施例5示例了第一操作和第三操作的示意图,如附图5所示。Embodiment 5 exemplifies a first operation and a third operation, as shown in FIG.
实施例5中,所述第三操作包括{压缩,加密,完整性保护}中的至少前 两者;所述第一操作包括{完整性验证,解密,解压缩}中的至少后两者。In Embodiment 5, the third operation includes at least a front of {compression, encryption, integrity protection} Both; the first operation includes at least two of {integrity verification, decryption, decompression}.
实施例5中,所述压缩和所述解压缩互为逆操作,所述加密和所述解密互为逆操作,所述完整性保护和所述完整性验证互为逆操作。In Embodiment 5, the compression and the decompression are inverse operations, and the encryption and the decryption are inverse operations, and the integrity protection and the integrity verification are inverse operations.
作为一个实施例,所述第一操作和所述第三操作分别在UE和基站中被执行。As an embodiment, the first operation and the third operation are performed in a UE and a base station, respectively.
作为一个实施例,所述第一操作和所述第三操作分别在UE的PDCP层和基站的PDCP层中被执行。As an embodiment, the first operation and the third operation are performed in a PDCP layer of a UE and a PDCP layer of a base station, respectively.
作为一个实施例,所述第一操作和所述第三操作分别在UE和基站的对等的层中被执行。As an embodiment, the first operation and the third operation are performed in a peer-to-peer layer of the UE and the base station, respectively.
实施例6Example 6
实施例6示例了第二操作和第四操作的示意图,如附图6所示。Embodiment 6 exemplifies a schematic diagram of the second operation and the fourth operation, as shown in FIG.
实施例6中,所述第四操作包括{加密,完整性保护}中的至少前者,所述第二操作包括{完整性验证,解密}中的至少后者。In Embodiment 6, the fourth operation includes at least the former of {Encryption, Integrity Protection}, and the second operation includes at least the latter of {Integrity Verification, Decryption}.
实施例6中,所述加密和所述解密互为逆操作,所述完整性保护和所述完整性验证互为逆操作。In Embodiment 6, the encryption and the decryption are inverse operations, and the integrity protection and the integrity verification are mutually reverse operations.
作为一个实施例,所述第二操作和所述第四操作分别在UE和核心网设备中被执行。As an embodiment, the second operation and the fourth operation are performed in the UE and the core network device, respectively.
作为一个实施例,所述第二操作和所述第四操作分别在UE的NAS和核心网设备的NAS中被执行。As an embodiment, the second operation and the fourth operation are performed in a NAS of a UE and a NAS of a core network device, respectively.
作为一个实施例,所述第一操作和所述第三操作分别在UE和核心网设备的对等的层中被执行。As an embodiment, the first operation and the third operation are performed in a peer-to-peer layer of the UE and the core network device, respectively.
实施例7Example 7
实施例7示例了下行数据的发送和接收的流程图,如附图7所示。附图7中,步骤S31是可选的。Embodiment 7 exemplifies a flow chart of transmission and reception of downlink data, as shown in FIG. In Fig. 7, step S31 is optional.
实施例7中,UE维护下层D0,第一层D1,第二层D2;基站维护下层C0和第一层C1;核心网设备维护第二层C2。In Embodiment 7, the UE maintains the lower layer D0, the first layer D1, and the second layer D2; the base station maintains the lower layer C0 and the first layer C1; and the core network device maintains the second layer C2.
在步骤S10中,第二层C2执行第四操作,传递第一比特组和所述第二修改的比特组给所述第一层C1;在步骤S11中,第一层C1执行第三操作,传 递第一比特集合给下层C0。In step S10, the second layer C2 performs a fourth operation of transferring the first bit group and the second modified bit group to the first layer C1; in step S11, the first layer C1 performs a third operation, Pass The first set of bits is handed to the lower layer C0.
在步骤S21中,第一层D1从下层D0接收第一比特集合,第一层D1执行第一操作;在步骤S20中,第一层D1传递第一比特组和所述第二修改的比特组给第二层D2,第二层D2执行第二操作。In step S21, the first layer D1 receives the first bit set from the lower layer D0, the first layer D1 performs a first operation; in step S20, the first layer D1 delivers the first bit group and the second modified bit group A second operation is performed on the second layer D2, the second layer D2.
实施例7中,第一比特组被用于所述第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于第二操作的输入,第二比特组是所述第二操作的输出。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一,所述第二操作包括{解密,完整性验证}中的至少之一。所述第一修改的比特组和所述第二修改的比特组属于同一个协议数据单元。所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。In Embodiment 7, the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, The second modified bit group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, the second bit group is The output of the second operation. The first operation includes at least one of {decompression, decryption, integrity verification}, and the second operation includes at least one of {decryption, integrity verification}. The first modified bit group and the second modified bit group belong to the same protocol data unit. The first set of bits includes the first modified bit group and the second modified bit group.
