WO2024037210A1

WO2024037210A1 - Method and apparatus for broadcast security communication

Info

Publication number: WO2024037210A1
Application number: PCT/CN2023/103731
Authority: WO
Inventors: 郭龙华; 吴�荣
Original assignee: 华为技术有限公司
Priority date: 2022-08-14
Filing date: 2023-06-29
Publication date: 2024-02-22
Also published as: CN117641255A

Abstract

Provided in the present application are a method and apparatus for broadcast security communication. The method comprises: a first network element in a first network sending to an access network element a first session establishment request for a first broadcast service, wherein the first session establishment request comprises first indication information, which is used for indicating whether to enable security protection for first data of the first broadcast service; the access network element allocating a first air interface resource to the first broadcast service according to the first session establishment request; a second network element in a second network sending to the access network element a second session establishment request for the first broadcast service, wherein the second session establishment request comprises second indication information, which is used for indicating whether to enable security protection for second data of the first broadcast service; and according to the first indication information and/or the second indication information, the access network element determining whether to reuse the first air interface resource. The method and apparatus for broadcast security communication provided in the present application can improve the user experience.

Description

Method and device for broadcasting secure communications

This application claims priority to the Chinese patent application filed with the China Patent Office on August 14, 2022, with application number 202210970901.8 and the application title "Method and Device for Broadcasting Secure Communication", the entire content of which is incorporated into this application by reference. .

Technical field

The present application relates to the field of communications, and, more specifically, to a method and apparatus for broadcasting secure communications.

Background technique

In multicast/broadcast service data transmission, for the same broadcast service, public land mobile communication network (public land mobile network, PLMN) #a and PLMN #b can share a base station. Specifically, the application function (AF) transmits data to the base station through PLMN#a and PLMN#b, and the base station broadcasts a copy of the data to the user equipment (UE) of PLMN#a and PLMN#b. UE. Moreover, the data can be securely protected by the multicast/broadcast service transport function (MBSTF) in PLMN#a or PLMN#b. However, during this process, there may be situations where the UE cannot decrypt and/or integrity check the received broadcast service data, causing communication to be affected and user experience to be poor.

Contents of the invention

This application provides a method and device for broadcasting secure communications, which can improve user experience.

In the first aspect, a method for broadcasting secure communication is provided. The method can be executed by an access network element, or can also be executed by a component (such as a chip or circuit) of an access network element. This application focuses on Not limited. For the convenience of description, the following description takes the execution by the access network element as an example.

The method may include: the access network element receives a first session establishment request for the first broadcast service from the first network element in the first network, the first session establishment request includes first indication information, the first The indication information is used to indicate whether security protection is enabled for the first data of the first broadcast service; in response to the first session establishment request, the access network element allocates first air interface resources to the first broadcast service; the access network element The network element receives a second session establishment request for the first broadcast service from the second network element in the second network. The second session establishment request includes second indication information, and the second indication information is used to indicate that the second session establishment request is for the first broadcast service. Whether security protection is enabled for the second data of the first broadcast service; in response to the second session establishment request, the access network element determines whether to reuse the first indication information according to the first indication information and/or the second indication information. Air interface resources.

In the above solution, when two networks share access network elements, the access network elements can determine whether to reuse the first air interface based on whether one or both networks enable security protection for the data of the first broadcast service. resource. This reduces the situation where the terminal device is unable to decrypt and/or integrity check the received broadcast service data because the MBSTFs in the two networks respectively first provide security protection for the broadcast service data, thereby improving user experience.

In conjunction with the first aspect, in some implementations of the first aspect, when the first indication information indicates that security protection is not enabled for the first data and the second indication information indicates that security protection is not enabled for the second data In this case, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information, including: the access network element determines whether to reuse the first air interface resource according to the first indication information and the second indication information. The indication information determines to reuse the first air interface resource.

The above solution can save air interface resources.

With reference to the first aspect, in some implementations of the first aspect, the method further includes: the access network element sending a message to a terminal device of the first network and a terminal device of the second network based on the first air interface resource. the first data; or, the access network element sends the second data to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource.

In conjunction with the first aspect, in some implementations of the first aspect, the first indication information indicates that security protection has been enabled for the first data, and/or the second indication information indicates that security has been enabled for the second data. In the case of protection, the access network element shall An indication information and/or the second indication information determines whether to reuse the first air interface resource, including: the access network element determines not to reuse the first air interface resource according to the first indication information and/or the second indication information. Air interface resources.

With reference to the first aspect, in some implementations of the first aspect, the access network element determines not to reuse the first air interface resource according to the first indication information and/or the second indication information, including: the The access network element allocates a second air interface resource to the second data according to the first indication information and/or the second indication information, and the first air interface resource is different from the second air interface resource; the access network element allocates a second air interface resource based on the first indication information and/or the second indication information. The first air interface resource sends the first data to the terminal device of the first network; the access network element sends the second data to the terminal device of the second network based on the second air interface resource.

With reference to the first aspect, in some implementations of the first aspect, the method further includes: the access network element sending the first data to the terminal device of the first network based on the first air interface resource; the access network element The network element allocates a second air interface resource to the second data, and the first air interface resource is different from the second air interface resource; the access network element sends the third air interface resource to the terminal device of the second network based on the second air interface resource. 2 data.

The above solution not only enables the first network and the second network to securely protect the data of the first broadcast service, but also enables the terminal devices of the first network and the second network to separately protect the received data of the first broadcast service. Perform decryption and/or integrity verification to improve communication security and user experience.

With reference to the first aspect, in some implementations of the first aspect, the first data is securely protected by the first network; and the second data is securely protected by the second network.

With reference to the first aspect, in some implementations of the first aspect, the method further includes: the access network element storing the first indication information.

With reference to the first aspect, in some implementations of the first aspect, the first session establishment request further includes a service identifier corresponding to the first broadcast service, and the second session establishment request further includes a service corresponding to the first broadcast service. Identification, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information, including: the access network element determines whether to reuse the first air interface resource according to the service identification corresponding to the first broadcast service , and the first indication information and/or the second indication information determine whether to multiplex the first air interface resource.

The second aspect provides a method for broadcasting secure communication. The method is a method executed by the second network element corresponding to the method of the first aspect. Therefore, the beneficial effects achieved by the method of the first aspect can also be achieved. The method may be executed by the second network element, or may be executed by a component (such as a chip or circuit) of the second network element, which is not limited in this application. For convenience of description, the following description takes execution by the second network element as an example.

The method may include: a second network element of the second network obtaining second indication information, the second indication information being used to indicate whether security protection is enabled for the second data of the first broadcast service; The network element sends a second session establishment request for the first broadcast service, where the second session establishment request includes the second indication information.

With reference to the second aspect, in some implementations of the second aspect, the second network element of the second network obtains the second indication information, including: the second network element determines the second indication information.

In a possible implementation manner, the second network element determines the second indication information based on preconfiguration information. Alternatively, the second network element accepts security configuration information from the service provider or application function, and determines the second indication information based on the security configuration information. The security configuration information is used to indicate whether to perform security protection between the user plane network element of the second network and the terminal device of the second network.

Combined with the second aspect, in some implementations of the second aspect, the second network element is a multicast/broadcast service function (MBSF) or a network exposure function (NEF).

Combined with the second aspect, in some implementations of the second aspect, the second network element of the second network obtains the second indication information, including: the second network element receives the second indication information from the third network element of the second network. the second instruction information.

With reference to the second aspect, in some implementations of the second aspect, the method further includes: the second network element sending a request message to the third network element, the request message being used to request the second indication information.

Combined with the second aspect, in some implementations of the second aspect, the second network element is a multicast/broadcast service transport function (MBSTF).

The third aspect provides a method for broadcasting secure communication. This method is a method executed by the second network element corresponding to the method of the first aspect. Therefore, the beneficial effects achieved by the method of the first aspect can also be achieved. The method may be executed by the second network element, or may be executed by a component (such as a chip or circuit) of the second network element, which is not limited in this application. For convenience of description, the following description takes execution by the second network element as an example.

The method may include: a second network element of the second network receiving second indication information, the second indication information being used to indicate that the first Whether security protection is enabled for the second data of the broadcast service;

The second network element sends a second session establishment request for the first broadcast service to the access network element, and the second session establishment request includes the second indication information.

Combined with the third aspect, in some implementations of the third aspect, the second network element is a multicast/broadcast-session management function (MB-SMF).

In the fourth aspect, a method for broadcasting secure communication is provided. The method can be executed by an access network element, or can also be executed by a component (such as a chip or circuit) of an access network element. This application discusses Not limited. For the convenience of description, the following description takes the execution by the access network element as an example.

The method may include: the access network element receiving a first session establishment request for the first broadcast service from the first network element in the first network; in response to the first session establishment request, the access network element is The first broadcast service allocates first air interface resources; the access network element receives a second session establishment request for the first broadcast service from the second network element in the second network, the second session establishment request includes Third indication information, the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service; in response to the second session establishment request, the access network element determines according to the third indication information Whether to reuse the first air interface resource.

In the above solution, when two networks share access network elements, the access network elements can determine whether to reuse the first air interface resource according to instructions from the networks. This reduces the situation where the terminal device is unable to decrypt and/or integrity check the received broadcast service data because the MBSTFs in the two networks respectively first provide security protection for the broadcast service data, thereby improving user experience.

In conjunction with the fourth aspect, in some implementations of the fourth aspect, the third indication information is used to indicate that the access network element is to reuse existing air interface resources for the first broadcast service according to the third The indication information determines whether to reuse the first air interface resource, including: the access network element determines to multiplex the first air interface resource according to the third indication information.

With reference to the fourth aspect, in some implementations of the fourth aspect, the access network element discards the data of the first broadcast service received from the second network.

With reference to the fourth aspect, in some implementations of the fourth aspect, the access network element sends the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource. The first data of the first broadcast service; or, the access network element sends the second data of the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource, wherein, the third One data comes from the first network, and the second data comes from the second network.

With reference to the fourth aspect, in some implementations of the fourth aspect, the third indication information indicates that air interface resources are allocated to the first broadcast service according to the service identifier corresponding to the first broadcast service.

With reference to the fourth aspect, in some implementations of the fourth aspect, the access network element determines to multiplex the first air interface resource according to the third indication information, including: the access network element determines to multiplex the first air interface resource according to the existing existence of the third air interface resource. The first air interface resource corresponding to a broadcast service is determined to be multiplexed for the first broadcast service.

With reference to the fourth aspect, in some implementations of the fourth aspect, the second session creation request does not carry the service identifier corresponding to the first broadcast service.

With reference to the fourth aspect, in some implementations of the fourth aspect, the third indication information is used to indicate that the access network element does not reuse existing air interface resources for the first broadcast service according to the third aspect. The third indication information determines whether to reuse the first air interface resource, including: the access network element determines not to reuse the first air interface resource according to the third indication information.

With reference to the fourth aspect, in some implementations of the fourth aspect, the access network element determines not to reuse the first air interface resource according to the third indication information, including: the access network element determines not to reuse the first air interface resource according to the third indication information. The instruction information allocates a second air interface resource to the second data of the first broadcast service, and the first air interface resource is different from the second air interface resource; the access network element provides the terminal of the first network with the first air interface resource based on the first air interface resource. The device sends the first data of the first broadcast service; the access network element sends the second data to the terminal device of the second network based on the second air interface resource, wherein the first data comes from the first network, The second data comes from the second network.

With reference to the fourth aspect, in some implementations of the fourth aspect, the method further includes: the access network element sending a first portion of the first broadcast service to a terminal device of the first network based on the first air interface resource. data; the access network element allocates a second air interface resource for the second data of the first broadcast service, and the first air interface resource is different from the second air interface resource; the access network element allocates a second air interface resource to the second data based on the second air interface resource. The terminal device of the second network sends the second data, wherein the first data comes from the first network and the second data comes from the second network.

Combined with the fourth aspect, in some implementations of the fourth aspect, the first data of the first broadcast service is securely protected by the first network; the second data of the first broadcast service is securely protected by the second network Protect.

Combined with the fourth aspect, in some implementations of the fourth aspect, the third indication information is used to indicate that the existing air interface resources are not reused for the first broadcast service. The session identifier corresponding to the second session establishment request allocates air interface resources for the first broadcast service.

With reference to the fourth aspect, in some implementations of the fourth aspect, the access network element determines not to reuse the first air interface resource according to the third indication information, including: the access network element determines not to reuse the first air interface resource according to the third indication information. The instruction information checks whether there is an air interface resource corresponding to the session identifier; if there is no air interface resource corresponding to the session identifier, the access network element determines not to reuse the first air interface resource for the first broadcast service.

A fifth aspect provides a method for broadcasting secure communications. The method is a method executed by a second network element corresponding to the method of the first aspect. Therefore, the beneficial effects achieved by the method of the first aspect can also be achieved. The method may be executed by the second network element, or may be executed by a component (such as a chip or circuit) of the second network element, which is not limited in this application. For convenience of description, the following description takes execution by the second network element as an example.

The method may include: a second network element of the second network obtaining third indication information, the third indication information being used to indicate whether to reuse existing air interface resources for the first broadcast service; The network element sends a second session establishment request for the first broadcast service, where the second session establishment request includes the third indication information.

Combined with the fifth aspect, in some implementations of the fifth aspect, the second network element of the second network obtains the third indication information, including: the second network element determines the third indication information.

With reference to the fifth aspect, in some implementations of the fifth aspect, the second network element determines the third indication information, including: the second network element determines the third indication information according to the second indication information, and the second network element determines the third indication information according to the second indication information. The indication information is used to indicate whether security protection is enabled for the data of the first broadcast service.

In conjunction with the fifth aspect, in some implementations of the fifth aspect, when the second indication information is used to indicate that security protection is enabled for the data of the first broadcast service, the third indication information is used to indicate that the security protection is enabled for the data of the first broadcast service. The first broadcast service does not reuse existing air interface resources; or, when the second indication information is used to indicate that security protection is not enabled for the data of the first broadcast service, the third indication information is used to indicate that the security protection for the data of the first broadcast service is not enabled. The first broadcast service reuses existing air interface resources.

With reference to the fifth aspect, in some implementations of the fifth aspect, the second network element of the second network obtains the third indication information, including: the second network element receives the third indication information from the fourth network element of the second network. the third instruction information.

In a sixth aspect, a method for broadcast secure communication is provided, including: a first network element in a first network sending a first session establishment request for a first broadcast service to an access network element, the first session establishment request being includes first indication information, the first indication information is used to indicate whether security protection is enabled for the first data of the first broadcast service; the access network element receives from the first network element in the first network for the first A first session establishment request for the broadcast service; in response to the first session establishment request, the access network element allocates a first air interface resource to the first broadcast service; the second network element sends a request for the first session establishment request to the access network element. A second session establishment request for a broadcast service; the access network element receives a second session establishment request for the first broadcast service from a second network element in the second network, and the second session establishment request includes the second session establishment request. Two indication information, the second indication information is used to indicate whether security protection is enabled for the second data of the first broadcast service; in response to the second session establishment request, the access network element according to the first indication information and/ Or the second indication information determines whether to reuse the first air interface resource.

In conjunction with the sixth aspect, in some implementations of the sixth aspect, when the first indication information indicates that security protection is not enabled for the first data and the second indication information indicates that security protection is not enabled for the second data In this case, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information, including: the access network element determines whether to reuse the first air interface resource according to the first indication information and the second indication information. The indication information determines to reuse the first air interface resource.

With reference to the sixth aspect, in some implementations of the sixth aspect, the method further includes: the user plane network element of the first network sending the first data of the first broadcast service to the access network element; The network element entering the network sends the data of the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource; the terminal equipment of the first network receives the data based on the first air interface resource. The first data is received by the terminal device of the second network based on the first air interface resource; or the user plane network element of the second network sends the third broadcast service of the first broadcast service to the access network element. Two data; the access network element sends the data of the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource; the terminal equipment of the first network based on the The first air interface resource receives the second data, and the terminal device of the second network receives the second data based on the first air interface resource.

