CN110839266B - Information processing method, user side equipment and network side equipment - Google Patents

Information processing method, user side equipment and network side equipment Download PDF

Info

Publication number
CN110839266B
CN110839266B CN201810941718.9A CN201810941718A CN110839266B CN 110839266 B CN110839266 B CN 110839266B CN 201810941718 A CN201810941718 A CN 201810941718A CN 110839266 B CN110839266 B CN 110839266B
Authority
CN
China
Prior art keywords
data packet
indication information
encryption
side device
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810941718.9A
Other languages
Chinese (zh)
Other versions
CN110839266A (en
Inventor
吴昱民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to CN201810941718.9A priority Critical patent/CN110839266B/en
Publication of CN110839266A publication Critical patent/CN110839266A/en
Application granted granted Critical
Publication of CN110839266B publication Critical patent/CN110839266B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0027Control or signalling for completing the hand-off for data sessions of end-to-end connection for a plurality of data sessions of end-to-end connections, e.g. multi-call or multi-bearer end-to-end data connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application discloses an information processing method, user side equipment and network side equipment, wherein the method comprises the following steps: acquiring indication information, wherein the indication information is used for indicating at least one of an identifier of a specified data packet and packet header information, and the specified data packet is a data packet for performing security configuration conversion. By using the embodiment of the application, the security configuration conversion can be instructed from the specified data packet through the identifier and/or the header information of the data packet, so that the user side equipment or the network side equipment can encrypt or decrypt the corresponding data packet in a corresponding encryption mode and a corresponding decryption mode in time, the phenomenon that the data (or the data packet) is lost due to the fact that the PDCP entity, the RLC entity, the MAC entity and the like need to be reset or rebuilt when the service node is converted (or changed) is avoided, and the security in the data transmission process is ensured.

Description

Information processing method, user side equipment and network side equipment
Technical Field
The present application relates to the field of communications technologies, and in particular, to an information processing method, a user side device, and a network side device.
Background
In the wireless network communication system of 5G and subsequent evolution, since it is necessary to meet the interrupt delay of 0 ms in the mobility processing procedure, it is necessary that the ue is connected to the source node and the target node during the movement process, so as to perform data transmission and reception. And if data connection needs to be maintained at the source node and the target node at the same time, the transmission of data can be realized by adopting a DC (Dual Connectivity) architecture.
Based on the DC architecture, when the user side equipment changes to the node providing service, the network side equipment changes the configuration information related to the security used by the user side equipment, so as to change the encryption mode and the decryption mode of the data (or data packets) needing to be sent or received. The process of encrypting or decrypting the data or the data packet can be realized in the PDCP layer, and the PDCP entity can only keep one security configuration or one security configuration information valid at the same time, so that when the security configuration conversion (or the security configuration change) is performed, the PDCP entity needs to perform a re-establishment operation in order to avoid the failure of the decryption process on the data (or the data packet).
However, in the mobility management (such as handover or SCG handover) mode with the DC structure, when the serving node of the ue is switched (or changed) from the source node to the target node, since different ciphering and deciphering modes are used, the PDCP entity, the RLC entity, the MAC entity, and the like need to be reset or rebuilt according to the above processing procedure, which may result in data (or data packets) loss.
Disclosure of Invention
An object of the embodiments of the present application is to provide an information processing method, a user equipment and a network side device, so as to avoid the problem that when a serving node of the user equipment is converted (or changed) from a source node to a target node, a PDCP entity, an RLC entity, an MAC entity and the like need to be reset or re-established due to different encryption and decryption methods, which may cause data (or data packets) loss and the like.
In order to solve the above technical problem, the embodiment of the present application is implemented as follows:
in a first aspect, a method for processing information is provided, including:
acquiring indication information, wherein the indication information is used for indicating at least one of an identifier of a specified data packet and packet header information, and the specified data packet is a data packet for performing security configuration conversion.
In a second aspect, a user equipment is provided, including:
the information acquisition module is used for acquiring indication information, wherein the indication information is used for indicating at least one of identification and header information of a specified data packet, and the specified data packet is a data packet for performing security configuration conversion.
In a third aspect, a network-side device is provided, including:
the information acquisition module is used for acquiring indication information, wherein the indication information is used for indicating at least one of identification and header information of a specified data packet, and the specified data packet is a data packet for performing security configuration conversion.
In a fourth aspect, a user equipment is provided, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect as described above.
In a fifth aspect, a network-side device is provided, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect as described above.
In a sixth aspect, a computer-readable storage medium is proposed, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the method according to the first aspect as described above.