作为一个实施例,所述协议数据单元是PDCP PDU。As an embodiment, the protocol data unit is a PDCP PDU.
作为一个实施例,在步骤S31中,第二层C2发送所述目标信息给第二层D2。As an embodiment, in step S31, the second layer C2 transmits the target information to the second layer D2.
作为上述实施例的一个子实施例,第二层C2和第二层D2之间的数据通道包括{第一层C1,下层C0,无线信道,下层D0,第一层D1}。As a sub-embodiment of the above embodiment, the data channel between the second layer C2 and the second layer D2 includes {first layer C1, lower layer C0, wireless channel, lower layer D0, first layer D1}.
作为一个实施例,所述目标信息包括{本发明中的所述第一信息,本发明中的所述第二信息}中的至少之一。As an embodiment, the target information includes at least one of {the first information in the present invention, the second information in the present invention}.
作为一个实施例,所述目标信息是通过RRC信令承载的。As an embodiment, the target information is carried by RRC signaling.
作为一个实施例,所述目标信息是通过NAS信息承载的。As an embodiment, the target information is carried by NAS information.
作为一个实施例,下层C0,第一层C1,第二层C2,下层D0和第一层D1和第二层D2分别包括RLC层,PDCP层,NAS,RLC层,PDCP层和NAS。As an embodiment, the lower layer C0, the first layer C1, the second layer C2, the lower layer D0, and the first layer D1 and the second layer D2 respectively include an RLC layer, a PDCP layer, a NAS, an RLC layer, a PDCP layer, and a NAS.
作为上述实施例的一个子实施例,第一层C1还包括RRC(Radio Resource Control,无线资源控制)层,第一层D1还包括RRC层。As a sub-embodiment of the foregoing embodiment, the first layer C1 further includes an RRC (Radio Resource Control) layer, and the first layer D1 further includes an RRC layer.
作为上述实施例的一个子实施例,下层D0还包括MAC(Media Access Control,媒体介入控制)层和物理层,下层C0还包括MAC层和物理层。 As a sub-embodiment of the foregoing embodiment, the lower layer D0 further includes a MAC (Media Access Control) layer and a physical layer, and the lower layer C0 further includes a MAC layer and a physical layer.
作为一个实施例,所述核心网设备和所述基站之间通过S1接口连接。As an embodiment, the core network device and the base station are connected through an S1 interface.
作为一个实施例,所述第一修改的比特组和所述第二修改的比特组属于同一个PDCP PDU。As an embodiment, the first modified bit group and the second modified bit group belong to the same PDCP PDU.
实施例8Example 8
实施例8示例了下行数据的接收的流程图,如附图8所示。附图8中,第二层,第一层和下层都是由UE维护的。Embodiment 8 exemplifies a flowchart of reception of downlink data, as shown in FIG. In Figure 8, the second layer, the first layer and the lower layer are all maintained by the UE.
实施例8中,第一层接收来自下层的第一修改的比特组和第二修改的比特组;第一层对其中的第一修改的比特组执行第一操作,把其中的第二修改的比特组透明的传递给第二层;第二层对接收到的所述第二修改的比特组执行第二操作。所述第一修改的比特组和所述第二修改的比特组属于一个高层PDU。In Embodiment 8, the first layer receives the first modified bit group and the second modified bit group from the lower layer; the first layer performs a first operation on the first modified bit group therein, and the second modified The bit group is transparently passed to the second layer; the second layer performs a second operation on the received second modified bit group. The first modified bit group and the second modified bit group belong to one higher layer PDU.
作为一个实施例,所述下层是RLC层。As an embodiment, the lower layer is an RLC layer.
作为一个实施例,所述第一层和所述第二层分别是PDCP层和NAS。As an embodiment, the first layer and the second layer are a PDCP layer and a NAS, respectively.
作为一个实施例,本发明中的第二信息被用于确定:As an embodiment, the second information in the present invention is used to determine:
-.所述第一层和所述第二层分别是PDCP层和NAS;或者The first layer and the second layer are respectively a PDCP layer and a NAS; or
-.所述第一层和所述第二层都属于PDCP层;或者- the first layer and the second layer both belong to the PDCP layer; or
-.所述第一层和所述第二层都属于NAS。- The first layer and the second layer both belong to the NAS.
实施例9Example 9
实施例9示例了下行数据的发送的流程图,如附图9所示。附图9中,下层是由基站维护的。Embodiment 9 exemplifies a flow chart of transmission of downlink data, as shown in FIG. In Figure 9, the lower layer is maintained by the base station.