In conjunction with the sixth aspect, in some implementations of the sixth aspect, the first indication information indicates that security protection has been enabled for the first data, and/or the second indication information indicates that security has been enabled for the second data. In the case of protection, the access network element shall An indication information and/or the second indication information determines whether to reuse the first air interface resource, including: the access network element determines not to reuse the first air interface resource according to the first indication information and/or the second indication information. Air interface resources.

With reference to the sixth aspect, in some implementations of the sixth aspect, the method further includes: the access network element sending the first data to the terminal device of the first network based on the first air interface resource; the first The terminal equipment of the network receives the first data based on the first air interface resource; the access network element allocates a second air interface resource to the data of the first broadcast service, and the first air interface resource is different from the second air interface resource; The access network element sends the second data to the terminal device of the second network based on the second air interface resource; the terminal device of the second network receives the second data based on the second air interface resource.

In conjunction with the sixth aspect, in some implementations of the sixth aspect, the first data is securely protected by the first network; and the second data is securely protected by the second network.

With reference to the sixth aspect, in some implementations of the sixth aspect, the access network element stores the first indication information.

A seventh aspect provides a method for broadcasting secure communications, which is characterized by including:

The first network element in the first network sends a first session establishment request for the first broadcast service to the access network element; the access network element receives a first session establishment request for the first broadcast service from the first network element in the first network the first session establishment request; in response to the first session establishment request, the access network element allocates the first air interface resource to the first broadcast service; the second network element of the second network obtains the second indication information, and the The second indication information is used to indicate whether security protection is enabled for the data of the first broadcast service. The second network element sends a second session establishment request for the first broadcast service to the access network element. The second session establishment request includes the second indication information; the access network element receives a second session establishment request for the first broadcast service from the second network element in the second network, the second session establishment request includes third indication information, The third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service; in response to the second session establishment request, the access network element determines whether to reuse the third indication information according to the third indication information. An empty resource.

In conjunction with the seventh aspect, in some implementations of the seventh aspect, the third indication information is used to indicate that the access network element is to reuse existing air interface resources for the first broadcast service according to the third The indication information determines whether to reuse the first air interface resource, including: the access network element determines to multiplex the first air interface resource according to the third indication information.

With reference to the seventh aspect, in some implementations of the seventh aspect, the access network element discards the data of the first broadcast service received from the second network.

Combined with the seventh aspect, in some implementations of the seventh aspect, the user plane network element of the first network sends the first data of the first broadcast service to the access network element; the access network element is based on The first air interface resource sends the first data to the terminal equipment of the first network and the terminal equipment of the second network; the terminal equipment of the first network receives the first data based on the first air interface resource, and the second network The terminal equipment receives the first data based on the first air interface resource; or the user plane network element of the second network sends the second data of the first broadcast service to the access network network element; the access network network element The second data of the first broadcast service is sent to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource, and the terminal equipment of the first network receives the second data based on the first air interface resource. Data, the terminal device of the second network receives the second data based on the first air interface resource; wherein the first data comes from the first network, and the second data comes from the second network.

With reference to the seventh aspect, in some implementations of the seventh aspect, the third indication information indicates that air interface resources are allocated to the first broadcast service according to the service identifier corresponding to the first broadcast service.

In connection with the seventh aspect, in some implementations of the seventh aspect, the access network element determines to multiplex the first air interface resource according to the third indication information, including: the access network element determines to multiplex the first air interface resource according to the existing The first air interface resource corresponding to a broadcast service is determined to be multiplexed for the first broadcast service.

In conjunction with the seventh aspect, in some implementations of the seventh aspect, the third indication information is used to indicate that the access network element does not reuse existing air interface resources for the first broadcast service according to the third The third indication information determines whether to reuse the first air interface resource, including: the access network element determines not to reuse the first air interface resource according to the third indication information.

With reference to the seventh aspect, in some implementations of the seventh aspect, the method further includes: the access network element sending a first portion of the first broadcast service to a terminal device of the first network based on the first air interface resource. data; the terminal equipment of the first network receives the first data based on the first air interface resource; the access network element allocates a second air interface resource for the second data of the first broadcast service, and the first air interface resource is related to the first air interface resource. The second air interface resources are different; the access network element sends the second data to the terminal device of the second network based on the second air interface resource; the terminal device of the second network receives the second data based on the second air interface resource , wherein the first data comes from the first network, and the second data comes from the second network.

In conjunction with the seventh aspect, in some implementations of the seventh aspect, the first data of the first broadcast service is installed by the first network. Full protection; the second data of the first broadcast service is securely protected by the second network.

In conjunction with the seventh aspect, in some implementations of the seventh aspect, the third indication information is used to indicate that the existing air interface resources are not reused for the first broadcast service. The session identifier corresponding to the second session establishment request allocates air interface resources for the first broadcast service.

Combined with the seventh aspect, in some implementations of the seventh aspect, the access network element determines not to reuse the first air interface resource according to the third indication information, including: the access network element determines not to reuse the first air interface resource according to the third indication information. The instruction information checks whether there is an air interface resource corresponding to the session identifier; if there is no air interface resource corresponding to the session identifier, the access network element determines not to reuse the first air interface resource for the first broadcast service.

An eighth aspect provides a communication device, which includes: at least one processor for executing computer programs or instructions stored in a memory to execute any of the possible implementations of the first to third aspects. method. Optionally, the device further includes a memory for storing computer programs or instructions. Optionally, the device further includes a communication interface, through which the processor reads the computer program or instructions stored in the memory.

In an implementation manner, the device is a communication device (such as an access network element, a first network element, or a second network element).

In another implementation manner, the device is a chip, chip system or circuit used in communication equipment (such as an access network element, such as a first network element, and a second network element).

In a ninth aspect, the present application provides a processor for executing the methods provided in the above first to fifth aspects.

For operations such as sending and getting/receiving involved in the processor, if there is no special explanation, or if it does not conflict with its actual role or internal logic in the relevant description, it can be understood as processor output, reception, input and other operations. , can also be understood as the transmitting and receiving operations performed by the radio frequency circuit and the antenna, which is not limited in this application.

In a tenth aspect, a delay control system is provided, including an access network element, a first network element and a second network element. The access network element is used in any of the possible implementation methods of the first aspect. The method, the second network element is used to perform the method in any possible implementation manner of the above second aspect or the third aspect; or, the access network element is used in any possible implementation manner of the above fourth aspect The second network element is configured to perform the method in any possible implementation manner of the fifth aspect.

In an eleventh aspect, a computer-readable storage medium is provided. The computer-readable medium stores a program code for device execution. The program code includes a program code for executing any of the possible implementations of the above-mentioned first to fifth aspects. Methods.

In a twelfth aspect, a computer program product containing instructions is provided. When the computer program product is run on a computer, it causes the computer to execute the method in any of the possible implementation modes of the first to fifth aspects.

Description of drawings

Figure 1 is a 5G system applicable to the embodiment of this application.

Figure 2 is a schematic diagram of a multicast broadcast service architecture suitable for the method provided by the embodiment of the present application.

Figure 3 shows a schematic diagram of a scenario applicable to this application.

Figure 4 shows a schematic diagram of another scenario applicable to this application.

Figure 5 shows a schematic diagram of a method 100 for broadcasting secure communications provided by this application.

Figure 6 shows a schematic diagram of a method 200 for broadcasting secure communications provided by this application.

Figure 7 shows a schematic diagram of a method 300 for broadcasting secure communications provided by this application.

Figure 8 shows a schematic diagram of a method 400 for broadcasting secure communications provided by this application.

Figure 9 shows a schematic diagram of a method 500 for broadcasting secure communications provided by this application.

Figure 10 shows a schematic diagram of a method 600 for broadcasting secure communications provided by this application.

Figure 11 shows a schematic diagram of a method 700 for broadcasting secure communications provided by this application.

Figure 12 shows a schematic diagram of a method 800 for broadcasting secure communications provided by this application.

Figure 13 shows a schematic diagram of a method 900 for broadcasting secure communications provided by this application.

Figure 14 shows a schematic diagram of a method 1000 for broadcasting secure communications provided by this application.

Figure 15 shows a schematic diagram of a method 1100 for broadcasting secure communications provided by this application.

Figure 16 is a schematic block diagram of the communication device provided by this application.

Figure 17 is another schematic block diagram of the communication device provided by this application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application clearer, the present application will be described in further detail below in conjunction with the accompanying drawings. The specific operation methods in the method embodiments can also be applied to the device embodiments or system embodiments. Among them, in the description of this application, unless otherwise stated, the meaning of "plurality" is two or more.

In the various embodiments of this application, if there is no special explanation or logical conflict, the terms and/or descriptions between different embodiments are consistent and can be referenced to each other. The technical features in different embodiments are based on their inherent Logical relationships can be combined to form new embodiments.

It can be understood that the various numerical numbers involved in this application are only for convenience of description and are not used to limit the scope of this application. The size of the serial numbers of the above processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic.

The terms "first", "second", "third", "fourth" and other various terminology labels (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "include" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.

The technical solution provided by this application can be applied to various communication systems, such as: fifth generation (5th generation, 5G) or new radio (new radio, NR) system, long term evolution (long term evolution, LTE) system, LTE frequency division Duplex (frequency division duplex, FDD) system, LTE time division duplex (TDD) system, etc. The technical solution provided by this application can also be applied to future communication systems, such as the sixth generation mobile communication system. The technical solution provided by this application can also be applied to device-to-device (D2D) communication, vehicle-to-everything (V2X) communication, machine-to-machine (M2M) communication, machine type Communication (machine type communication, MTC), and Internet of Things (Internet of things, IoT) communication systems or other communication systems.

The following will illustrate the 5G system applicable to the embodiment of the present application with reference to Figure 1. It should be understood that the 5G system described in this article is only an example and should not constitute any limitation on this application.

As shown in Figure 1, the network architecture is, for example, the 5G system (the 5th generation system, 5GS) defined in the 3rd Generation Partnership Project (3GPP) protocol TS23.501. The network architecture can be divided into two parts: access network (AN) and core network (CN). Among them, the access network can be used to implement wireless access-related functions. The core network mainly includes the following key logical network elements: access and mobility management function (AMF), session management function (session management function (SMF), user plane function (UPF), policy control function (PCF) and unified data management (UDM), etc.

The following is a brief introduction to each network element shown in Figure 1:

1. User equipment (UE): can be called terminal equipment, terminal device, access terminal, user unit, user station, mobile station, mobile station (MS), mobile terminal , MT), remote station, remote terminal, mobile device, user terminal, terminal, wireless communications equipment, user agent or user device. The terminal device may be a device that provides voice/data connectivity to the user, such as a handheld device, a vehicle-mounted device, etc. with wireless connectivity capabilities. Currently, some examples of terminals include: mobile phones, tablets, computers with wireless transceiver functions (such as laptops, handheld computers, etc.), mobile internet devices (MID), virtual reality (virtual reality, VR) equipment, augmented reality (AR) equipment, wireless terminals in industrial control, wireless terminals in self-driving, wireless terminals in remote medical Terminals, wireless terminals in smart grids, wireless terminals in transportation safety, wireless terminals in smart cities, wireless terminals in smart homes, cellular phones, cordless Telephone, session initiation protocol (SIP) telephone, wireless local loop (WLL) station, personal digital assistant (PDA), handheld device with wireless communication capabilities, computing device or connection to other processing equipment such as wireless modems, vehicle-mounted equipment, wearable devices, terminal equipment in 5G networks or future evolved public land mobile communication networks (public land mobile network, terminal equipment in PLMN), etc.

In addition, the terminal device can also be a terminal device in an Internet of things (IoT) system. IoT is an important part of the future development of information technology. Its main technical feature is to connect objects to the network through communication technology, thereby realizing an intelligent network of human-computer interconnection and object-object interconnection. IoT technology can achieve massive connections, deep coverage, and terminal power saving through narrowband (NB) technology, for example.

In addition, terminal equipment can also include smart printers, train detectors, etc. Its main functions include collecting data (some terminal equipment), receiving control information and downlink data from network equipment, and sending electromagnetic waves to transmit uplink data to network equipment.

It should be understood that the user equipment can be any device that can access the network. Terminal equipment and access network equipment can communicate with each other using some air interface technology.

Optionally, the user equipment can be used to act as a base station. For example, user equipment may act as a scheduling entity that provides sidelink signals between user equipments in V2X or D2D, etc. For example, cell phones and cars use sidelink signals to communicate with each other. Cell phones and smart home devices communicate between each other without having to relay communication signals through base stations.

2. (Radio) access network (R)AN) equipment: used to provide network access functions for authorized user equipment in a specific area, and can use different services according to the level of user equipment, business needs, etc. Quality transmission tunnel.

(R)AN can manage wireless resources, provide access services to user equipment, and then complete the forwarding of control signals and user equipment data between user equipment and the core network. (R)AN can also be understood as a base station in a traditional network.

Illustratively, the access network device in the embodiment of the present application may be any communication device with wireless transceiver functions used to communicate with user equipment. The access network equipment includes but is not limited to evolved Node B (eNB) or 5G, such as NR, gNB in the system, or transmission point (TRP or TP), one of the base stations in the 5G system Or a group (including multiple antenna panels) of antenna panels, or it can also be a network node that constitutes a gNB or transmission point, such as a baseband unit (BBU), or a distributed unit (DU), etc.

In some deployments, gNB may include centralized units (CUs) and DUs. The gNB may also include an active antenna unit (AAU). CU implements some functions of gNB, and DU implements some functions of gNB. For example, CU is responsible for processing non-real-time protocols and services, implementing radio resource control (RRC), and packet data convergence protocol (PDCP) layer functions. DU is responsible for processing physical layer protocols and real-time services, and implementing the functions of the radio link control (RLC) layer, media access control (MAC) layer and physical (physical, PHY) layer. AAU implements some physical layer processing functions, radio frequency processing and active antenna related functions. Since RRC layer information will eventually become PHY layer information, or transformed from PHY layer information, in this architecture, high-level signaling, such as RRC layer signaling, can also be considered to be sent by DU , or sent by DU+AAU. It can be understood that the access network device may be a device including one or more of a CU node, a DU node, and an AAU node. In addition, the CU can be divided into access network equipment in the access network (radio access network, RAN), or the CU can be divided into access network equipment in the core network (core network, CN). This application does not Make limitations.

3. User plane function (UPF) network element: used for packet routing and forwarding and quality of service (QoS) processing of user plane data. For convenience of description, in the embodiment of this application, the user plane functional network element is referred to as "UPF" for short.

In future communication systems, user plane network elements can still be UPF network elements, or they can have other names, which are not limited in this application.

4. Access and mobility management function (AMF) network element: The access and mobility management function network element is mainly used for mobility management and access management, etc., and can be used to implement MME functions in addition to session management. Other functions, such as access authorization/authentication and other functions. For convenience of description, in the embodiment of this application, the access and mobility management function network element is referred to as "AMF" for short.

In future communication systems, the access and mobility management equipment may still be an AMF, or may have other names, which are not limited in this application.

5. Session management function (SMF) network element: mainly used for session management, Internet protocol (IP) address allocation and management of user equipment, selection of manageable user plane functions, policy control and charging The endpoint of the functional interface and downstream data notification, etc. For convenience of description, in the embodiment of this application, the session management function network element is referred to as "SMF" for short.

SMF is a type of session management network element. In future communication systems, the session management network element may still be SMF, or may have other names, which are not limited in this application.

6. Policy control function (PCF) network element: a unified policy framework used to guide network behavior. Noodle making function network elements (such as AMF, SMF, etc.) provide policy rule information, etc.

In future communication systems, the policy control network element can still be a PCF network element, or it can also have other names, which is not limited in this application.