As can be seen from the above technical solutions provided in the embodiments of the present application, by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user-side device or a network-side device can encrypt or decrypt the corresponding data packet by using a corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is a diagram illustrating an embodiment of a method for processing information according to the present application;
FIG. 2 is a schematic view of a load type under a DC framework according to the present application;
FIG. 3 is a diagram of another embodiment of a method for processing information according to the present application;
FIG. 4 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 5 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 6 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 7 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 8 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 9 is a diagram illustrating another embodiment of a method for processing information according to the present application;
FIG. 10 is a flowchart of another embodiment of a method for processing information according to the present application
Fig. 11 is a user equipment embodiment according to the present application;
fig. 12 is a diagram illustrating a network device according to an embodiment of the present application;
fig. 13 is another embodiment of a ue according to the present application;
fig. 14 is another embodiment of a network device according to the present application.
Detailed Description
The embodiment of the application provides an information processing method, user side equipment and network side equipment.
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical scheme of the application can be applied to various communication systems, such as: GSM (Global System of Mobile communication), CDMA (Code Division Multiple Access) System, WCDMA (Wideband Code Division Multiple Access), GPRS (General Packet Radio Service), LTE (Long Term Evolution), and the like.
User Equipment (UE), also referred to as a Mobile Terminal (Mobile Terminal), an access Terminal, a subscriber unit, a subscriber station, a Mobile station, a remote Terminal, a Mobile device, a User Terminal, a wireless communication device, a User agent, or a User Equipment. The access terminal may be a cellular phone, a cordless phone, a SIP (Session Initiation Protocol) phone, a WLL (Wireless Local Loop) station, a PDA (Personal Digital Assistant), a handheld device with Wireless communication capability, a computing device or other processing device connected to a Wireless modem, a vehicle mounted device, a wearable device, a terminal device in a future 5G Network, or a terminal device in a future evolved PLMN (Public Land Mobile Network) Network.
The Network-side device may be a device for communicating with a Mobile device, and the Network-side device may be a Base Transceiver Station (BTS) in GSM (Global System for Mobile communications) or CDMA (Code Division Multiple Access), an NB (NodeB, Base Station) in WCDMA (Wideband Code Division Multiple Access), an eNB or eNodeB (evolved Node B ) or Access point in LTE (Long Term Evolution), or a vehicle-mounted device, a wearable device, a Network-side device in a future 5G Network, or a Network-side device in a future evolved PLMN (Public Land Mobile Network) Network.
The system adapted by the present application may be a system in which FDD (Frequency Division Duplex), TDD (Time Division Duplex) or FDD and TDD Duplex modes are aggregated, and the present application does not limit this.
Example one
As shown in fig. 1, the present embodiment provides an information processing method, which can be applied to transmission and reception of data packets, and encryption or decryption processing of data packets after transmission and reception of data packets. The execution main body of the method can be user side equipment, wherein the user side equipment can be terminal equipment, the terminal equipment can be mobile terminal equipment such as a mobile phone, a tablet computer or wearable equipment, and the terminal equipment can also be terminal equipment such as a personal computer. The method may specifically comprise the steps of:
in S102, indication information is obtained, where the indication information is used to indicate at least one of an identifier of a specific data packet and header information, and the specific data packet is a data packet for security configuration conversion.
The indication information may be information pre-stored in the user side device, the indication information may be from the network side device, or may be pre-agreed by a predetermined communication protocol, and the indication information may be used to indicate at least one of an identifier of a specific packet (a packet for performing security configuration conversion) and header information. The identifier of the designated data packet may be a number, a name, and the like of the designated data packet, and both the identifier of the designated data packet and the header information may be used to indicate that the user-side device or the network-side device needs to perform security configuration conversion currently, so that the currently received data packet and the data packet received after the data packet need to perform encryption processing or decryption processing in a new encryption and decryption manner. For example, the identifier and the header information of the designated data packet may be obtained from a network side device or via a predetermined communication protocol, or the identifier of the designated data packet is obtained from a network side device and the header information is obtained from a predetermined communication protocol, or the identifier of the designated data packet is obtained from a network side device and the header information is obtained via a predetermined communication protocol, or the identifier of the designated data packet is obtained via a predetermined communication protocol, and the header information is obtained from a network side device, which may be specifically set according to an actual situation, which is not limited in this embodiment of the present application.