实施例9中,第二层对来{第一比特组,第二比特组}中的后者执行第四操作后传递(Diliver)给下层;第一层对来自第二层的{第一比特组,第二修改的比特组}中的前者进行第三操作后传递给下层;第一层将来自第二层的第二修改的比特组透明的传递给下层。所述第一修改的比特组和所述第二修改的比特组属于一个高层PDU。In Embodiment 9, the second layer performs the fourth operation on the latter of the {first bit group, the second bit group} and then passes the diliver to the lower layer; the first layer pairs the {first bit from the second layer. The former of the group, the second modified bit group} is subjected to the third operation and then passed to the lower layer; the first layer transparently passes the second modified bit group from the second layer to the lower layer. The first modified bit group and the second modified bit group belong to one higher layer PDU.
作为一个实施例,所述下层是RLC层。As an embodiment, the lower layer is an RLC layer.
作为一个实施例,所述第一层包括{PDCP层,RRC层}中的至少前者,所述第二层是NAS。所述第一层和所述第二层分别被基站和UPS维护 As an embodiment, the first layer includes at least a former one of a {PDCP layer, an RRC layer}, and the second layer is a NAS. The first layer and the second layer are respectively maintained by the base station and the UPS
作为一个实施例,本发明中的第二信息被用于确定:As an embodiment, the second information in the present invention is used to determine:
-.所述第一层和所述第二层分别是PDCP层和NAS;或者The first layer and the second layer are respectively a PDCP layer and a NAS; or
-.所述第一层和所述第二层都属于PDCP层;或者- the first layer and the second layer both belong to the PDCP layer; or
-.所述第一层和所述第二层都属于NAS。- The first layer and the second layer both belong to the NAS.
实施例10Example 10
实施例10示例了第一比特集合的示意图,如附图10所示。Embodiment 10 illustrates a schematic diagram of a first set of bits, as shown in FIG.
实施例10中,所述第一比特集合是由第三比特组,第一修改的比特组和第二修改的比特组依次级联而成。In Embodiment 10, the first set of bits is formed by a third bit group, the first modified bit group and the second modified bit group are sequentially cascaded.
作为一个实施例,所述第一比特集合是一个PDCP PDU,所述第三比特组包括PDCP报头(Header)。As an embodiment, the first set of bits is a PDCP PDU, and the third set of bits includes a PDCP header.
实施例11Example 11
实施例11示例了一个网络切片的示意图,如附图11所示。附图11中,给定RAT(Radio Access Technology,无线接入技术)包含三个所述网络切片,所示网络切片#1对应用户类型#1,所示网络切片#2对应用户类型#2,所示网络切片#3对应用户类型#3。所示网络切片#1对应业务组#1,所示网络切片#2对应业务组#2,所示网络切片#3对应业务组#3。Embodiment 11 illustrates a schematic diagram of a network slice, as shown in FIG. In Figure 11, a given RAT (Radio Access Technology) includes three of the network slices, the network slice #1 shown corresponds to user type #1, and the network slice #2 shown corresponds to user type #2, The network slice #3 shown corresponds to user type #3. The network slice #1 shown corresponds to the service group #1, the network slice #2 shown corresponds to the service group #2, and the network slice #3 shown corresponds to the service group #3.
作为一个实施例,所述用户类型#1针对移动宽带用户。As an embodiment, the user type #1 is for a mobile broadband user.
作为一个实施例,所述用户类型#2针对一般IOT(Internet of Things,物联网)用户。As an embodiment, the user type #2 is for a general IOT (Internet of Things) user.
作为一个实施例,所述用户类型#3针对特殊需求的IOT用户。As an embodiment, the user type #3 is for an IOT user with special needs.
作为一个实施例,所述特殊需求的IOT用户对应医疗类IOT用户。As an embodiment, the special demanded IOT user corresponds to a medical IOT user.
作为一个实施例,所述特殊需求的IOT用户对应车联网IOT用户。As an embodiment, the special demanded IOT user corresponds to a car network IOT user.
作为一个实施例,所述特殊需求的IOT用户对应工业机器人IOT用户。As an embodiment, the special demanded IOT user corresponds to an industrial robot IOT user.
作为一个子实施例,所述业务组#1包括{无线通信,互联网}业务中的至少之一。As a sub-embodiment, the service group #1 includes at least one of {wireless communication, Internet} services.
作为一个子实施例,所述业务组#2包括{物流,农业,气象}业务中的至少之一。As a sub-embodiment, the business group #2 includes at least one of {logistics, agriculture, weather} services.
作为一个子实施例,所述业务组#3包括{自动驾驶,工业制造}业务中 的至少之一。As a sub-embodiment, the service group #3 includes {autopilot, industrial manufacturing} business At least one of them.
作为一个子实施例,所述给定RAT是基于5G技术的RAT。As a sub-embodiment, the given RAT is a RAT based on 5G technology.
作为一个子实施例,所述给定RAT是基于NR(New Radio,新无线)技术的RAT。As a sub-embodiment, the given RAT is a RAT based on NR (New Radio) technology.
实施例12Example 12
实施例12示例了一个UE中的处理装置的结构框图,如附图12所示。附图12中,UE处理装置100主要由第一处理模块101和第二处理模块102组成。Embodiment 12 exemplifies a structural block diagram of a processing device in a UE, as shown in FIG. In FIG. 12, the UE processing apparatus 100 is mainly composed of a first processing module 101 and a second processing module 102.