7. Application function (AF) network element: used for data routing affected by applications, wireless access network open function network element, interacting with the policy framework for policy control, etc. For convenience of description, in the embodiment of this application, the application function network element is referred to as "AF" for short.

In the future communication system, the application function network element can still be an AF network element, or it can also have other names, which is not limited in this application.

8. Unified data management (UDM) network element: used to process UE identification, access authentication, registration and mobility management, etc.

In future communication systems, unified data management can still be a UDM network element, or it can also have other names, which is not limited in this application.

9. Authentication server function (AUSF) network element: used for authentication services, generating keys to implement two-way authentication of user equipment, and supporting a unified authentication framework.

In future communication systems, the authentication server functional network element can still be an AUSF network element, or it can also have other names, which is not limited in this application.

10. Network data analytics function (NWDAF) network element: used to identify network slicing instances and load load level information of network slicing instances. The network data analysis function enables NF consumers to subscribe or unsubscribe to periodic notifications and notify consumers when thresholds are exceeded.

In future communication systems, network data analysis function network elements can still be NWDAF network elements, or they can have other names, which are not limited in this application.

11. Data network (DN): DN is a network located outside the operator's network. The operator's network can access multiple DNs. A variety of services can be deployed on the DN, which can provide data and/or voice for terminal devices. Waiting for service. For example, DN is a private network of a smart factory. The sensors installed in the workshop of the smart factory can be terminal devices. The control server of the sensor is deployed in the DN, and the control server can provide services for the sensor. The sensor can communicate with the control server, obtain instructions from the control server, and transmit the collected sensor data to the control server according to the instructions. For another example, DN is the internal office network of a company. The mobile phones or computers of employees of the company can be used as terminal devices. The employees' mobile phones or computers can access information and data resources on the company's internal office network.

In the network architecture shown in Figure 1, network elements can communicate with each other through the interfaces shown in the figure. As shown in the figure, the UE and the AMF can interact through the N1 interface, and the interaction message can be called an N1 message (N1Message), for example. RAN and AMF can interact through the N2 interface, which can be used for sending non-access stratum (NAS) messages. RAN and UPF can interact through the N3 interface, which can be used to transmit user plane data, etc. SMF and UPF can interact through the N4 interface. The N4 interface can be used to transmit information such as tunnel identification information of the N3 connection, data cache indication information, and downlink data notification messages. UPF and DN can interact through the N6 interface, which can transmit user plane data, etc. The relationship between other interfaces and each network element is shown in Figure 1. For the sake of simplicity, they will not be described in detail here. The following is a brief introduction to the interface names and functions between each network element as follows:

1) N7: The interface between PCF and SMF, used to deliver control policies corresponding to protocol data unit (PDU) sessions or corresponding business data flows.

2) N15: The interface between PCF and AMF, used to deliver UE policies and access control related policies.

3) N5: The interface between AF and PCF, used for issuing application service requests and reporting network events.

4) N4: The interface between SMF and UPF, used to transfer information between the control plane and the user plane, including controlling the delivery of forwarding rules for the user plane, QoS control rules, traffic statistics rules, etc., and reporting of user plane information. .

5) N11: The interface between SMF and AMF, used to transfer PDU session tunnel information between RAN and UPF, transfer control messages sent to UE, transfer radio resource control information sent to RAN, etc.

6) N2: The interface between AMF and RAN, used to transmit wireless bearer control information from the core network side to the RAN.

7) N1: The interface between AMF and UE, independent of access, is used to deliver QoS control rules to UE, etc.

8) N8: The interface between AMF and UDM, used for AMF to obtain access and mobility management-related subscription data and authentication data from UDM, and for AMF to register UE's current mobility management-related information with UDM.

9) N10: The interface between SMF and UDM, used for SMF to obtain session management-related subscription data from UDM, and for SMF to register UE current session-related information with UDM.

10) N35: The interface between UDM and UDR, used by UDM to obtain user subscription data information from UDR.

11) N36: The interface between PCF and UDR, used for PCF to obtain policy-related contract data and application data-related information from UDR.

12) N12: The interface between AMF and AUSF, used for AMF to initiate the authentication process to AUSF, which can carry SUCI as the contract identification;

13) N13: The interface between UDM and AUSF, used by AUSF to obtain the user authentication vector from UDM to perform the authentication process.

Figure 2 is a schematic diagram of a multicast broadcast service architecture suitable for the method provided by the embodiment of the present application. The multicast broadcast service architecture and functions shown in Figure 2 are enhanced and defined based on the unicast network architecture and functions. The following is a brief introduction to the multicast broadcast service-specific functions of each network element in Figure 2.

1. UE: The main functions of UE are to receive multicast data through PTM/PTP, receive group/broadcast data through PTM, process QoS, initiate session join (session join) and session leave (session leave), and the terminal side of 5G MBS Resource management.

2. RAN: RAN is mainly responsible for processing MBS QoS flows, sending data to UE through point to multipoint (PTM) and point to point (PTP), configuring the AS layer to receive broadcast flows, and transmitting data between PTM and Switching between PTPs, supporting Xn and N2 switching of multicast sessions, processing session signaling, and establishing air interface broadcast and multicast resources, etc.

3. AMF: AMF is mainly responsible for signaling routing (NG-RAN~MB-SMF) and selecting broadcast NG-RANs.

4. SMF: In order to support 5G MBS features, SMF needs to be enhanced for unicast SMF, which is mainly reflected in the addition of: discovery of MB-SMF, authentication of UE joining, interaction with MB-SMF to manage multicast session context, and interaction with RAN to establish multicast transmission. resources and other functions.

5. UPF: UPF is mainly responsible for interacting with MB-UPF to receive multicast data transmitted through the individual delivery mode, and transmitting multicast data transmitted in the individual delivery mode to the UE through the PDU session.

6. PCF: PCF is mainly responsible for QoS processing of multicast and broadcast service (MBS) sessions, providing policy information to multicast and broadcast SMF (MB-SMF), and communicating with user data repository ( user data repository, UDR) to interactively obtain QoS information, etc. PCF is an optional network element. This functional entity is only required when using dynamic policy charging control (PCC).

7. Multicast/broadcast-session management function (MB-SMF) network element: MB-SMF is an entity that supports broadcast characteristics. MB-SMF can also have the function of unicast SMF at the same time. Specifically, MB-SMF is responsible for: management of MBS sessions, including QoS control, etc.; configuring multicast and broadcast UPF (MB-UPF); interacting with RAN to control broadcast flow transmission (broadcast session specific functions); Interact with SMF to associate protocol data unit (PDU) sessions; interact with RAN to control the transmission of multicast streams (multicast session specific functions), etc. For convenience of description, in the embodiment of this application, the multicast/broadcast session management function network element is referred to as the multicast session management function network element, or "MB-SMF". MB-SMF is a type of multicast session management network element. In future communication systems, the multicast session management network element can still be MB-SMF, or it can also have other names, which is not limited in this application.

8. Multicast/broadcast-user plane function (MB-UPF) network element: MB-UPF is the gateway of the data plane of 5G MBS. It is mainly responsible for: interacting with MB-SMF to obtain data forwarding rules, Multicast data is transmitted to the RAN through the shared delivery method; multicast data is transmitted to the UPF through the individual delivery method. For convenience of description, in the embodiment of this application, the multicast/broadcast user plane functional network element is referred to as the multicast user plane functional network element or "MB-UPF" for short.

9. Multicast and broadcast service function (MBSF): MBSF mainly supports the following functions: business layer functions, interworking with LTE MBS, interacting with AF and MB-SMF to support the operation of MBS sessions, and determining transmission Parameters and type of MBS session, selecting MB-SMF to control MBSTF, and determining the sender's IP multicast address, etc. MBSF is an optional network element. For convenience of description, in the embodiment of this application, the multicast/broadcast service function network element is referred to as the multicast service function network element or "MBSF" for short.

10. Multicast/broadcast service transport function (MBSTF): MBSTF mainly supports the following functions: anchor point of MBS data, serving as the source of IP multicast, supporting frames, multi-streams, and forward error correction. (forward error correction, FEC) and other general transmission functions, sending the input file as an object (object) or object flow (object flow) in a multicast or broadcast manner, etc. MBSTF is an optional network element. For convenience of description, in the embodiment of this application, the multicast/broadcast service transmission function network element is referred to as the multicast service transmission function network element or "MBSTF" for short.

11. AF: AF mainly supports the following functions to provide business information to the 5G core network (5G core network, 5GC) and request multicast or broadcast services, as well as instruct MBS session operations with 5GC, etc.

12. UDM: UDM mainly supports subscription/subscription management of multicast sessions, etc.

13. Network repository function (NRF): NRF is mainly information about core network elements. In terms of supporting MBS features, it mainly includes the following functions: Supports the management of MB-SMF that serves MBS sessions, including saving MB -MBS session ID of the SMF service.

14. Network exposure function (NEF): NEF is mainly responsible for the following functions in supporting MBS features: selecting MB-SMF, interacting with AF and MB-SMF to implement MBS session operations, determining transmission parameters, etc., and providing AF with The interfaces of the 5G MBS process include service configuration, MBS session configuration and QoS management interfaces.

In Figure 2, Nausf, Nnef, Npcf, Nudm, Naf, Namf, Nsmf, N1, N2, N3, N4, and N6 are interface serial numbers. The meaning of these interface serial numbers can be found in the meaning defined in the 3GPP standard protocol, and is not limited here.

It should be understood that the above network architecture applied to the embodiments of the present application is only an example of a network architecture described from the perspective of a traditional point-to-point architecture and a service-oriented architecture. The network architecture applicable to the embodiments of the present application is not limited thereto. Any network architecture that can realize the functions of each of the above network elements is suitable for the embodiments of this application.

It should also be understood that each of the core network elements shown in Figures 1 and 2 can be understood as network elements used to implement different functions in the core network, and can, for example, be combined into network slices as needed. These core network elements can be independent devices, or can be integrated into the same device to implement different functions. This application does not limit the specific forms of the above network elements.

It should also be understood that the above nomenclature is only defined to facilitate the differentiation of different functions and should not constitute any limitation on this application. This application does not rule out the possibility of using other naming in 5G networks and other future networks. For example, in a 6G network, some or all of the above network elements may use the terminology used in 5G, or may adopt other names. The interface names between each network element in Figure 1 are just an example. In specific implementations, the names of the interfaces may be other names, and this application does not specifically limit this. In addition, the names of the messages (or signaling) transmitted between the various network elements are only examples and do not constitute any limitation on the function of the messages themselves.

It can be understood that the above network elements or functions can be network elements in hardware devices, software functions running on dedicated hardware, or virtualization functions instantiated on a platform (for example, a cloud platform). For convenience of explanation, in the following description of this application, the network device is the access and mobility management network element AMF, and the base station is the wireless access network RAN as an example.

The network architecture and business scenarios described in the embodiments of this application are for the purpose of explaining the technical solutions of the embodiments of this application more clearly, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. Those of ordinary skill in the art will know that with the network With the evolution of architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.

Various aspects or features of embodiments of the present application may be implemented as methods, or may be implemented by means of devices or articles of standard programming and/or engineering techniques. The term "article of manufacture" as used in this application encompasses a computer program accessible from any computer-readable device, carrier or medium. For example, computer-readable media may include, but are not limited to: magnetic storage devices (e.g., hard disks, floppy disks, tapes, etc.), optical disks (e.g., compact discs (CD), digital versatile discs (DVD)) etc.), smart cards and flash memory devices (e.g. erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.). Additionally, the various storage media described herein may represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" may include, but is not limited to, wireless channels and various other media capable of storing, containing and/or carrying instructions and/or data.

Figure 3 shows a schematic diagram of a scenario applicable to this application. Under normal circumstances, when operators deploy networks, in order to reduce the cost of deploying wireless access networks, they generally choose to share wireless access network equipment while retaining their respective core networks (in the following description, base stations are used as wireless access networks). equipment for instructions). For example, the multi-operator core network (MOCN) scenario defined in TS23.501. As shown in Figure 3, it is assumed that there are three operators. Among them, Operator #A, Operator #B and Operator #C each have their own core network. However, in order to save costs (for example, the cost of deploying base stations), the three Carriers may share base stations. Compared with the ordinary scenario, in the deployment method of the MOCN scenario, the broadcast message contains the information of the public land mobile network (PLMN). For example, the cell information sent by the base station includes information about the PLMN to which the cell belongs.

Figure 4 shows a schematic diagram of another scenario applicable to this application. As shown in Figure 4, currently, the content transmitted by certain broadcast services (for example, weather forecast, high-precision map updates, etc.) on different operators is the same. For this type of broadcast service, the same broadcast service data needs to be transmitted multiple times on the core networks of different operators and the base stations shared by the operators. For example, as shown in Figure 4, assuming there are two operators (denoted as PLMN#a and PLMN#b), the content provider of the multicast/broadcast service (MBS content provider) provides services to PLMN#a respectively. and PLMN#b sends broadcast data. Since PLMN#a and PLMN#b share the base station, the same broadcast service data will be sent twice in the base station (it can also be understood that the base station needs to allocate air interface resources twice to transmit the same broadcast service in different operator networks). This results in a waste of transmission resources.

In order to facilitate understanding of the technical solutions of the embodiments of this application, some technical terms involved in this application are introduced below.

1. Multicast/broadcast service-session (MBS session): A multicast/broadcast session can provide services for multicast/broadcast services. Multicast/broadcast sessions include unicast or multicast tunnels from the data network to the core network equipment to the access network equipment, and the unicast or multicast/multicast tunnel allocated by the access network equipment for sending the multicast/broadcast service. Broadcast air interface resources.

2. Transmission of multicast/broadcast service data

In the 3GPP network, services/applications have the need to send multicast/broadcast services to multiple user equipments (UEs), that is, the same data transmission from point to multipoint is required. The services/applications include multimedia messaging services, data streaming services, group communication services, etc. By establishing a multicast/broadcast/unicast session, the network provides a bearer shared by multiple receivers. The sender only needs to send one piece of data, and the network side copies and transmits the sent data to multiple receivers on demand or uses multiple receivers. Send one piece of data to multiple receivers using broadcast transmission. Services can be hosted by one or more sessions. One service ID corresponds to one or more MBS session IDs.

This application takes the transmission of broadcast service sessions and broadcast service data as examples for explanation.

3. First broadcast service, MBS session identifier, service identifier

At least two networks (PLMN#a and PLMN#b are used as examples for explanation below) share an access network element, and broadcast services are sent to the terminal equipment of the network through the access network element (hereinafter, the first broadcast is used as an example). Take business as an example to illustrate) data. Specifically, the AF transmits data to the base station through PLMN#a and PLMN#b, and the base station broadcasts a copy of the data to the UE of PLMN#a and the UE of PLMN#b.

The AF or the service provider establishes MBS sessions through PLMN#a and PLMN#b respectively, and sends data to PLMN#a and/or PLMN#b through the MBS sessions. MBS sessions are identified by corresponding MBS session identifiers. The MBS session identifier can be a specific IP address or a temporary mobile group identity (TMGI). In other words, the MBS session identifier or session identifier involved in this application is the identifier of the MBS session used to carry data of the first broadcast service.

The first broadcast service may be marked by a service identifier, which is a globally unique identifier. For example, the service identifier may be sent by the core network to the base station during the session creation process, or may be the corresponding relationship between the base station's preconfigured service identifier and the session identifier, which is not limited here.

For example, the MBS session identifier established by the AF or the service provider in PLMN#a is TMGI x, and the service identifier is w. The MBS session identifier established by AF or service provider in PLMN#b is TMGI y, and the service identifier is w. The base station determines based on the service identifier that different broadcast sessions carry/transmit the same service data.