In the implementation, in the wireless network communication system of 5G and subsequent evolution, since the interruption delay of the mobility processing procedure of 0 ms needs to be satisfied, it is necessary that the user side device is connected to the source node and the target node simultaneously during the moving process, so as to perform data transmission and reception. Whereas, if it is required to maintain data connection between the source node and the target node, the data transmission can be realized by adopting a DC (Dual connectivity) architecture.
In the wireless network communication system of 5G and subsequent evolution, a DC architecture may be adopted, and the DC architecture may include two Cell groups, namely, an MCG (Master Cell Group) and an SCG (Secondary Cell Group), where the MCG corresponds to an MN (Master Node) on the network side and the SCG corresponds to an SN (Secondary Node) on the network side. In addition, the DC architecture also supports a PDCP (Packet Data Convergence Protocol) replication function, so that different Bearer types (i.e., Bearer types) can be generated, as shown in fig. 2, which may include:
MCG Bearer (i.e. MCG Bearer): the MCG bearer may correspond to a PDCP entity, an RLC (Radio Link Control) entity, an MAC (Medium Access Control) entity, and an MCG entity.
SCG Bearer (i.e. SCG Bearer): the SCG bearer may correspond to a PDCP entity, an RLC entity, a MAC entity, and an MCG entity.
Split Bearer (i.e. Split Bearer): the PDCP entity corresponding to the Split Bearer is in 1 cell group, the corresponding 2 RLC entity(s) and 2 MAC entity(s) are in different cell groups.
Copy Bearer (i.e. Duplicate Bearer): the 1 PDCP entity, 2 (or more) RLC entities and 1 MAC entity corresponding to the Duplicate Bearer are in the same cell group.
Based on the above DC architecture, when the ue changes to the node providing service, the network device changes the configuration information related to security used by the ue, so that when the ue connects to the source node, the ue can encrypt or decrypt the interactive data (or data packet) using the security configuration information of the source node, and when the ue connects to the destination node (which may be any node), the ue can encrypt or decrypt the interactive data (or data packet) using the security configuration information of the destination node.
Wherein the security-related configuration information may include any one or more of: an encryption algorithm (e.g., a CipheringAlgorithm algorithm, etc.), generation configuration information of an encryption key (e.g., nextHopChainingCount, configuration information for generating an encryption key), an integrity protection algorithm (e.g., an integritypprotalgorithm algorithm, etc.), generation configuration information of an integrity protection key (e.g., nextHopChainingCount, configuration information for generating an integrity protection key), etc.
At present, the above-mentioned encrypting or decrypting the data can be implemented in the PDCP layer of the ue, and the PDCP entity can only keep one security configuration or one piece of security configuration information valid at the same time, so that when performing security configuration conversion (or security configuration change), in order to avoid failure of decryption processing on the data (or data packet), the PDCP entity needs to perform reconstruction operation, that is, after decrypting the received data (or data packet) by using the security configuration information of the source node, the PDCP entity obtains the security configuration information of the target node again, and decrypts the received subsequent data (or data packet) by using the security configuration information of the target node.
However, in the mobility management (such as handover or SCG conversion) scheme adopting the DC structure, when the serving node of the ue is converted (or changed) from the source node to the target node, since a different security key is used, the PDCP, RLC, MAC, and the like of the ue need to be reset or re-established according to the above processing procedure, which may result in loss of data (or data packets). Therefore, the embodiment of the present application provides a processing method capable of solving the above problem, which may specifically include the following steps:
the method can indicate that security configuration conversion is required to be performed at a certain moment, after a certain specified data packet is received or sent, or after a certain number of data packets are received or sent, that is, a new encryption and decryption method is required to be used for encryption or decryption processing on a data packet received or sent after a certain data packet is received or sent and the data packet is received or sent, specifically, the network side device can generate the indication information by means of preset configuration information or a predetermined communication protocol, etc., the PDCP sending end of the network side device can obtain the data packet to be sent and can encrypt the data packet by using the current encryption and decryption method, the encrypted data packet can be sent to the user side device, the PDCP receiving end of the user side device can receive the encrypted data packet and can decrypt the encrypted data packet by using the encryption and decryption method corresponding to the encryption and decryption method used by the network side device, the data packet is obtained. When security configuration conversion is required, the user side device may generate indication information in a manner of configuration information of the network side device or a predetermined communication protocol, and the indication information may be embodied by the identifier of the sent specified data packet or packet header information. Then, after the network side device and the user side device obtain the indication information, the network side device and the user side device may perform encryption processing or decryption processing on a data packet to be transmitted or received later by using a new encryption/decryption method, specifically, after the network side device obtains the indication information, the indication information may be transmitted to the user side device, or the user side device may also obtain the indication information by using configuration information of the network side device or a predetermined communication protocol, and then, if the PDCP sending end of the network side device obtains the data packet to be transmitted again, the data packet may be encrypted by using the encryption/decryption method corresponding to the indication information, the encrypted data packet may be transmitted to the user side device, and the PDCP receiving end of the user side device may receive the encrypted data packet and may decrypt the encrypted data packet by using the encryption/decryption method corresponding to the indication information, the data packet is obtained.