第一处理模块101用于在第一层执行第一操作;第二处理模块102用于在第二层执行第二操作。The first processing module 101 is configured to perform a first operation at the first layer; the second processing module 102 is configured to perform a second operation at the second layer.
实施例12中,第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于所述第二操作的输入,第二比特组是所述第二操作的输出。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述比特组中包括正整数个比特。所述第一操作包括{完整性验证,解密,解压缩},所述第二操作包括{完整性验证,解密};或者所述第一操作包括{解密,解压缩},所述第二操作包括解密。In Embodiment 12, the first modified bit group is used for the input of the first operation, the first bit group is an output of the first operation; the second modified bit group is used for the second operation Input, the second set of bits is the output of the second operation. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The bit group includes a positive integer number of bits. The first operation includes {integrity verification, decryption, decompression}, the second operation includes {integrity verification, decryption}; or the first operation includes {decryption, decompression}, the second operation Includes decryption.
作为一个实施例,所述第一处理模块101还用于以下至少之一:As an embodiment, the first processing module 101 is further used for at least one of the following:
-.接收第一信息。- Receive the first message.
-.接收第二信息。- Receive the second message.
其中,所述第一信息被用于所述第一操作和所述第二操作。所述第二信息被用于确定所述第一操作和所述第二操作分别在所述第一层和所述第二层中被执行。所述第一层包括PDCP层,所述第二层是NAS。Wherein the first information is used for the first operation and the second operation. The second information is used to determine that the first operation and the second operation are performed in the first layer and the second layer, respectively. The first layer includes a PDCP layer and the second layer is a NAS.
作为一个实施例,所述第一处理模块101还用于从下层传递第一比特集合给所述第一层;所述第二处理模块102还用于从所述第一层传递第一比特组和所述第二修改的比特组给所述第二层。其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。As an embodiment, the first processing module 101 is further configured to: pass the first set of bits from the lower layer to the first layer; and the second processing module 102 is further configured to deliver the first bit group from the first layer. And the second modified bit group is given to the second layer. The first set of bits includes the first modified bit group and the second modified bit group.
作为一个实施例,所述第一比特块是IP报头,所述第二比特块是IP负载。 As an embodiment, the first bit block is an IP header and the second bit block is an IP payload.
实施例13Example 13
实施例13示例了一个基站中的处理装置的结构框图,如附图13所示。附图13中,基站处理装置200主要由第三处理模块201组成。Embodiment 13 exemplifies a structural block diagram of a processing device in a base station, as shown in FIG. In FIG. 13, the base station processing apparatus 200 is mainly composed of a third processing module 201.
所述第三处理模块201用于在第一层执行{第三操作,第四操作}中的所述第三操作。The third processing module 201 is configured to perform the third operation in the {third operation, the fourth operation} in the first layer.
实施例13中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。In Embodiment 13, the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second The modified bit group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
作为一个实施例,所述第三处理模块201还用于:As an embodiment, the third processing module 201 is further configured to:
-.从第二层接收所述第一比特组和所述第二修改的比特组,从所述第一层传递第一比特集合给下层。Receiving the first bit group and the second modified bit group from the second layer, and transmitting the first bit set from the first layer to the lower layer.
其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。所述第四操作是在所述第二层中被执行。The first set of bits includes the first modified bit group and the second modified bit group. The fourth operation is performed in the second layer.
作为一个实施例,所述第三处理模块201还用于以下至少之一:As an embodiment, the third processing module 201 is further used for at least one of the following:
-步骤A10.通过S1接口接收第一信息;并且通过空中接口发送第一信息。Step A10. Receive the first information over the S1 interface; and transmit the first information over the air interface.