4. Resources, reused air interface resources, non-reused air interface resources

The resources involved in this application can be air interface resources, which can be scheduling time resources, frequency resources, scheduling priorities, cache resources, and data radio bearers (DRB); or, the resources can also be stored Context information (for example, QoS description information, identification information of QoS flow (flow)), etc. A unified explanation is provided here. As an example, the air interface resource information of the first broadcast service determined by the RAN may include: (1) received group-radio network temporary identity (G-RNTI) information. (2) Information about the bandwidth part (BWP) corresponding to the first broadcast service. For example, when the service is received at the BWP, the sub-carrier space (sub-carrier space, SCS), frequency domain position and length of the cyclic prefix (CP) corresponding to the BWP are determined according to the BWP configuration. The BWP configuration information also includes control resource set (COREST) configuration information for physical downlink control channel (physical downlink control channel, PDCCH) detection. The COREST configuration information indicates the time and frequency where the PDCCH for G-RNTI is located. resource. (3) The scrambling sequence of the physical downlink data channel (PDSCH) of the first broadcast service. It can also be understood that the UE uses this sequence for descrambling when decoding the PDSCH of the service; (4) the parameters of G-RNTI discontinuous reception (DRX), it can also be understood that the UE uses the DRX parameters for descrambling. G-RNTI detection. (5) The configuration of the demodulation reference signal can also be understood as the UE using the reference signal to perform PDSCH demodulation for G-RNTI scheduling. (6) Rate matching reference signal information.

Multiplexing air interface resources can be understood as the access network element using the same air interface resource to send the same data to terminal devices on different networks. Not reusing air interface resources can be understood as access network elements using different air interface resources to send different data to terminal devices on different networks. For example, the different data here may come from different networks. Alternatively, the different data here may be obtained by encrypting and/or integrity processing the same source data through network elements of different networks.

5. Security activation status, security activation instructions

The security activation status refers to whether the core network element performs security protection on the data of the broadcast service, that is, confidentiality and/or integrity protection. The following description takes the core network element as MBSTF as an example. Security activation status may include security activation or security inactivation. When security is activated, the core network provides security protection for broadcast service data, or MBSTF provides security protection for broadcast service data; when security is not activated, the core network does not provide security protection for broadcast service data. Or, MBSTF does not provide security protection for broadcast service data.

The security activation indicator is used to indicate the security activation status. When the safety activation indication indicates safety activation, it can be understood as safety activation on or safety activation turned on or safety activated or safety activation status turned on. When the security activation indication indicates that security is not activated, it can be understood that security activation is not turned on or that the security activation status is turned off.

For example, the value of the security activation indication may be correct (true) or incorrect (false). true means safe activation or safe activation is on or safe activation is on or safety is activated or safe activation is on, false means safety activation is not on or safety is not activated or safety activation is off. Alternatively, the value of the security activation indication #a can be 1 or 0. 1 represents security activation or security activation turned on. Security activation has been turned on or security has been activated or security activation status is on. 0 represents security activation not turned on or security not activated or security activated. Status is closed.

In the scenario of base station sharing, PLMN#a and PLMN#b have different core networks but share one base station. In multicast/broadcast service data transmission, for the same broadcast service, the AF transmits data to the base station through PLMN#a and/or PLMN#b, and the base station broadcasts a copy of the data to the UE of PLMN#a and PLMN#b UE. Because PLMN#a and PLMN#b independently maintain their own keys and provide them to UEs in this network. When security protection is turned on, the data sent by PLMN#a to the base station is data obtained by MBSTF#a using the key of PLMN#a to process the broadcast service data. The data sent by PLMN#b to the base station is data obtained by MBSTF#b using the key of PLMN#b to process the broadcast service data. During this process, if the base station only broadcasts one copy of data, some UEs may not be able to decrypt and/or integrity check the received broadcast service data, causing communication to be affected and user experience to be poor. For example, the data broadcast by the base station is data protected by the security of PLMN #b, and the UE of PLMN #a will not be able to parse the received broadcast service data.

Figure 5 shows a schematic diagram of a method 100 for broadcasting secure communications provided by this application. The method 100 for secure communication of multicast sessions provided by this application will be introduced in detail below with reference to Figure 5 .

S101. The first network element in the first network sends a first session establishment request for the first broadcast service to the access network element. Correspondingly, the access network element receives a request from the first network element in the first network. A first session establishment request for a first broadcast service.

The first session establishment request includes first indication information, and the first indication information is used to indicate whether security protection is enabled for the data of the first broadcast service.

Security protection in this application can also be understood as encryption and/or integrity protection. For convenience of explanation, this application takes security protection as an example for explanation.

For example, the first network element may be a control plane network element or a user plane network element. For example, the first network element can directly send the first session establishment request to the access network element, or the first network element can also send the first session establishment request to the access network element through other network elements in the first network. . For example, the first network element may be MB-SMF#a, and MB-SMF#a sends a broadcast context creation (Broadcastcontextcreate) message to the access network element through the AMF, and the broadcast context creation message includes the first indication information. For example, the first network element may be NEF/MBSF#a, and NEF/MBSF#a sends an MBS session creation (Nmbsmf_MBSSession_Create) message to MB-SMF#a, and the MBS session creation (Nmbsmf_MBSSession_Create) message includes the first indication information. Alternatively, the first session creation request message here may also be other messages carrying the first indication information. For example, the first network element may be MBSTF#a, and MBSTF#a sends a message carrying the first indication information to NEF/MBSF#a. information. NEF/MBSF#a sends a message carrying the first indication information to MBSTF#a, such as an MBS session creation (Nmbsmf_MBSSession_Create) message. MB-SMF#a sends a broadcast context create (Broadcast context create) message to the access network element, and the broadcast context create message includes first indication information.

For example, the first indication information is used to indicate whether the first network or a user plane network element (for example, MBSTF#a) in the first network enables security protection for the first data of the first broadcast service.

Optionally, the method 100 further includes: the first network element obtains the first indication information. Specifically, the first network element determines the first indication information according to the network opening function or the security configuration information provided by the service provider, or the preconfigured security configuration information. Alternatively, the first network element receives the first indication information from other network elements of the first network.

S102. In response to the first session establishment request, the access network element allocates the first air interface resource to the first broadcast service.

Exemplarily, the access network element stores the first indication information. For example, the first session establishment request carries the service identifier of the first broadcast service. identification, the access network element stores the corresponding relationship between the first indication information and the service identifier. For another example, the first session establishment request carries a session identifier, and the access network element stores the correspondence between the first indication information and the session identifier. For another example, the first session establishment request carries a session identifier, and the access network element may determine the session identifier of the first broadcast service according to the mapping relationship between the locally configured session identifier and the service identifier. Then the corresponding relationship between the first indication information and the service identifier is stored.

As an example, assume that the access network element has not created resources corresponding to the first broadcast service before receiving the first session establishment request. Then, when the first instruction information indicates whether to enable or disable security protection for the data of the first broadcast service, the access network element allocates the first air interface resource to the first broadcast service, which can be understood as: Create a first air interface resource for the first broadcast service.

As another example, assume that before the access network element receives the first session establishment request, resources corresponding to the first broadcast service already exist. Then, for the implementation method of the access network element allocating the first air interface resource to the first broadcast service, please refer to the relevant description in S104. In other words, assuming that the access network element has already established resources corresponding to the first broadcast service before receiving the first session establishment request, then the interaction between the access network element and the first network element in this application can be See the interaction between the access network element and the second network element.

S103: The second network element sends a second session establishment request for the first broadcast service to the access network element. Correspondingly, the access network element receives a request for the first broadcast service from the second network element in the second network. Second session establishment request for broadcast service.

The second session establishment request includes second indication information, and the second indication information is used to indicate whether security protection is enabled for the second data of the first broadcast service.

For example, the second network element may be a control plane network element or a user plane network element.

For example, the second indication information is used to indicate whether the second network or a user plane network element (for example, MBSTF#b) in the second network enables security protection for the data of the first broadcast service.

For example, the second network element can directly send the second session establishment request to the access network element, or the second network element can also send the second session establishment request to the access network element through other network elements in the second network. . For example, the second network element may be MB-SMF#b, and MB-SMF#b sends a broadcast context create (Broadcast context create) message to the access network element through the AMF, and the broadcast context create message includes the second indication information. For example, the second network element may be NEF/MBSF#b, and NEF/MBSF#b sends an MBS session creation (Nmbsmf_MBSSession_Create) message to MB-SMF#b, and the MBS session creation (Nmbsmf_MBSSession_Create) message includes the second indication information. Alternatively, the second session creation request message here may also be another message carrying the second indication information. For example, the second network element may be MBSTF#b, and MBSTF#b sends a message carrying the second indication information to NEF/MBSF#b. information. NEF/MBSF#b sends a message carrying the second indication information to MBSTF#b, such as an MBS session creation (Nmbsmf_MBSSession_Create) message. MB-SMF#b sends a broadcast context create (Broadcast context create) message to the access network element, and the broadcast context create message includes the second indication information.

Optionally, the method 100 further includes: the second network element obtains the second indication information. Specifically, the second network element determines the second indication information according to the network opening function or the security configuration information provided by the service provider, or the preconfigured security configuration information. Alternatively, the second network element receives the second indication information from other network elements of the second network.

S104. In response to the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information.

Several possible implementation methods are given below for S104.

Implementation method 1: The access network element does not reuse the first air interface resource.

When the first indication information indicates that security protection has been enabled for the first data, and/or, when the second indication information indicates that security protection has been enabled for the second data, the access network element shall The first indication information and/or the second indication information determines not to reuse the first air interface resource.

Specifically, when the first indication information and the second indication information respectively indicate that security protection is enabled for the first data and the second data of the first broadcast service, the access network element determines according to the first indication information and the second indication information. The first air interface resource is not reused, or the access network element determines not to reuse the first air interface resource according to the first indication information or the second indication information. Alternatively, when the first instruction information indicates that security protection is enabled for the first data of the first broadcast service, and the second instruction information indicates that security protection is not enabled for the second data of the first broadcast service, the access network element shall perform the first operation according to the first instruction information. The indication information determines not to reuse the first air interface resource, or the access network element determines not to reuse the first air interface resource according to the first indication information and the second indication information. Alternatively, when the second instruction information indicates that security protection is enabled for the second data of the first broadcast service, and the first instruction information indicates that security protection is not enabled for the first data of the first broadcast service, the access network element may The indication information determines not to reuse the first air interface resource, or the access network element determines not to reuse the first air interface resource according to the first indication information and the second indication information.

Wherein, the access network element does not reuse the first air interface resource, which can also be understood as: the access network element creates the second air interface resource for the second data of the first broadcast service received from the second network, and the first air interface The resources are different from the second air interface resources.

Optionally, the method 100 further includes: the access network element establishing a data transmission channel between the access network element and the user plane network element (for example, UPF#b) of the second network, and transmitting data from the first network element to the second network through the data transmission channel. The user plane network element of the second network receives the data of the first broadcast service.

Optionally, the method 100 further includes: the access network element sending the first data of the first broadcast service to the terminal device of the first network based on the first air interface resource; and the access network element sending the first data of the first broadcast service to the second network based on the second air interface resource. The terminal device sends the second data of the first broadcast service.

For convenience of explanation below, the first data in which the access network element is the first broadcast service received from the first network is called first data, and the access network element is the first broadcast service received from the second network. The second data is called second data. And introduce in detail the difference between the first data and the second data.

The second data can also be understood as data of the first broadcast service received by the access network element from the user plane network element of the second network (for example, UPF#b). It should be understood that the second data is the data of the first broadcast service that is security protected by the second network, or the second data is the first broadcast that is security protected by the user plane network element of the second network (for example, MBSTF#b). The data of the service, or the second data is the data of the first broadcast service that is encrypted and/or integrity protected by the user plane network element of the second network (for example, MBSTF#b) using the second key. For example, MBSTF#b uses key #b to encrypt and/or integrity protect the second data, which can realize secure communication between MBSTF#b and the terminal device of the second network element.

The first data can also be understood as data of the first broadcast service received by the access network element from the user plane network element of the first network (for example, UPF#a). It should be understood that the first data is the data of the first broadcast service that is security protected by the first network, or the first data is the first broadcast that is security protected by the user plane network element of the first network (for example, MBSTF#a). The data of the service, or the first data is the data of the first broadcast service that is encrypted and/or integrity protected by the user plane network element of the first network (for example, MBSTF#a) using the first key. For example, MBSTF#a uses key #a to encrypt and/or integrity protect the first data, which can realize secure communication between MBSTF#a and the terminal device of the first network element.

It can also be understood that the source data of the first data before being encrypted and/or integrity protected is the same as the source data of the second data before being encrypted and/or integrity protected.

Implementation method two: the access network element reuses the first air interface resource.

In the case where the first indication information indicates that security protection is not enabled for the first data and the second indication information indicates that security protection is not enabled for the second data, the access network element uses the first indication information to and the second indication information to determine to multiplex the first air interface resource.

Optionally, the method 100 also includes: the access network element does not establish a data transmission channel between the access network element and the user plane element of the second network (for example, UPF#b); or, the access network element It is determined to establish a data transmission channel between the access network element and the user plane network element of the second network, but discard the data of the first broadcast service in the data transmission channel (ie, the above-mentioned second data).

Optionally, the method 100 further includes: the access network element sending the first data or the second data to the terminal device of the first network and the terminal device of the second network based on the first air interface resource.

It can be understood that in the second implementation manner, since neither the first data nor the second data is subject to security protection, the data contents of the first data and the second data are the same. In this case, the access network element sends the same piece of data (first data or second data) to the terminal device of the first network and the terminal device of the second network respectively.

The above solution can save air interface resources.

Figure 6 shows a schematic diagram of a method 200 for broadcasting secure communications provided by this application. The method 200 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 6 . Method 200 provides a specific example for implementation method 1 in method 100. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

S201, AF sends an MBS session #a creation request message (Nnef-MBSSesion_Create) to NEF#a/MBSF#a. For details, please refer to TS 23.247 Chapter 7.1.

Among them, the MBS session #a creation request message carries the MBS session ID (MBS session ID) #a, QoS parameter #a, and service service type. Optionally, the message also carries a service ID. For example, the service identifier is the identification information of the first broadcast service.

The MBS session identifier can be a specific IP address or a temporary mobile group identity (TMGI). QoS parameters indicate the quality of service requirements of the current session. The first broadcast service may be marked by a service identifier, which is a globally unique identifier. For example, the service identifier may be sent by the core network to the base station during the session creation process, or may be the corresponding relationship of the session identifier preconfigured by the base station, which is not limited here. Service types include broadcast services and multicast services. This application is mainly applicable to broadcast service scenarios.

Depending on the configuration, MBSF/NEF mentioned in this application may represent only MBSF, only NEF, or both MBSF and NEF. The NEF#a/MBSF#a or NEF#b/MBSF#b involved in this application has the same understanding as MBSF/NEF, where #a and #b are used to identify that MBSF/NEF are located in different PLMNs (PLMN#a and PLMN #b)Network.

S202, NEF#a/MBSF#a authorizes AF. For details, please refer to TS 23.247 Chapter 7.1.

The following describes two options for NEF#a/MBSF#a to obtain security activation status #a. These two solutions can be understood as specific examples of the first network element obtaining the first indication information in the method 100. For example, S203a, or S203b and S204 described below. The security activation state #a can be understood as whether MBSTF #a performs security protection, that is, confidentiality and/or integrity protection, on the data of the first broadcast service. The session is used to transmit the data of the first broadcast service. For example, the security activation state #a can also be understood as whether the core network performs security protection on the data of the first broadcast service, that is, confidentiality and/or integrity protection.

Solution 1, S203a, NEF#a/MBSF#a determines security activation status #a.

For example, NEF#a/MBSF#a determines security activation status #a based on security configuration information provided by AF or preconfigured.

Solution 2: NEF#a/MBSF#a receives security activation status #a from MBSTF#a.