-步骤A11.通过S1接口接收第二信息;或者通过空中接口发送第二信息。- Step A11. Receive the second information via the S1 interface; or send the second information over the air interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定所述第一层和所述第二层;或者所述第二信息被用于确定{所述第一层,所述第二层}是否相同。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine the first layer and the second layer; or the second information is used to determine whether {the first layer, the second layer} are the same.
实施例14Example 14
实施例14示例了一个核心王设备中的处理装置的结构框图,如附图14所示。附图14中,核心网设备的处理装置300主要由第四处理模块301组成。Embodiment 14 exemplifies a structural block diagram of a processing device in a core king device, as shown in FIG. In FIG. 14, the processing device 300 of the core network device is mainly composed of a fourth processing module 301.
所述第四处理模块301用于在第二层执行{第三操作,第四操作}中的所述第四操作。The fourth processing module 301 is configured to perform the fourth operation in the {third operation, fourth operation} in the second layer.
实施例14中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组 是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个PDCP PDU。In Embodiment 14, the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second Modified bit group Is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same PDCP PDU.
作为一个实施例,所述第四处理模块301还用于:As an embodiment, the fourth processing module 301 is further configured to:
-.从第二层传递所述第一比特组和所述第二修改的比特组给第一层;Passing the first bit group and the second modified bit group from the second layer to the first layer;
其中,所述第三操作是在所述第一层中被执行。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述第一层是由基站设备维护的。Wherein the third operation is performed in the first layer. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The first layer is maintained by a base station device.
作为一个实施例,所述第四处理模块301还用于以下至少之一:As an embodiment, the fourth processing module 301 is further used for at least one of the following:
-.通过S1接口发送第一信息;- Send the first information through the S1 interface;
-.通过S1接口发送第二信息。- Send the second message through the S1 interface.
其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定{所述第一层,所述第二层}是否相同。所述第二层是NAS,所述第一层是PDCP层。所述第一信息是网络切片(Slice)特定的。所述第二信息是网络切片(Slice)特定的。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine at least the latter of {the first layer, the second layer}; or the second information is used to determine {the first layer, the second layer } Is it the same? The second layer is a NAS, and the first layer is a PDCP layer. The first information is a network slice (Slice) specific. The second information is a network slice (Slice) specific.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可以通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器,硬盘或者光盘等。可选的,上述实施例的全部或部分步骤也可以使用一个或者多个集成电路来实现。相应的,上述实施例中的各模块单元,可以采用硬件形式实现,也可以由软件功能模块的形式实现,本申请不限于任何特定形式的软件和硬件的结合。本发明中的UE和终端包括但不限于RFID,物联网终端设备,MTC(Machine Type Communication,机器类型通信)终端,车载通信设备,无线传感器,上网卡,手机,平板电脑,笔记本等无线通信设备。本发明中的基站,基站设备,和网络侧设备包括但不限于宏蜂窝基站,微蜂窝基站,家庭基站,中继基站等无线通信设备。One of ordinary skill in the art can appreciate that all or part of the above steps can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium such as a read only memory, a hard disk or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module unit in the above embodiment may be implemented in hardware form or in the form of a software function module. The application is not limited to any specific combination of software and hardware. The UE and the terminal in the present invention include but are not limited to RFID, IoT terminal equipment, MTC (Machine Type Communication) terminal, vehicle communication device, wireless sensor, network card, mobile phone, tablet computer, notebook and other wireless communication devices. . The base station, the base station device, and the network side device in the present invention include, but are not limited to, a macro communication base station, a micro cell base station, a home base station, a relay base station, and the like.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所做的任何修改,等同替换, 改进等,均应包含在本发明的保护范围之内。 The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modification made, equivalent to replacement, within the spirit and principles of the present invention, Improvements and the like should be included in the scope of protection of the present invention.

Claims (19)

  1. 一种被用于无线通信的用户设备中的方法,其中,包括如下步骤:A method in a user equipment for wireless communication, comprising the steps of:
    -步骤A.在第一层执行第一操作;- Step A. Performing the first operation at the first level;
    -步骤B.在第二层执行第二操作。- Step B. Perform a second operation at the second level.
    其中,第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于所述第二操作的输入,第二比特组是所述第二操作的输出。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述比特组中包括正整数个比特。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一,所述第二操作包括{解密,完整性验证}中的至少之一。Wherein the first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The bit group includes a positive integer number of bits. The first operation includes at least one of {decompression, decryption, integrity verification}, and the second operation includes at least one of {decryption, integrity verification}.
  2. 根据权利要求1所述的方法,其特征在于,所述步骤A还包括如下步骤A1,所述步骤B还包括如下步骤B1:The method according to claim 1, wherein the step A further comprises the following step A1, the step B further comprising the following step B1:
    -步骤A1.从下层传递第一比特集合给所述第一层;Step A1. Passing a first set of bits from the lower layer to the first layer;
    -步骤B1.从所述第一层传递第一比特组和所述第二修改的比特组给所述第二层。Step B1. Passing the first bit group and the second modified bit group from the first layer to the second layer.
    其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。The first set of bits includes the first modified bit group and the second modified bit group.
  3. 根据权利要求1,2所述的方法,其特征在于,所述步骤A还包括如下步骤:The method according to claim 1, wherein the step A further comprises the following steps:
    -步骤A10.接收第一信息。- Step A10. Receive the first information.
    其中,所述第一信息被用于所述第一操作和所述第二操作。Wherein the first information is used for the first operation and the second operation.
  4. 根据权利要求1-3所述的方法,其特征在于,所述步骤A还包括如下步骤:The method according to any one of claims 1-3, wherein the step A further comprises the following steps:
    -步骤A11.接收第二信息。- Step A11. Receiving the second information.
    其中,所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the second information is used to determine at least one of {the first layer, the second layer}; or the second information is used to determine the first layer and the second Whether the layers are the same.
  5. 根据权利要求1-4所述的方法,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。The method according to any one of claims 1-4, wherein the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  6. 根据权利要求1-5所述的方法,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。The method of claims 1-5, wherein the first layer is a packet data convergence protocol layer and the second layer is a non-access layer.
  7. 一种被用于无线通信的基站设备中的方法,其中,包括如下步骤:A method in a base station device for wireless communication, comprising the steps of:
    -步骤A.在第一层执行{第三操作,第四操作}中的第三操作。- Step A. The third operation in the {third operation, fourth operation} is performed at the first layer.
    其中,第一比特组被用于所述第三操作的输入,第一修改的比特组是所述第 三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, and the first modified bit group is the first bit The output of the three operations; the second bit group is used for the input of the fourth operation, and the second modified bit group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
  8. 根据权利要求7所述的方法,其特征在于,所述步骤A还包括如下步骤:The method according to claim 7, wherein said step A further comprises the steps of:
    -步骤A1.从第二层接收所述第一比特组和所述第二修改的比特组,从所述第一层传递第一比特集合给下层。Step A1. Receiving the first bit group and the second modified bit group from the second layer, and transmitting the first bit set from the first layer to the lower layer.
    其中,所述第一比特集合包括所述第一修改的比特组和所述第二修改的比特组。所述第四操作是在所述第二层中被执行。The first set of bits includes the first modified bit group and the second modified bit group. The fourth operation is performed in the second layer.
  9. 根据权利要求7,8所述的方法,其特征在于,所述步骤A还包括如下步骤中的至少之一:The method according to claim 7, wherein said step A further comprises at least one of the following steps:
    -步骤A10.通过S1接口接收第一信息;或者通过空中接口发送第一信息。Step A10. Receive the first information via the S1 interface; or send the first information over the air interface.
    -步骤A11.通过S1接口接收第二信息;或者通过空中接口发送第二信息。- Step A11. Receive the second information via the S1 interface; or send the second information over the air interface.
    其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine at least the latter of {the first layer, the second layer}; or the second information is used to determine whether the first layer and the second layer are the same.
  10. 根据权利要求7-9所述的方法,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。The method according to any of claims 7-9, wherein the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  11. 根据权利要求7-10所述的方法,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。The method of claims 7-10, wherein the first layer is a packet data convergence protocol layer and the second layer is a non-access layer.
  12. 一种非接入网设备中的方法,其中,包括如下步骤:A method in a non-access network device, comprising the steps of:
    -步骤A.在第二层执行{第三操作,第四操作}中的第四操作。- Step A. The fourth operation in the {third operation, fourth operation} is performed at the second layer.
    其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
  13. 根据权利要求12所述的方法,其特征在于,所述步骤A还包括如下步骤:The method according to claim 12, wherein said step A further comprises the steps of:
    -步骤A1.从第二层传递所述第一比特组和所述第二修改的比特组给第一层; Step A1. Passing the first bit group and the second modified bit group from the second layer to the first layer;
    其中,所述第三操作是在所述第一层中被执行。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the third operation is performed in the first layer. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
  14. 根据权利要求12,13所述的方法,其特征在于,所述步骤A还包括如下步骤中的至少之一:The method according to claim 12, 13, wherein said step A further comprises at least one of the following steps:
    -步骤A10.通过S1接口发送第一信息;- Step A10. Sending the first information through the S1 interface;
    -步骤A11.通过S1接口发送第二信息。- Step A11. Send the second information via the S1 interface.
    其中,所述第一信息被用于所述第三操作和所述第四操作。所述第二信息被用于确定{所述第一层,所述第二层}中的至少后者;或者所述第二信息被用于确定所述第一层和所述第二层是否相同。Wherein the first information is used for the third operation and the fourth operation. The second information is used to determine at least the latter of {the first layer, the second layer}; or the second information is used to determine whether the first layer and the second layer are the same.
  15. 根据权利要求12-14所述的方法,其特征在于,所述第一比特组和所述第二比特组对应第一业务组,所述第一业务组包括一种或者多种业务。The method according to any one of claims 12-14, wherein the first bit group and the second bit group correspond to a first service group, and the first service group includes one or more services.
  16. 根据权利要求12-15所述的方法,其特征在于,所述第一层是分组数据汇聚协议层,所述第二层是非接入层。The method according to claims 12-15, wherein the first layer is a packet data convergence protocol layer and the second layer is a non-access layer.
  17. 一种被用于无线通信的用户设备,其中,包括如下模块:A user equipment used for wireless communication, comprising the following modules:
    -第一处理模块:用于在第一层执行第一操作;a first processing module: for performing a first operation at the first layer;
    -第二处理模块:用于在第二层执行第二操作。- a second processing module: for performing a second operation at the second layer.
    其中,第一修改的比特组被用于所述第一操作的输入,第一比特组是所述第一操作的输出;第二修改的比特组被用于所述第二操作的输入,第二比特组是所述第二操作的输出。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。所述比特组中包括正整数个比特。所述第一操作包括{解压缩,解密,完整性验证}中的至少之一,所述第二操作包括{解密,完整性验证}中的至少之一。Wherein the first modified bit group is used for the input of the first operation, the first bit group is the output of the first operation; the second modified bit group is used for the input of the second operation, The second bit is the output of the second operation. The first modified bit group and the second modified bit group correspond to the same protocol data unit. The bit group includes a positive integer number of bits. The first operation includes at least one of {decompression, decryption, integrity verification}, and the second operation includes at least one of {decryption, integrity verification}.
  18. 一种被用于无线通信的基站设备,其中,包括如下模块:A base station device used for wireless communication, comprising the following modules:
    -第三处理模块:用于在第一层执行{第三操作,第四操作}中的第三操作。a third processing module: for performing a third operation in the {third operation, fourth operation} at the first layer.
    其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
  19. 一种非接入网设备,其中,包括如下模块:A non-access network device, which includes the following modules:
    -第四处理模块:用于在第二层执行{第三操作,第四操作}中的第四操作。 a fourth processing module: for performing a fourth operation in the {third operation, fourth operation} at the second layer.
    其中,第一比特组被用于第三操作的输入,第一修改的比特组是所述第三操作的输出;第二比特组被用于所述第四操作的输入,第二修改的比特组是所述第四操作的输出。所述第三操作包括{压缩,加密,完整性保护}中的至少之一,所述第四操作包括{加密,完整性保护}中的至少之一。所述第一修改的比特组和所述第二修改的比特组对应同一个协议数据单元。 Wherein the first bit group is used for the input of the third operation, the first modified bit group is the output of the third operation; the second bit group is used for the input of the fourth operation, the second modified bit The group is the output of the fourth operation. The third operation includes at least one of {compression, encryption, integrity protection}, and the fourth operation includes at least one of {encryption, integrity protection}. The first modified bit group and the second modified bit group correspond to the same protocol data unit.
PCT/CN2017/077197 2017-03-19 2017-03-19 Method and device for use in downlink transmission WO2018170646A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202210729205.8A CN115119198A (en) 2017-03-19 2017-03-19 Method and device for downlink transmission
CN201780083602.XA CN110268797B (en) 2017-03-19 2017-03-19 Method and device for downlink transmission
PCT/CN2017/077197 WO2018170646A1 (en) 2017-03-19 2017-03-19 Method and device for use in downlink transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/077197 WO2018170646A1 (en) 2017-03-19 2017-03-19 Method and device for use in downlink transmission