S203b, NEF#a/MBSF#a sends a security activation status #a query message to MBSTF#a. Correspondingly, MBSTF#a receives the security activation status #a query message from NEF#a/MBSF#a.

Among them, the security activation status #a query message is used to query the security activation status #a. This message carries MBS session ID#a, which is used to indicate the session identified by MBS session ID#a.

As an example, the message may include instruction information for querying the security activation status #a, and the indication information is used to display the message indicating that the message is used to query the security activation status #a, or the message is used to query the security activation status #a. The message name implicitly indicates that the message is used to query security activation status #a.

As another example, the security activation status #a query message may be sent after S202 or after the MBS session #a creation response message of MB-SMF#a is received (S206 below). Alternatively, it can also be used as an enhancement of the session request (sessionrequest) message sent by NEF#a/MBSF#a to MBSTF#a in TS 23.247 Chapter 7.1. For example, the session request message has the function of querying MBSTF#a for security activation status #a. For example, the session request message may include instruction information for querying the security activation status #a, or the message name of the session request message may implicitly indicate the security activation status #a.

As yet another example, the triggering conditions for the message include but are not limited to one or more of the following.

(1) MBSF#a/NEF#a did not receive the security configuration information sent by the AF. The security configuration information indicates whether to perform security protection, that is, confidentiality and/or integrity, on the data of the first broadcast service carried by MBS session #a. sexual protection.

(2) MBSF#a/NEF#a determines that the data security activation status of the first broadcast service carried by MBS session #a is not stored.

(3) The service type carried in the MBS session #a creation request message in S201 indicates broadcast service.

(4) In S202, the authorization of AF by MBSF#a/NEF#a is completed.

(5) The MBS session #a creation request message in S201 carries the service identifier.

(6) Create a response message in response to MBS session #a (S206 below).

S204, MBSTF#a sends a security activation status #a response message to NEF#a/MBSF#a. Correspondingly, NEF#a/MBSF#a receives the security activation status #a response message from MBSTF#a.

S205, MBSF/NEF#a sends an MBS session creation (Nmbsmf_MBSSession_Create) message to MB-SMF#a. Correspondingly, MB-SMF#a receives the MBS session creation message from MBSF/NEF#a.

This message is used to request the creation of an MBS session. The message includes MBS session ID#a.

S206: MB-SMF#a sends a response message to MBSF/NEF#a. Correspondingly, MBSF/NEF#a receives the response message from MB-SMF#a. This response message is used to respond to the MBS session creation message in S205.

The following describes how NEF#a/MBSF#a sends a security activation instruction #a to MB-SMF#a. The security activation instruction #a is used to instruct security activation. Live state #a. Among them, NEF#a/MBSF#a sends security activation instruction #a to MB-SMF#a, which can be understood as a specific example of S101 in method 100.

When executing the above scheme two, for the situation in scheme two that S203b creates a response message in response to MBS session #a (the above trigger condition (6)), that is, when S203b creates a response message later than MBS session #a, NEF#a/MBSF #a may send the security activation indication #a to MB-SMF #a in a separate message after S206.

When executing the above solution one, and in the second solution when S203b is not in response to the MBS session #a creation response message, that is, when S203b creates the response message earlier than MBS session #a, the MBS session creation message in S205 can be enhanced. For example, the security activation indication #a is carried in the MBS session creation message and sent.

S207 is used to respond to S201. For details, please refer to TS 23.247 Chapter 7.1.

S208: MB-SMF#a sends a broadcast context creation message to the RAN. Correspondingly, the RAN receives the broadcast context creation message from MB-SMF#a. The message carries MBS session ID#a. This message optionally carries the service identifier and security activation indication #a.

The security activation instruction #a in this application can have multiple instruction methods, which are described uniformly here. For example, the value of the security activation indication may be correct (true) or incorrect (false). true means safe activation or safe activation is on or safe activation is on or safety is activated or safe activation is on, false means safety activation is not on or safety is not activated or safety activation is off. Alternatively, the value of the security activation indication #a can be 1 or 0. 1 represents security activation or security activation turned on. Security activation has been turned on or security has been activated or security activation status is on. 0 represents security activation not turned on or security not activated or security activated. Status is closed.

S209 can be used as a specific example of S102 in method 100. S209: The RAN allocates (or determines) resources for the first broadcast service according to the security activation indication #a, and determines the processing method of the transmission channel between the RAN and the UPF.

The RAN stores the correspondence between the security activation indication #a and the service identifier. Optionally, if the service identifier is not carried, the base station can determine the service identifier based on the local configuration and session identifier.

Among them, the resources involved in this application can be air interface resources, which can be scheduling time resources, frequency resources, scheduling priorities, cache resources, and data radio bearers (DRB); or, the resources can also be Stored context information (for example, QoS description information, identification information of QoS flow (flow)), etc. A unified explanation is provided here. As an example, the air interface resource information of the first broadcast service determined by the RAN may include: (1) received group-radio network temporary identity (G-RNTI) information. (2) Information about the bandwidth part (BWP) corresponding to the first broadcast service. For example, when the service is received at the BWP, the sub-carrier space (sub-carrier space, SCS), frequency domain position and length of the cyclic prefix (CP) corresponding to the BWP are determined according to the BWP configuration. The BWP configuration information also includes control resource set (COREST) configuration information for physical downlink control channel (physical downlink control channel, PDCCH) detection. The COREST configuration information indicates the time and frequency where the PDCCH for G-RNTI is located. resource. (3) The scrambling sequence of the physical downlink data channel (PDSCH) of the first broadcast service. It can also be understood that the UE uses this sequence for descrambling when decoding the PDSCH of the service; (4) the parameters of G-RNTI discontinuous reception (DRX), it can also be understood that the UE uses the DRX parameters for descrambling. G-RNTI detection. (5) The configuration of the demodulation reference signal can also be understood as the UE using the reference signal to perform PDSCH demodulation for G-RNTI scheduling. (6) Rate matching reference signal information.

Alternatively, S209 may also be understood as the RAN determining the context corresponding to the first broadcast service for the first broadcast service according to the security activation indication #a. As an example, the broadcast session context corresponding to the first broadcast service established by the RAN may also include: the identification TMGI#n of the first broadcast service in PLMN#a, broadcast area information (for example, cell list) Information, tracking area list ((tracking area, TA)list), QoS context of the broadcast session.

For convenience of explanation, the following description takes the RAN allocating resources for the first broadcast service according to the security activation indication #a as an example. However, the scope of protection of this application is not limited.

Example 1-1 takes as an example that the RAN does not create resources corresponding to the first broadcast service before communicating with the UE of PLMN#a. (1) The RAN determines that security is not activated according to the security activation indication #a. In other words, the RAN determines according to the security activation indication #a that the MBSTF #a does not perform security protection on the data of the first broadcast service carried by the MBS session #a. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier.

When the resource corresponding to the first broadcast service is not created and security is not activated, the RAN creates the resource #a corresponding to the first broadcast service and establishes a data transmission channel between the RAN and UPF #a.

It should be noted that Example 1-1 does not limit the execution order of (1) and (2) above.

Example 1-2 takes as an example that the RAN does not create resources corresponding to the first broadcast service before communicating with the UE of PLMN#a. (1) The RAN determines that the security activation indication #a indicates security activation. In other words, the MBSTF #a security activation indication #a indicates security protection of the data of the first broadcast service carried by the MBS session #a. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier.

If the resource corresponding to the service identifier is not created and the security activation indication #a indicates security activation, the RAN determines to create the resource #a corresponding to the first broadcast service according to the security activation indication #a, and establishes the relationship between the RAN and UPF #a. data transmission channels between.

It should be noted that Example 1-2 does not limit the execution order of (1) and (2) above.

Example 1-3 takes as an example that the RAN does not create resources corresponding to the first broadcast service before communicating with the UE of PLMN#a. The security activation indication #a indicates security activation. In other words, the MBSTF #a security activation indication #a indicates security protection of the data of the first broadcast service carried by the MBS session #a. The RAN may discard the service identifier or skip the step of checking whether the resource corresponding to the first broadcast service has been created based on the service identifier.

Example 1-4, RAN checks based on the service identifier whether the resource corresponding to the service identifier has been created. When the resource corresponding to the service identifier is not created, the RAN creates the resource #a corresponding to the service identifier and establishes a data transmission channel between the RAN and UPF#a.

S210 is used to respond to S208.

S211. The AF sends the media stream to the RAN through the network elements in PLMN#a (such as MBSTF#a and UPF#a). Correspondingly, the RAN receives the media stream from the AF through the network elements in PLMN#a.

For example, the AF sends the data of the first broadcast service to MBSTF#a, and accordingly, the MBSTF#a receives the data of the first broadcast service from the AF. MBSTF#a processes the data of the first broadcast service and generates the first data. MBSTF#a sends the first data to UPF#a, and accordingly, UPF#a receives the first data from MBSTF#a. UPF#a sends the first data to the RAN, and accordingly, the RAN receives the first data from UPF#a.

Subsequently, the RAN sends the first data to the UE of PLMN #a based on resource #a.

For S212 to S219, please refer to the description of S201 to S208. The difference is that the network element of PLMN#a is replaced by the network element of PLMN#b, and the corresponding message #a, indication #a, and identification #a are replaced with message #b, indication. #b and logo #b etc. Among them, the two solutions for NEF#b/MBSF#b to obtain the security activation status #b can be understood as specific examples of the second network element obtaining the second indication information in the method 100. NEF#b/MBSF#b sends security activation instruction #b to MB-SMF#b, which can be understood as a specific example of S103 in method 100.

S220 can be used as a specific example of S104 in method 100. S220: The RAN allocates (or determines) resources for the first broadcast service according to the security activation indication #b and/or the security activation indication #a, and determines the processing method of the transmission channel between the RAN and the UPF #a.

Example 2-1 corresponds to any one of Examples 1-1 to 1-3. Security activation indication #a indicates security is not activated or security is activated. The security activation instruction #b indicates security activation. In other words, the security activation instruction #b instructs the MBSTF #b to perform security protection on the data of the first broadcast service carried by the MBS session #b. The RAN determines to create the resource #b according to the security activation instruction #b, and establishes a data transmission channel between the RAN and the UPF #b. The RAN may discard the service identifier or skip the step of checking whether the resource corresponding to the first broadcast service has been created based on the service identifier.

Example 2-2 corresponds to any one of Examples 1-1 to 1-3. Security activation indication #a indicates security is not activated or security is activated. (1) The RAN determines security activation according to the security activation instruction #b. In other words, the security activation instruction #b instructs MBSTF #b to perform security protection on the data of the first broadcast service carried by MBS session #b. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier.

The RAN determines not to reuse resource #a according to the security activation indication #b, that is, not to use the same resource to send the data of the first broadcast service. The RAN determines to create the resource #b according to the security activation instruction #b, and establishes a data transmission channel between the RAN and the UPF #b. Alternatively, it can also be understood that the base station creates resources carried by MBS session ID#a and MBS session #b respectively, so that it can use different resources to send the same broadcast service data.

Optionally, in the case where the RAN detects resource #a, the RAN determines not to reuse resource #a based on the security activation indication #a and the security activation indication #b.

It should be noted that Example 2-2 does not limit the execution order of (1) and (2) above.

Example 2-3 corresponds to Example 1-2 or Example 1-3. Secure activation indication #a indicates secure activation. The security activation indication #b indicates that security is not activated. In other words, the security activation indication #b indicates that the MBSTF #b does not perform security protection on the data of the first broadcast service carried by the MBS session #b.

The RAN determines not to reuse the resource #a according to the security activation indication #a and the security activation indication #b, that is, not to use the same resource to send the data of the first broadcast service. RAN determines to create resource #b according to the security activation instruction #b, and establishes a data transmission channel between RAN and UPF#b road. Alternatively, it can also be understood that the base station creates resources carried by MBS session ID #a and MBS session #b respectively, so that it can use different resources to send the same broadcast service data.

In addition, the above examples 2-1 to 2-3 can also be understood that if at least one of the security activation indication #a and the security activation indication #b is used to indicate security activation, the RAN will create resource #a and resource #b respectively. . And sending the data of the first broadcast service to the UE of PLMN#a and the UE of PLMN#b through resource #a and resource #b respectively.

Example 2-4, RAN checks based on the service identifier whether the resource corresponding to the service identifier has been created. When the resource corresponding to the service identifier is not created, the RAN creates the resource #b corresponding to the service identifier and establishes a data transmission channel between the RAN and UPF#b.

S222: The AF sends the media stream to the RAN through the network elements in PLMN#b (such as MBSTF#b and UPF#b). Correspondingly, the RAN receives the media stream from the AF through the network elements in PLMN#b.

For example, the AF sends the data of the first broadcast service to MBSTF#b, and accordingly, the MBSTF#b receives the data of the first broadcast service from the AF. MBSTF#b processes the data of the first broadcast service and generates the first data. MBSTF#b sends the first data to UPF#b, and accordingly, UPF#b receives the first data from MBSTF#b. UPF#b sends the first data to the RAN, and accordingly, the RAN receives the first data from UPF#b.

Subsequently, the RAN sends the first data to the UE of PLMN #b based on resource #b.

It should be noted that method 200 does not limit the order of S211 and S222. The method 200 does not limit the execution order of S211 in the method 200, nor does it limit the execution order of S222 in the method 200. In other words, there is no limit on when the RAN obtains the data of the first broadcast service. For example, S211 can be before or after determining whether to create resource #a, but the RAN needs to send the first broadcast service data based on resource #a after establishing resource #a. . For example, S222 may be before or after determining whether to create resource #b, but the RAN needs to send the first broadcast service data based on resource #b after establishing resource #b.

It should also be noted that in this application, in order to facilitate the explanation of the solution, only two PLMNs are used as an example for explanation, which does not limit the scope of protection of this application. That is, the embodiments of this application can be applied to the scenario where at least two networks share access network elements. A unified explanation is given here and will not be repeated below.

In the above S201 to S222, the broadcast context creation message in S208 carries the security activation indication #a, and the broadcast context creation message in S219 carries the security activation indication #b is used as an example for explanation. The following is a detailed introduction to the implementation in which the broadcast context creation message in S208 does not carry the security activation indication #a, and the broadcast context creation message in S219 does not carry the security activation indication #b.

In one implementation, the broadcast context creation message in S208 does not carry the security activation indication #a. In S209, the RAN may determine that the security activation indication #a indicates security activation according to the broadcast context creation message. The broadcast context creation message in S219 does not carry the security activation indication #b. In S220, the RAN may determine that the security activation indication #b indicates security activation according to the broadcast context creation message.

The above solution can further improve system security performance.

It should be understood that if one or more network elements in the control plane of the first network or the second network fail, the security activation cannot be indicated. That is, when the first network or the second network instructs security activation, the RAN does not process the security activation as it was received. It is likely to bring security risks and reduce communication success rate.

In another implementation manner, the broadcast context creation message in S208 does not carry the security activation indication #a. In S209, the RAN may determine according to the broadcast context creation message that the security activation indication #a indicates security inactivation. The broadcast context creation message in S219 does not carry the security activation indication #b. In S220, the RAN may determine according to the broadcast context creation message that the security activation indication #b indicates security inactivation.

The above solution can reduce signaling overhead and network consumption.

Figure 7 shows a schematic diagram of a method 300 for broadcasting secure communications provided by this application. The method 300 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 7 . Method 300 provides a specific example for the second implementation method in method 100. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For S301-S308, please refer to the description of S201-S208.

For S309, please refer to the description in S209 except Example 1-2 and Example 1-3. Wherein, the RAN determines that the security activation indication #a indicates that security is not activated.

For S310-S318, please refer to the description of S210 and S212-S219.

S319 can be used as a specific example of S104 in method 100. S319: The RAN allocates (or determines) resources for the first broadcast service according to the security activation indication #b and the security activation indication #a, and determines the processing method of the transmission channel between the RAN and the UPF.