Publications (1)

Publication Number Publication Date
WO2018170646A1 true WO2018170646A1 (en) 2018-09-27

Family

ID=63585900

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/077197 WO2018170646A1 (en) 2017-03-19 2017-03-19 Method and device for use in downlink transmission

Country Status (2)

Country Link
CN (2) CN115119198A (en)
WO (1) WO2018170646A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005015857A1 (en) * 2003-08-08 2005-02-17 Samsung Electronics Co., Ltd. Method and apparatus for configuring protocols for a multimedia broadcast/multicast service
CN101009709A (en) * 2001-03-28 2007-08-01 高通股份有限公司 Method and apparatus for transmission framing in a wireless communication system
CN102265701A (en) * 2008-12-24 2011-11-30 高通股份有限公司 Optimized header for efficient processing of data packets
CN104137554A (en) * 2012-02-24 2014-11-05 Vid拓展公司 Video coding using packet loss detection

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7739497B1 (en) * 2001-03-21 2010-06-15 Verizon Corporate Services Group Inc. Method and apparatus for anonymous IP datagram exchange using dynamic network address translation
CN101455054B (en) * 2006-03-28 2012-05-30 艾利森电话股份有限公司 A method and apparatus for handling keys used for encryption and integrity
TWM357138U (en) * 2007-09-28 2009-05-11 Interdigital Patent Holdings Wireless transmit receive unit
CN101262337B (en) * 2008-02-05 2012-06-06 中兴通讯股份有限公司 Secure function control method and system
CN101925121B (en) * 2009-06-10 2014-03-19 中兴通讯股份有限公司 Packet data convergence protocol reconstruction method and device
CN102638328B (en) * 2011-02-15 2015-10-14 电信科学技术研究院 A kind of method of transfer of data and device
CN103312441B (en) * 2012-03-15 2017-11-17 华为技术有限公司 Data pack transmission method and system, sending ending equipment and receiving device
CN106332048B (en) * 2015-06-30 2022-08-19 华为技术有限公司 Data transmission method, wireless network node and communication system
CN106375992B (en) * 2015-07-20 2019-08-06 中兴通讯股份有限公司 The method and user equipment and node of realization access layer safety

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009709A (en) * 2001-03-28 2007-08-01 高通股份有限公司 Method and apparatus for transmission framing in a wireless communication system
WO2005015857A1 (en) * 2003-08-08 2005-02-17 Samsung Electronics Co., Ltd. Method and apparatus for configuring protocols for a multimedia broadcast/multicast service
CN102265701A (en) * 2008-12-24 2011-11-30 高通股份有限公司 Optimized header for efficient processing of data packets
CN104137554A (en) * 2012-02-24 2014-11-05 Vid拓展公司 Video coding using packet loss detection

Also Published As

Publication number Publication date
CN110268797B (en) 2022-07-29
CN110268797A (en) 2019-09-20
CN115119198A (en) 2022-09-27

Similar Documents

Publication Publication Date Title
KR102263336B1 (en) Security Implementation Methods, Devices and Systems
KR101831448B1 (en) Method of selectively applying a pdcp function in wireless communication system
CN109362108B (en) A kind of methods, devices and systems of safeguard protection
KR101583231B1 (en) Methods and apparatuses for enabling non-access stratum(nas) security in lte mobile units
CN101616411B (en) Evolved universal terrestrial radio access network and the means of communication thereof and subscriber equipment
TWI616083B (en) Method and device for data transmission
WO2019096075A1 (en) Method and apparatus for message protection
WO2017020241A1 (en) Communication method, network side device, and user equipment
US20220232431A1 (en) Sequence number transfer for radio bearers
CN110731091A (en) Radio link recovery for user equipment
KR20200076568A (en) Method and apparatus for identfying security key based on pdcp layer device in next generation mobile communication system
KR20160044853A (en) A method and apparatus for data transmission and reception of Machine Type Communication devices in mobile communication
US20180213451A1 (en) Base station and communication device can handover between two base stations
KR20200049444A (en) Method and apparatus for reducing overhead of ethernet frame in next generation mobile communication system
WO2018170646A1 (en) Method and device for use in downlink transmission
CN112425193A (en) Wireless communication method, communication device, chip and communication system
WO2018170645A1 (en) Method and device used for uplink transmission
KR20200084002A (en) Information transmission method, network device and terminal device
WO2021192059A1 (en) Terminal and communication method
CN115699986A (en) Data communication in inactive state
WO2021030708A1 (en) Managing security keys in a communication system
US20230107731A1 (en) Method, apparatus, and system for user plane security in communicaiton system
WO2023051409A1 (en) Communication method and apparatus
KR20200076574A (en) Method and apparatus for identfying security key based on pdcp layer device in next generation mobile communication system
KR20200076573A (en) Method and apparatus for identfying security key based on pdcp layer device in next generation mobile communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17901453

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17901453

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20.03.2020)