For example, security activation indication #a indicates that security is not activated. The security activation indication #b indicates that security is not activated. In other words, the MBSTF #b security activation indication #b indicates that the data of the first broadcast service carried by the MBS session #b is not to be security protected. The RAN determines not to create resource #b or to multiplex resource #a according to the security activation indication #a and security activation indication #b stored in S309. Furthermore, the RAN determines not to establish a data transmission channel between the RAN and the UPF#b according to the security activation indication #a and the security activation indication #b; or, determines to establish a data transmission channel between the RAN and the UPF#b, but discards the data. Data of the first broadcast service in the transmission channel.

S320 responds to S318.

S321, AF sends the media stream (that is, the data of the above-mentioned first broadcast service) to RAN through the network element in PLMN#a (for example, UPF#a). Correspondingly, RAN receives the media from AF through the network element in PLMN#a. flow.

After acquiring the data of the first broadcast service, the RAN sends the data of the first broadcast service to the UE of PLMN #a and the UE of PLMN #b based on resource #a.

It can be understood that if both the security activation indication #a and the security activation indication #b indicate that security is not activated, the RAN will only create one resource for the first broadcast service (resource #a is used as an example in method 300), and use the resource #a sends the data of the first broadcast service to the UE of PLMN #a and the UE of PLMN #b (the data of the first broadcast service obtained by the RAN from the AF through PLMN #a in S321).

Optionally, the method 300 also includes: Step 1, the AF sends the media stream (that is, the data of the above-mentioned first broadcast service) to the RAN through the network element in PLMN#b (for example, UPF#b). Correspondingly, the RAN sends the media stream through the PLMN#b. The network element in b receives the media stream from AF.

The RAN discards the data of the first broadcast service received from the network element in PLMN #b according to the security activation indication #a and the security activation indication #b.

It should be noted that method 300 does not limit the order of S321 and step 1. Method 300 does not limit the execution order of S321 in method 300, nor does it limit the execution order of step 1 in method 300. In other words, there is no limit on when the RAN obtains the data of the first broadcast service. For example, S321 can be before or after determining whether to create resource #a, but the RAN needs to send the first broadcast service data based on resource #a after establishing resource #a. . For example step 1 can be before or after determining whether to create resource #b.

In the above S301 to S321, the broadcast context creation message in S308 carries the security activation indication #a, and the broadcast context creation message in S318 carries the security activation indication #b is used as an example for explanation. The following is a detailed introduction to the implementation in which the broadcast context creation message in S308 does not carry the security activation indication #a, and the broadcast context creation message in S318 does not carry the security activation indication #b.

In one implementation, the broadcast context creation message in S308 does not carry the security activation indication #a. In S309, the RAN may determine according to the broadcast context creation message that the security activation indication #a indicates security inactivation. The broadcast context creation message in S318 does not carry the security activation indication #b. In S319, the RAN may determine that the security activation indication #b indicates security inactivation according to the broadcast context creation message.

The above solution can reduce signaling overhead and network consumption.

Figure 8 shows a schematic diagram of a method 400 for broadcasting secure communications provided by this application. The method 400 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 8 .

S401. The first network element in the first network sends a first session establishment request to the access network element. Correspondingly, the access network element receives a request for the first broadcast service from the first network element in the first network. First session establishment request.

For example, the first network element may be a control plane network element.

For example, the first network element may directly send the first session establishment request to the access network element, or may send the first session establishment request to the access network element through other network elements in the first network, for example, One network element may be MB-SMF#a, for example, the first network element may be NEF/MBSF#a. Alternatively, the first session creation request message here may also be other messages. For example, the first network element may be MBSTF#a.

S402: In response to the first session establishment request, the access network element allocates the first air interface resource to the first broadcast service.

As an example, assume that the access network element has not created resources corresponding to the first broadcast service before receiving the first session establishment request.

As another example, assume that before the access network element receives the first session establishment request, resources corresponding to the first broadcast service already exist. Optionally, the first session establishment request may also carry a fourth indication information, the fourth indication information being used to indicate whether to reuse existing air interface resources for the first broadcast service. Then, the implementation method for the access network element to allocate the first air interface resource for the first broadcast service can refer to the relevant description in S404. In other words, assuming that the access network element has already established resources corresponding to the first broadcast service before receiving the first session establishment request, then the interaction between the access network element and the first network element in this application can be See the interaction between the access network element and the second network element.

S403: The second network element sends a second session establishment request for the first broadcast service to the access network element. Correspondingly, the access network The network element receives a second session establishment request for the first broadcast service from the second network element in the second network.

The second session establishment request includes third indication information, and the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service. It should be understood that the existing air interface resources here are air interface resources for the first broadcast service that have been established by the access network element. Alternatively, the existing air interface resources here are air interface resources that have been established by the access network element for transmitting data of the first broadcast service. The data of the first broadcast service here may come from the second network or other networks. For example, in the case where the access network element has established the first air interface resource in S402, the existing air interface resources here include the first air interface resource.

For example, the second network element may be a control plane network element.

For example, the second network element may directly send the second session establishment request to the access network element, or may send the second session establishment request to the access network element through other network elements in the second network. For example, the second network element may be MB-SMF#b. For example, the second network element may be NEF/MBSF#b. Alternatively, the second session creation request message here may also be other messages carrying third indication information. For example, the second network element may be a user plane network element (for example, MBSTF#b).

Optionally, method 400 further includes: the second network element obtains third indication information. Specifically, the second network element determines the third indication information based on other information (such as security activation indication or security configuration information). Alternatively, the second network element receives the third indication information from other network elements of the second network. For example, when the security activation indicates that security has been activated or security activation has been turned on, the second network element determines the third indication information according to the security activation indication to indicate not to reuse existing air interface resources. When the security activation indication indicates that security is not activated or security activation is not enabled, the second network element determines the third indication information according to the security activation indication to indicate reuse of existing air interface resources. For another example, when the security configuration information indicates security protection of data of the first broadcast service, the second network element determines the third indication information based on the security configuration information to indicate not to reuse existing air interface resources. When the security configuration information indicates that the data of the first broadcast service is not subject to security protection, the second network element determines the third indication information based on the security configuration information to instruct the reuse of existing air interface resources.

S404: In response to the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the third indication information.

Several possible implementation methods for S404 are given below.

When the third indication information is used to indicate not to reuse the existing air interface resources for the first broadcast service, the access network element determines not to reuse the first air interface resources according to the third indication information. .

As an example, the third indication information is used to indicate that the existing air interface resources are not to be reused for the first broadcast service. The third indication information indicates that the air interface is allocated to the first broadcast service according to the session identifier corresponding to the second session establishment request. resources, or the third indication information indicates not to allocate air interface resources to the first broadcast service according to the service identifier corresponding to the first broadcast service. The access network element checks whether there is an air interface resource corresponding to the session identifier corresponding to the second session establishment request; if there is no air interface resource corresponding to the session identifier corresponding to the second session establishment request, the access network element determines whether the air interface resource corresponding to the session identifier corresponding to the second session establishment request exists. A broadcast service does not reuse the first air interface resource.

Wherein, the access network element does not reuse the first air interface resource, which can also be understood as: the access network element creates the second air interface resource for the data of the first broadcast service received from the second network, and the first air interface resource is the same as the first air interface resource. The second air interface resources are different.

Optionally, the method 400 further includes: the access network element establishing a data transmission channel between the access network element and the user plane network element (for example, UPF#b) of the second network, and transmitting data from the first network element to the second network through the data transmission channel. The user plane network element of the second network receives the second data of the first broadcast service. Regarding the access network element receiving the second data of the first broadcast service from the user plane network element of the second network, please refer to the description of the second data in method 100.

Optionally, the method 400 further includes: the access network element receives the first data of the first broadcast service from the user plane network element of the first network, and the access network element transmits the data to the terminal device of the first network based on the first air interface resource. Send first data of the first broadcast service; and the access network element sends second data of the first broadcast service to the terminal device of the second network based on the first air interface resource. Regarding the access network element receiving the first data of the first broadcast service from the user plane network element of the first network, please refer to the description of the first data in method 100.

When the third indication information is used to instruct the existing air interface resources to be reused for the first broadcast service, the access network element determines to reuse the first air interface resources according to the third indication information.

As an example, the third indication information indicates that air interface resources are allocated to the first broadcast service according to the service identifier corresponding to the first broadcast service. The access network element determines the target based on the first air interface resource corresponding to the service identifier corresponding to the first broadcast service. The first air interface resource is multiplexed for the first broadcast service.

Optionally, the method 400 also includes: the access network element does not establish a data transmission channel between the access network element and the user plane network element of the second network (for example, UPF#b); or, the access network element It is determined to establish a data transmission channel between the access network element and the user plane network element of the second network, but discard the second data of the first broadcast service in the data transmission channel. For the second data here, please refer to the description of the second data in method 100.

Optionally, the method 400 further includes: the access network element sending the first data of the first broadcast service to the terminal device of the first network and the terminal device of the second network based on the first air interface resource. For the first data here, please refer to the description of the first data in method 100.

The above solution can save air interface resources.

Figure 9 shows a schematic diagram of a method 500 for broadcasting secure communications provided by this application. The method 500 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 9 . Method 500 provides a specific example for implementation method 1 in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

S501 refers to the description of S201-S207. The description includes: NEF#a/MBSF#a sends security activation indication #a to MB-SMF#a, and accordingly, MB-SMF#a receives security activation indication #a from NEF#a/MBSF#a.

S502, MB-SMF#a determines the optimization instruction #a according to the security activation instruction #a.

Optimization indication #a is used to indicate whether the RAN allocates resources for the first broadcast service according to the service identifier. Alternatively, the optimization indication #a is used to indicate whether the RAN reuses the existing resources corresponding to the service identifier. Alternatively, the optimization indication #a is used to indicate whether the RAN reuses existing resources allocated for the first broadcast service. For resources in method 500, please refer to the relevant description in method 200.

For example, when the security activation indication #a indicates that security is not activated, the optimization indication #a determined by the MB-SMF#a based on the security activation indication #a is used to instruct the RAN to allocate resources to the first broadcast service based on the service identifier. Alternatively, when the security activation indication #a indicates that security is not activated, the MB-SMF#a determines the optimization indication #a based on the security activation indication #a to instruct the RAN to reuse existing resources.

For another example, when the security activation indication #a indicates security activation, the optimization indication #a determined by the MB-SMF#a based on the security activation indication #a is used to instruct the RAN not to allocate resources for the first broadcast service based on the service identifier. Alternatively, when the security activation indication #a indicates security activation, the MB-SMF#a determines the optimization indication #a based on the security activation indication #a to instruct the RAN not to reuse existing resources. Optionally, instead of allocating resources to the first broadcast service based on the service identifier, it can be understood that resources are allocated to the first broadcast service based on the session identifier of MBS session #a (for example, called session identifier #a).

The optimization instruction #a in this application can have multiple instruction methods, which will be described uniformly here. For example, the value of optimization instruction #a can be correct (true) or wrong (false). Among them, true means instructing the RAN to allocate resources for the first broadcast service according to the service identifier, or instructing the RAN to reuse existing resources. false means instructing the RAN not to allocate resources for the first broadcast service based on the service identifier, or instructing the RAN not to reuse existing resources. Alternatively, the value of optimization indication #a may be 1 or 0. 1 indicates instructing the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources. 0 represents instructing the RAN not to allocate resources for the first broadcast service based on the service identifier, or instructing the RAN not to reuse existing resources.

S503. MB-SMF#a sends a broadcast context creation message to the RAN. Correspondingly, the RAN receives the broadcast context creation message from MB-SMF#a. The message carries MBS session ID#a. This message optionally carries the service identifier and optimization instruction #a.

S504: The RAN allocates (or determines) resources for the first broadcast service according to the optimization instruction #a, and determines the processing method of the transmission channel between the RAN and the UPF.

RAN stores the corresponding relationship between optimization indication #a and service identifier. Optionally, if the service identifier is not carried, the base station can determine the service identifier based on the local configuration and session identifier.

Alternatively, S504 may also be understood to mean that the RAN determines the context corresponding to the first broadcast service for the first broadcast service according to the optimization instruction.

For convenience of explanation, the following description takes the RAN allocating resources for the first broadcast service according to the optimization instruction #a as an example. However, the scope of protection of this application is not limited.

Example 3-1, (1) RAN determines not to reuse the resources allocated for the first broadcast service according to the optimization instruction #a, and the optimization instruction #a instructs the RAN not to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN Do not reuse existing resources. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier. According to (1) and (2), RAN creates resource #a corresponding to the first broadcast service and establishes a data transmission channel between RAN and UPF #a.

It should be noted that Example 3-1 does not limit the execution order of (1) and (2) above.

Alternatively, (1) in Example 3-1 may be replaced with: the RAN allocates resources to the first broadcast service according to the optimization instruction #a, and the optimization instruction #a instructs the RAN to allocate resources to the first broadcast service according to the session identifier #a. For example, the RAN checks according to the session identifier #a whether the resource corresponding to the session identifier #a has been created. If the resource corresponding to the session identifier #a is not found, it is determined that the RAN has not created the resource corresponding to the session identifier #a.

Example 3-2, (1) RAN determines that the optimization indication #a instructs RAN not to allocate resources for the first broadcast service according to the service identifier, or instructs RAN not to reuse existing resources. (2) The RAN determines to create the resource #a corresponding to the first broadcast service according to the optimization instruction #a, and establishes a data transmission channel between the RAN and the UPF #a. The RAN may discard the service identifier or skip the step of checking whether the resource corresponding to the first broadcast service has been created based on the service identifier.

Or, (1) in Example 3-2 is replaced with: the RAN determines that the optimization indication #a instructs the RAN to allocate resources to the first broadcast service according to the session identifier #a. The RAN checks according to the session identifier #a whether the resource corresponding to the session identifier #a has been created. If the resource corresponding to the session identifier #a is not found, it is determined that the RAN has not created the resource corresponding to the session identifier #a.

Example 3-3 takes as an example that the RAN does not create resources corresponding to the first broadcast service before communicating with the UE of PLMN#a. (1) The RAN determines that the optimization indication #a instructs the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier.

If the resource corresponding to the first broadcast service is not created, the RAN determines to create the resource #a corresponding to the first broadcast service according to the optimization instruction #a, and establishes a data transmission channel between the RAN and UPF #a.

It should be noted that Example 3-3 does not limit the execution order of (1) and (2) above.

S505 is used to respond to S503.

S506, please refer to the description of S211 for details.

S507, see the description of S212-S218. The description includes: NEF#b/MBSF#b sends security activation indication #b to MB-SMF#b, and accordingly, MB-SMF#b receives security activation indication #b from NEF#b/MBSF#b.

S508, MB-SMF#b determines the optimization instruction #b according to the security activation instruction #b.

For details, please refer to the description of S502. The difference is: replace MB-SMF#a in S502 with MB-SMF#b in S508, replace optimization instruction #a in S502 with optimization instruction #b in S508, replace S502 The security activation indication #a in S508 is replaced with the security activation indication #b in S508.

S509, MB-SMF#b sends a broadcast context creation message to the RBN. Correspondingly, the RBN receives the broadcast context creation message from MB-SMF#b. The message carries MBS session ID#b. This message optionally carries the service identifier and optimization instruction #b.

S510: The RAN allocates (or determines) resources for the first broadcast service according to the optimization instruction #b and/or the optimization instruction #a, and determines the processing method of the transmission channel between the RAN and the UPF #a.

Example 4-1 corresponds to any one of Example 3-1 to Example 3-3. (1) The RAN determines that the optimization indication #b instructs the RAN not to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN not to reuse existing resources. (2) RAN determines to create resource #b according to optimization instruction #b, and establishes a data transmission channel between RAN and UPF #b. The RAN may discard the service identifier or skip the step of checking whether the resource corresponding to the first broadcast service has been created based on the service identifier.

Or, replace (1) in Example 4-1 with: the RAN determines that the optimization indication #b instructs the RAN to allocate resources to the first broadcast service according to the session identifier #b.

Example 4-2 corresponds to any one of Examples 3-1 to 3-3. (1) The RAN determines that the optimization indication #b instructs the RAN not to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN not to reuse existing resources. (2) The RAN checks whether the resource corresponding to the first broadcast service has been created according to the service identifier.

The RAN determines not to reuse resource #a according to optimization instruction #a and optimization instruction #b, that is, not to use the same resource to send the data of the first broadcast service. RAN determines to create resource #b according to optimization instruction #b, and establishes a data transmission channel between RAN and UPF #b. Alternatively, it can also be understood that the base station creates resources corresponding to MBS session ID#a and MBS session ID#b respectively, so that it can use different resources to send the same broadcast service data.

It should be noted that Example 4-2 does not limit the execution order of (1) and (2) above.

Or, replace (1) in Example 4-2 with: the RAN determines that the optimization indication #b instructs the RAN to allocate resources to the first broadcast service according to the session identifier #b.

Example 4-3 corresponds to Example 3-1 or Example 3-2. The optimization instruction #a instructs the RAN not to allocate resources for the first broadcast service based on the service identifier, or instructs the RAN not to reuse existing resources, or instructs the RAN to allocate resources for the first broadcast service based on the session identifier #a. The optimization instruction #b instructs the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources.

The RAN determines not to reuse the resource #a according to the security activation indication #a and the security activation indication #b, that is, not to use the same resource to send the data of the first broadcast service. The RAN determines to create the resource #b according to the security activation instruction #b, and establishes a data transmission channel between the RAN and the UPF #b. Alternatively, it can also be understood that the base station creates resources corresponding to MBS session ID#a and MBS session ID#b respectively, so that it can use different resources to send the same broadcast service data.

In addition, the above Examples 4-1 to 4-3 can also be understood that at least one of the optimization instruction #a and the optimization instruction #b is used to indicate at least one of the following: not allocating resources for the first broadcast service according to the service identifier, Or, without reusing existing resources, or by allocating resources to the first broadcast service according to the session identifier #b, the RAN will create resource #a and resource #b respectively. And sending the data of the first broadcast service to the UE of PLMN#a and the UE of PLMN#b through resource #a and resource #b respectively.

S511 is used in response to S09.

S512, AF sends the media stream (that is, the data of the above-mentioned first broadcast service) to RAN through the network element in PLMN#b (for example, UPF#b). Correspondingly, RAN receives the media from AF through the network element in PLMN#b. flow.

Subsequently, the RAN sends the data of the first broadcast service to the UE of PLMN #b based on resource #b.

It should be noted that method 500 does not limit the order of S506 and S512. The method 500 does not limit the execution order of S506 in the method 500, nor does it limit the execution order of S512 in the method 500. In other words, there is no limit on when the RAN obtains the data of the first broadcast service. For example, S506 can be before or after determining whether to create resource #a, but the RAN needs to send the first broadcast service data based on resource #a after establishing resource #a. . For example, S512 may be before or after determining whether to create resource #b, but the RAN needs to send the first broadcast service data based on resource #b after establishing resource #b.

In the above S501 to S512, the broadcast context creation message in S503 carries the security activation indication #a, and the broadcast context creation message in S509 carries the security activation indication #b is used as an example for explanation. The following is a detailed introduction to the implementation in which the broadcast context creation message in S503 does not carry the security activation indication #a, and the broadcast context creation message in S509 does not carry the security activation indication #b.

In one implementation, the broadcast context creation message in S503 does not carry the security activation indication #a. In S504, the RAN may determine that the security activation indication #a indicates security activation according to the broadcast context creation message. The broadcast context creation message in S509 does not carry security activation indication #b. In S510, the RAN may determine that the security activation indication #b indicates security activation according to the broadcast context creation message.

The above solution can further improve system security performance.

In another implementation manner, the broadcast context creation message in S503 does not carry the security activation indication #a. In S504, the RAN may determine according to the broadcast context creation message that the security activation indication #a indicates security inactivation. The broadcast context creation message in S509 does not carry security activation indication #b. In S510, the RAN may determine according to the broadcast context creation message that the security activation indication #b indicates security inactivation.

The above solution can reduce signaling overhead and network consumption.

Figure 10 shows a schematic diagram of a method 600 for broadcasting secure communications provided by this application. The method 600 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 10 . Method 600 provides a specific example for the second implementation method in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For S601-S603, please refer to the description of S501-S503.

For S604, please refer to the description in S209 except Example 3-1 and Example 3-2. The RAN determines that the optimization instruction #a instructs the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources.

For S605-S608, please refer to the description of S505 and S507-S509.

S609: The RAN allocates (or determines) resources for the first broadcast service according to the security activation indication #b and the security activation indication #a, and determines the processing method of the transmission channel between the RAN and the UPF.

For example, the optimization instruction #a instructs the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources. The optimization instruction #b instructs the RAN to allocate resources for the first broadcast service according to the service identifier, or instructs the RAN to reuse existing resources. The RAN determines not to create resource #b or to multiplex resource #a according to optimization instruction #a and optimization instruction #b. Furthermore, the RAN determines not to establish a data transmission channel between the RAN and UPF#b according to optimization instruction #a and optimization instruction #b; or, determines to establish a data transmission channel between the RAN and UPF#b, but discards the data transmission channel. Data for the first broadcast service in .

S610 responds to S608.

S611, AF sends the media stream (that is, the data of the above-mentioned first broadcast service) to RAN through the network element in PLMN#a (for example, UPF#a). Correspondingly, RAN receives the media from AF through the network element in PLMN#a. flow.

It can be understood that both the optimization instruction #a and the optimization instruction #b instruct the RAN to allocate resources for the first broadcast service according to the service identifier, or instruct the RAN to reuse existing resources, and the RAN will only create one for the first broadcast service. resource (resource #a is taken as an example in method 600), and sends the data of the first broadcast service to the UE of PLMN#a and the UE of PLMN#b through resource #a (the data obtained by RAN from AF through PLMN#a in S611 First broadcast service data).

Optionally, the method 600 also includes: Step 1, the AF sends the media stream (that is, the data of the above-mentioned first broadcast service) to the RAN through the network element in PLMN#b (for example, UPF#b). Correspondingly, the RAN sends the media stream through the PLMN#b. The network element in b receives the media stream from AF.

The RAN discards the data of the first broadcast service received from the network element in PLMN #b according to the optimization instruction #a and the optimization instruction #b.

It should be noted that method 600 does not limit the order of S611 and step 1. Method 600 does not limit the execution order of S611 in method 600, nor does it limit the execution order of step 1 in method 600. In other words, there is no limit on when the RAN obtains the data of the first broadcast service. For example, S611 can be before or after determining whether to create resource #a, but the RAN needs to send the first broadcast service data based on resource #a after establishing resource #a. . For example step 1 can be before or after determining whether to create resource #b.

In the above S601 to S611, the broadcast context creation message in S603 carries the optimization instruction #a, and the broadcast context creation message in S608 carries the optimization instruction #b is used as an example for explanation. The following is a detailed introduction to the implementation in which the broadcast context creation message in S603 does not carry the optimization indication #a, and the broadcast context creation message in S608 does not carry the optimization indication #b.

In one implementation, the broadcast context creation message in S603 does not carry the optimization indication #a. In S604, the RAN may determine the optimization indication #a according to the broadcast context creation message to instruct the RAN to allocate resources for the first broadcast service according to the service identifier, or instruct the RAN to reuse existing resources. The broadcast context creation message in S608 does not carry optimization indication #b. In S609, the RAN may determine the optimization indication #b according to the broadcast context creation message to instruct the RAN to allocate resources for the first broadcast service according to the service identifier, or instruct the RAN to reuse existing resources.

The above solution can reduce signaling overhead and network consumption.

Figure 11 shows a schematic diagram of a method 700 for broadcasting secure communications provided by this application. The method 700 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 11 . Method 700 provides a specific example for implementation method 1 in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For method 700, please refer to the description of method 500. The difference between method 700 and method 500 is: (1) In method 700, NEF#a/MBSF#a determines the optimization instruction #a according to the security activation status #a, and sends the optimization instruction #a to MB-SMF#a. In 500, the optimization instruction #a is determined by MB-SMF#a based on the security activation status #a. (2) In method 700, MB-SMF#a does not need to obtain security activation status #a, but in method 500, MB-SMF#a needs to obtain security activation status #a. (3) In method 700, NEF#b/MBSF#b determines the optimization instruction #b according to the security activation status #b, and sends the optimization instruction #b to MB-SMF#b. In method 500, MB-SMF#b determines the optimization instruction #b according to the security activation status #b. Security activation status #b determines optimization instructions #b. (4) In method 700, MB-SMF#b does not need to obtain security activation status #b, but in method 500, MB-SMF#b needs to obtain security activation status #b.

The beneficial effects of method 700 can be found in the beneficial effects of method 500.

Figure 12 shows a schematic diagram of a method 800 for broadcasting secure communications provided by this application. The method 800 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 12 . Method 800 provides a specific example for the second implementation method in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For method 800, please refer to the description of method 600. The difference between method 800 and method 600 is: (1) In method 800, NEF#a/MBSF#a determines the optimization instruction #a based on the security activation status #a, and sends the optimization instruction #a to MB-SMF#a. In method 600, MB-SMF#a determines the optimization based on the security activation status #a. Instructions #a. (2) In method 800, MB-SMF#a does not need to obtain security activation status #a, but in method 600, MB-SMF#a needs to obtain security activation status #a. (3) In method 800, NEF#b/MBSF#b determines the optimization instruction #b according to the security activation status #b, and sends the optimization instruction #b to MB-SMF#b. In method 600, MB-SMF#b determines the optimization instruction #b according to the security activation status #b. Security activation status #b determines optimization instructions #b. (4) In method 800, MB-SMF#b does not need to obtain security activation status #b, but in method 600, MB-SMF#b needs to obtain security activation status #b.

The beneficial effects of method 800 can be found in the beneficial effects of method 600.

Figure 13 shows a schematic diagram of a method 900 for broadcasting secure communications provided by this application. The method 900 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 13 . Method 900 provides a specific example for implementation method 1 in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For method 900, please refer to the description of method 700. The difference between method 900 and method 700 is: (1) In method 900, MBSTF#a determines the optimization instruction #a according to the security activation status #a, and sends the optimization instruction #a to NEF#a/MBSF#a. In method 700, Optimization instruction #a is determined by NEF#a/MBSF#a based on security activation status #a. (2) In method 900, NEF#a/MBSF#a does not need to obtain security activation status #a, but in method 700, NEF#a/MBSF#a needs to obtain security activation status #a. (3) In method 900, MBSTF#b determines the optimization instruction #b according to the security activation status #b, and sends the optimization instruction #b to NEF#b/MBSF#b. In method 700, NEF#b/MBSF#b determines the optimization instruction #b according to the security activation status #b. Security activation status #b determines optimization instructions #b. (4) In method 900, NEF#b/MBSF#b does not need to obtain security activation status #b. In method 700, NEF#b/MBSF#b needs to obtain security activation status #b.

The beneficial effects of method 900 can be found in the beneficial effects of method 500.

Figure 14 shows a schematic diagram of a method 1000 for broadcasting secure communications provided by this application. The method 1000 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 14 . Method 1000 provides a specific example for the second implementation method in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For method 1000, please refer to the description of method 800. The difference between method 1000 and method 800 is: (1) In method 1000, MBSTF#a determines the optimization instruction #a according to the security activation status #a, and sends the optimization instruction #a to NEF#a/MBSF#a. In method 800, Optimization instruction #a is determined by NEF#a/MBSF#a based on security activation status #a. (2) In method 1000, NEF#a/MBSF#a does not need to obtain security activation status #a. In method 800, NEF#a/MBSF#a needs to obtain security activation status #a. (3) In method 1000, MBSTF#b determines the optimization instruction #b according to the security activation status #b, and sends the optimization instruction #b to NEF#b/MBSF#b. In method 800, NEF#b/MBSF#b determines the optimization instruction #b according to the security activation status #b. Security activation status #b determines optimization instructions #b. (4) In method 1000, NEF#b/MBSF#b does not need to obtain security activation status #b. In method 800, NEF#b/MBSF#b needs to obtain security activation status #b.

The beneficial effects of method 1000 can be found in the beneficial effects of method 600.

Figure 15 shows a schematic diagram of a method 1100 for broadcasting secure communications provided by this application. The method 1100 for broadcasting secure communication provided by this application will be introduced in detail below with reference to Figure 15 . Method 1100 provides a specific example for implementation method 1 in method 400. Among them, the access network element takes RAN as an example, the first network takes PLMN#a as an example, the second network takes PLMN#b as an example, the first instruction information takes security activation instruction #a as an example, and the second instruction information takes Security activation indication #b is taken as an example, the first air interface resource is taken as resource #a, and the second air interface resource is taken as resource #b.

For method 1100, please refer to the description of method 1000. The difference between method 1100 and method 1000 is: (1) In method 1100, AF determines optimization instruction #a and sends optimization instruction #a to NEF#a/MBSF#a. In method 1000, MBSTF#a activates the status according to the security #aIdentify optimization instructions #a. (2) In method 1100, the AF determines the optimization instruction #b and sends the optimization instruction #b to NEF#b/MBSF#b. In the method 1000, the MBSTF#b determines the optimization instruction #b according to the security activation status #b.

It should be understood that in the method 1100, the optimization instruction #a and the optimization instruction #b both instruct the RAN to allocate resources for the first broadcast service according to the service identifier, or instruct the RAN to reuse existing resources, are taken as an example for explanation.

The beneficial effects of method 1100 can be found in the beneficial effects of method 500.

Figures 16 and 17 are schematic structural diagrams of possible communication devices provided by embodiments of the present application. These communication devices can be used to implement the functions of the access network element or the second network element in the above method embodiments, and therefore can also achieve the beneficial effects of the above method embodiments. In the embodiment of the present application, the communication device may be an access network element or a second network element, or may be a module (such as a chip) applied to the access network element or the second network element.

As shown in FIG. 16 , the communication device 1200 includes a processing unit 1210 and a transceiver unit 1220 . The communication device 1200 is used to implement the functions of the access network element or the second network element in the method embodiments shown in Figures 5 to 15.

When the communication device 1200 is used to implement the functions of the second network element in the method embodiment shown in Figure 3: the transceiver unit 1220 is used to receive second indication information, and the second indication information is used to indicate that the first Whether the security protection is enabled for the data of the broadcast service, or the processing unit 1210 is used to determine the second indication information, the second indication information is used to indicate whether the security protection is enabled for the data of the first broadcast service; the transceiver unit 1220, Used to send a second session establishment request for the first broadcast service to the access network element, where the second session establishment request includes the second indication information.

When the communication device 1200 is used to implement the functions of the access network element in the method embodiment shown in Figure 3: the transceiver unit 1220 is used to receive the third broadcast service from the first network element in the first network. A session establishment request, the first session establishment request includes first indication information, the first indication information is used to indicate whether security protection is enabled for the data of the first broadcast service; in response to the first session establishment request, the processing unit 1210, configured to allocate first air interface resources to the first broadcast service; the transceiver unit 1220, further configured to receive a second session establishment request for the first broadcast service from the second network element in the second network. The second session establishment request includes second indication information, the second indication information is used to indicate whether security protection is enabled for the data of the first broadcast service; in response to the second session establishment request, the processing unit 1210 is also configured to: The first indication information and/or the second indication information determine whether to multiplex the first air interface resource.

When the communication device 1200 is used to implement the function of the second network element in the method embodiment shown in Figure 8: the transceiver unit 1220 is used to receive third indication information, the third indication information is used to indicate that the first broadcast service Whether to reuse existing air interface resources, or, the processing unit 1210 is used to determine third indication information, the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service; the transceiver unit 1220, Used to send a second session establishment request for the first broadcast service to the access network element, where the second session establishment request includes the third indication information.

When the communication device 1200 is used to implement the functions of the access network element in the method embodiment shown in Figure 8: the transceiver unit 1220 is used to receive the first broadcast service from the first network element in the first network. Session establishment request; in response to the first session establishment request, the processing unit 1210 is configured to allocate the first air interface resource to the first broadcast service; the transceiving unit 1220 is also configured to receive a message from the second network element in the second network A second session establishment request for the first broadcast service, the second session establishment request includes third indication information, the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service; response In response to the second session establishment request, the processing unit 1210 is further configured to determine whether to reuse the first air interface resource according to the third indication information.

For a more detailed description of the processing unit 1210 and the transceiver unit 1220, please refer to the relevant descriptions in the method embodiments shown in FIGS. 5 to 15 .

As shown in FIG. 17, the communication device 1300 includes a processor 1310 and an interface circuit 1320. The processor 1310 and the interface circuit 1320 are coupled to each other. It can be understood that the interface circuit 1320 may be a transceiver or an input-output interface. Optionally, the communication device 1300 may also include a memory 1330 for storing instructions executed by the processor 1310 or input data required for the processor 1310 to run the instructions or data generated after the processor 1310 executes the instructions.

When the communication device 1300 is used to implement the method shown in Figure 17, the processor 1310 is used to implement the functions of the above-mentioned processing unit 1210, and the interface circuit 1320 is used to implement the functions of the above-mentioned transceiver unit 1220.

When the above communication device is a chip applied to the second network element, the second network element chip implements the functions of the second network element in the above method embodiment. The second network element chip receives information from other modules (such as radio frequency modules or antennas) in the second network element, and the information is sent by the access network element or to the second network element; or, the second network element The chip sends information to other modules (such as radio frequency modules or antennas) in the second network element, and the information is sent by the second network element to the access network element.

When the above communication device is a chip applied to an access network element, the terminal chip implements the functions of the access network element in the above method embodiment. The chip of the access network element receives information from other modules (such as radio frequency modules or antennas) in the access network element, and the information is sent by the second network element to the access network element; or, the access network The chip of the network element sends information to other modules (such as radio frequency modules or antennas) in the base station, and the information is sent by the access network element to the second network element.

It can be understood that the processor in the embodiments of the present application may be a central processing unit (CPU), or other general-purpose processor, a digital signal processor (Digital Signal Processor, DSP), or an application-specific integrated circuit. (Application Specific Integrated Circuit, ASIC), Field Programmable Gate Array (FPGA) or Other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. A general-purpose processor can be a microprocessor or any conventional processor.

The method steps in the embodiments of the present application can be implemented in hardware or in software instructions that can be executed by a processor. Software instructions can be composed of corresponding software modules, and the software modules can be stored in random access memory, flash memory, read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only memory In memory, register, hard disk, mobile hard disk, CD-ROM or any other form of storage medium well known in the art. An exemplary storage medium is coupled to the processor such that the processor can read information from the storage medium and write information to the storage medium. The storage medium may also be an integral part of the processor. The processor and storage media may be located in an ASIC. Additionally, the ASIC can be located in the base station or terminal. The processor and storage medium may also exist as discrete components in the base station or terminal.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are executed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a network device, a user equipment, or other programmable device. The computer program or instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer program or instructions may be transmitted from a website, computer, A server or data center transmits via wired or wireless means to another website site, computer, server, or data center. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center that integrates one or more available media. The available media may be magnetic media, such as floppy disks, hard disks, and tapes; optical media, such as digital video optical disks; or semiconductor media, such as solid-state hard drives. The computer-readable storage medium may be volatile or nonvolatile storage media, or may include both volatile and nonvolatile types of storage media.

In this application, "at least one" refers to one or more, and "plurality" refers to two or more. "And/or" describes the relationship between associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A exists alone, A and B exist simultaneously, and B exists alone, where A, B can be singular or plural. In the text description of this application, the character "/" generally indicates that the related objects before and after are an "or" relationship; in the formula of this application, the character "/" indicates that the related objects before and after are a kind of "division" Relationship. "Including at least one of A, B and C" may mean: including A; including B; including C; including A and B; including A and C; including B and C; including A, B and C.

It can be understood that the various numerical numbers involved in the embodiments of the present application are only for convenience of description and are not used to limit the scope of the embodiments of the present application. The size of the serial numbers of the above processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic.

Claims

A method of broadcasting secure communications, characterized by including:

The access network element receives a first session establishment request for the first broadcast service from the first network element in the first network, where the first session establishment request includes first indication information, and the first indication information is Instructing whether to enable security protection for the first data of the first broadcast service;

In response to the first session establishment request, the access network element allocates a first air interface resource to the first broadcast service;

The access network element receives a second session establishment request for the first broadcast service from a second network element in the second network, the second session establishment request includes second indication information, and the second session establishment request The second indication information is used to indicate whether security protection is enabled for the second data of the first broadcast service;

In response to the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information.
The method according to claim 1, characterized in that:

When the first indication information indicates that security protection is not enabled for the first data and the second indication information indicates that security protection is not enabled for the second data,

The access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information, including:

The access network element determines to multiplex the first air interface resource according to the first indication information and the second indication information.
The method of claim 2, further comprising:

The access network element sends the first data to the terminal device of the first network and the terminal device of the second network based on the first air interface resource; or,

The access network element sends the second data to the terminal device of the first network and the terminal device of the second network based on the first air interface resource.
The method according to claim 1, characterized in that:

When the first indication information indicates that security protection has been turned on for the first data, and/or the second indication information indicates that security protection has been turned on for the second data,

The access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information, including:

The access network element determines not to reuse the first air interface resource according to the first indication information and/or the second indication information.
The method of claim 4, further comprising:

The access network element sends the first data to the terminal device of the first network based on the first air interface resource;

The access network element allocates a second air interface resource to the second data, and the first air interface resource is different from the second air interface resource;

The access network element sends the second data to the terminal device of the second network based on the second air interface resource.
The method according to claim 5, characterized in that:

The first data is securely protected by the first network;

The second data is securely protected by the second network.
The method according to any one of claims 1 to 6, characterized in that the method further includes:

The access network element stores the first indication information.
A method of broadcasting secure communications, characterized by including:

The first network element in the first network sends a first session establishment request for the first broadcast service to the access network element, the first session establishment request includes first indication information, and the first indication information is used to Indicate whether security protection is enabled for the first data of the first broadcast service;

The access network element receives the first session establishment request for the first broadcast service from the first network element in the first network;

In response to the first session establishment request, the access network element allocates a first air interface resource to the first broadcast service;

The second network element in the second network sends a second session establishment request for the first broadcast service to the access network element;

The access network element receives the second session establishment request for the first broadcast service from the second network element in the second network, and the second session establishment request includes a second Indication information, the second indication information is used to indicate whether security protection is enabled for the second data of the first broadcast service;

In response to the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the first indication information and/or the second indication information.
The method according to claim 8, characterized in that:

When the first indication information indicates that security protection has been enabled for the first data, and/or when the second indication information indicates that security protection has been enabled for the second data, the access network element Determining whether to multiplex the first air interface resource according to the first indication information and/or the second indication information includes: the access network element according to the first indication information and/or the second indication information. The indication information determines not to reuse the first air interface resource.
The method of claim 9, further comprising:

The access network element sends the first data to the terminal device of the first network based on the first air interface resource; the terminal device of the first network receives the first data based on the first air interface resource. data; the access network element allocates second air interface resources for the data of the first broadcast service, and the first air interface resource is different from the second air interface resource; the access network element is based on the third The second air interface resource sends the second data to the terminal device of the second network; the terminal device of the second network receives the second data based on the second air interface resource.
The method according to claim 10, characterized in that:

The first data is securely protected by the first network;

The second data is securely protected by the second network.
A method of broadcasting secure communications, characterized by including:

The access network element receives a first session establishment request for the first broadcast service from the first network element in the first network;

In response to the first session establishment request, the access network element allocates a first air interface resource to the first broadcast service;

The access network element receives a second session establishment request for the first broadcast service from a second network element in the second network, the second session establishment request includes third indication information, and the third Three indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service;

In response to the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the third indication information.
The method according to claim 12, characterized in that the third indication information is used to indicate that existing air interface resources are reused for the first broadcast service,

The access network element determines whether to reuse the first air interface resource according to the third indication information, including:

The access network element determines to multiplex the first air interface resource according to the third indication information.
The method according to claim 13, characterized in that:

The access network element sends the first data of the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource; or,

The access network element sends the second data of the first broadcast service to the terminal equipment of the first network and the terminal equipment of the second network based on the first air interface resource,

Wherein, the first data comes from the first network, and the second data comes from the second network.
The method according to claim 13 or 14, characterized in that,

The third indication information instructs to allocate air interface resources to the first broadcast service according to the service identifier corresponding to the first broadcast service.
The method according to claim 15, characterized in that the access network element determines to multiplex the first air interface resource according to the third indication information, including:

The access network element determines to multiplex the first air interface resource for the first broadcast service based on the existing first air interface resource corresponding to the first broadcast service.
The method according to claim 12, characterized in that:

The third indication information is used to indicate that existing air interface resources are not to be reused for the first broadcast service,

The access network element determines whether to reuse the first air interface resource according to the third indication information, including: The access network element determines not to reuse the first air interface resource according to the third indication information.
The method of claim 17, further comprising:

The access network element sends the first data of the first broadcast service to the terminal device of the first network based on the first air interface resource;

The access network element allocates a second air interface resource to the second data of the first broadcast service, and the first air interface resource is different from the second air interface resource;

The access network element sends the second data to the terminal device of the second network based on the second air interface resource,

Wherein, the first data comes from the first network, and the second data comes from the second network.
The method according to claim 18, characterized in that:

The first data of the first broadcast service is securely protected by the first network;

The second data of the first broadcast service is securely protected by the second network.
The method according to claim 18 or 19, characterized in that the third indication information is used to indicate that existing air interface resources are not to be reused for the first broadcast service,

The third indication information indicates that air interface resources are allocated to the first broadcast service according to the session identifier corresponding to the second session establishment request.
The method according to claim 20, characterized in that the access network element determines not to reuse the first air interface resource according to the third indication information, including:

The access network element checks whether there is an air interface resource corresponding to the session identifier according to the third indication information;

If there is no air interface resource corresponding to the session identifier, the access network element determines not to reuse the first air interface resource for the first broadcast service.
A method of broadcasting secure communications, characterized by including:

The second network element of the second network obtains third indication information, where the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service;

The second network element sends a second session establishment request for the first broadcast service to the access network element, where the second session establishment request includes the third indication information.
The method according to claim 22, characterized in that the second network element of the second network obtains third indication information, including:

The second network element determines the third indication information.
The method according to claim 23, characterized in that the second network element determines the third indication information, including:

The second network element determines the third indication information according to the second indication information, and the second indication information is used to indicate whether security protection is enabled for the data of the first broadcast service.
The method according to claim 24, characterized in that:

When the second indication information is used to indicate that security protection is enabled for the data of the first broadcast service, the third indication information is used to indicate not to reuse existing air interface resources for the first broadcast service. ;or,

When the second indication information is used to indicate that security protection is not enabled for the data of the first broadcast service, the third indication information is used to indicate that existing air interface resources are reused for the first broadcast service. .
The method according to claim 22, characterized in that the second network element of the second network obtains third indication information, including:

The second network element receives the third indication information from a fourth network element of the second network.
A method of broadcasting secure communications, characterized by including:

The first network element in the first network sends a first session establishment request for the first broadcast service to the access network element; the access network element receives the first session establishment request from the first network element. the first session establishment request for the first broadcast service; in response to the first session establishment request, the access network element allocates first air interface resources for the first broadcast service; the second network The second network element obtains the third indication information, and the second network element sends a second session establishment request for the first broadcast service to the access network element, and the second session establishment request includes the The third indication information; the access network element receives the second session establishment request for the first broadcast service from the second network element in the second network, and the second session The establishment request includes third indication information, the third indication information is used to indicate whether to reuse existing air interface resources for the first broadcast service; in response to the In the second session establishment request, the access network element determines whether to reuse the first air interface resource according to the third indication information.
The method according to claim 27, characterized in that the third indication information is used to indicate that the access network element shall not reuse existing air interface resources for the first broadcast service according to the The third indication information determines whether to reuse the first air interface resource, including: the access network element determines not to reuse the first air interface resource according to the third indication information.
The method of claim 28, further comprising:

The access network element sends the first data of the first broadcast service to the terminal device of the first network based on the first air interface resource; the terminal device of the first network sends the first data of the first broadcast service based on the first air interface resource. Receive the first data; the access network element allocates a second air interface resource for the second data of the first broadcast service, and the first air interface resource is different from the second air interface resource; the access network element The network element sends the second data to the terminal device of the second network based on the second air interface resource; the terminal device of the second network receives the second data based on the second air interface resource, wherein, The first data comes from the first network, and the second data comes from the second network.
The method according to claim 29, characterized in that:

The first data of the first broadcast service is securely protected by the first network;

The second data of the first broadcast service is securely protected by the second network.
The method according to claim 29 or 30, characterized in that the third indication information is used to indicate that existing air interface resources are not to be reused for the first broadcast service,

The third indication information indicates that air interface resources are allocated to the first broadcast service according to the session identifier corresponding to the second session establishment request.
The method according to claim 31, characterized in that the access network element determines not to reuse the first air interface resource according to the third indication information, including:

The access network element checks whether there is an air interface resource corresponding to the session identifier corresponding to the second session establishment request according to the third indication information;

If there is no air interface resource corresponding to the session identifier corresponding to the second session establishment request, the access network element determines not to reuse the first air interface resource for the first broadcast service.
A computer-readable storage medium, characterized in that computer instructions are stored in the computer-readable storage medium. When the computer instructions are run on a computer, the computer is caused to execute any one of claims 1 to 7. The method according to the item, or perform the method according to any one of claims 12 to 21, or perform the method according to any one of claims 22 to 26.
A chip is characterized by including:

Memory, used to store computer programs;

A processor configured to read and execute the computer program stored in the memory, and when the computer program is executed, the processor executes the method according to any one of claims 1 to 7, or , perform the method according to any one of claims 12 to 21, or perform the method according to any one of claims 22 to 26.
A computer program product, characterized in that the computer program product includes computer program code, which when the computer program code is run on a computer, causes the computer to perform the method according to any one of claims 1 to 7, Alternatively, the method as described in any one of claims 12 to 21 is performed, or the method as described in any one of claims 22 to 26 is performed.
A communication device, characterized in that the device includes: a module for performing the method as described in any one of claims 1 to 7, or a module for performing the method as described in any one of claims 12 to 21 means for a method, or means for performing a method as claimed in any one of claims 22 to 26.
A communication device, characterized by including:

Processor, configured to execute a computer program stored in the memory, so that the device performs the method as claimed in any one of claims 1 to 7, or to cause the device to perform the method as claimed in any one of claims 12 to 21 The method described in claim 22, or the device is configured to perform the method described in any one of claims 22 to 26.
A communication system, characterized in that it includes: an access network element, a first network element in a first network, and a second network element in a second network, wherein:

The access network element is configured to perform the method according to any one of claims 1 to 7;

The first network element is configured to send a first session establishment request for a first broadcast service to the access network element;

The second network element sends a second session establishment request for the first broadcast service to the access network element.
A communication system, characterized in that it includes: an access network element, a first network element in a first network, and a second network element in a second network, wherein:

The access network element is configured to perform the method according to any one of claims 12 to 21;

The second network element is configured to perform the method according to any one of claims 22 to 26;

The first network element is configured to send a first session establishment request for a first broadcast service to the access network element.