Correspondingly, when the indication information is not obtained, the PDCP sending end of the user side device may obtain a data packet to be sent, encrypt the data packet using a current encryption and decryption method, and send the encrypted data packet to the network side device, and the PDCP receiving end of the network side device may receive the encrypted data packet and decrypt the encrypted data packet using an encryption and decryption method corresponding to the encryption and decryption method used by the user side device, so as to obtain the data packet. When security configuration conversion is required, the user side device may generate the indication information in a manner of configuration information of the network side device or a predetermined communication protocol, and the network side device may obtain the indication information in a manner of preset configuration information or a predetermined communication protocol, and the indication information may be embodied by the identifier of the sent specified data packet or the header information. After the user side device obtains the indication information, the indication information may be sent to the network side device, or the user side device may also obtain the indication information in a manner of configuration information of the network side device or a predetermined communication protocol, and then, if the PDCP sending end of the user side device obtains the data packet to be sent again, the PDCP sending end of the user side device may encrypt the data packet in an encryption and decryption manner corresponding to the indication information, and may send the encrypted data packet to the network side device, and the PDCP receiving end of the network side device may receive the encrypted data packet and may decrypt the encrypted data packet in the encryption and decryption manner corresponding to the indication information, so as to obtain the data packet.
As shown in fig. 3, an embodiment of the present application provides an information processing method, and an execution subject of the method may be a network-side device. The method can be applied to the transmission and reception of data packets, and the encryption or decryption processing of the data packets after the data packets are transmitted and received, wherein the network side device may be a wireless device that performs information transfer with a user side device in a certain radio coverage area, the network side device may include one device, such as a base station, and the network side device may further include a plurality of devices, such as a network side device that may include a key control node MME and/or a serving gateway device, in addition to the base station. The method may specifically comprise the steps of:
in S302, indication information is obtained, where the indication information is used to indicate at least one of an identifier of a specific data packet and header information, and the specific data packet is a data packet for security configuration conversion.
The specific processing procedure of step S302 can refer to the related content in step S102, and will not be described here.
Based on the processing in step S102, the processing procedure of the network side device is similar to that of the user side device, the network side device may send the data packet encrypted based on the current encryption and decryption manner to the user side device through the PDCP sending end, the network side device may receive the decrypted data packet based on the current encryption and decryption manner through the PDCP receiving end, after the indication information is obtained, and when the data packet is received again, the network side device may decrypt the data packet based on the encryption and decryption manner corresponding to the indication information through the PDCP receiving end, and the network side device may send the data packet encrypted based on the encryption and decryption manner corresponding to the indication information to the user side device through the PDCP sending end, which may specifically refer to the relevant content in step S102.
It should be noted that after the network side device obtains the indication information, the network side device may send the indication information to the user side device, and the user side device may perform security configuration conversion according to the indication information, so as to perform encryption processing or decryption processing on a subsequently received or sent data packet by using a new encryption and decryption manner.
The embodiment of the present application provides an information processing method, in which indication information is obtained, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user-side device or a network-side device can encrypt or decrypt the corresponding data packet by using a corresponding encryption manner and a corresponding decryption manner in time, and a phenomenon that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed) to cause data (or data packet) loss is avoided, the safety in the data transmission process is ensured.
Example two
As shown in fig. 4, the embodiment of the present application provides an information processing method, which can be applied to transmission and reception of data packets, and encryption or decryption processing of data packets after transmission and reception of data packets. The execution main body of the method can be user side equipment, wherein the user side equipment can be terminal equipment, the terminal equipment can be mobile terminal equipment such as a mobile phone, a tablet computer or wearable equipment, and the terminal equipment can also be terminal equipment such as a personal computer. In this embodiment, an example is given in which the indication information indicates an identifier of a specific packet, and the specific packet is a packet for performing security configuration conversion. The method may specifically comprise the steps of:
in S402, before the instruction information is acquired, the received or transmitted packet is encrypted or decrypted using the second encryption/decryption scheme.
The second encryption and decryption mode may be based on any encryption and decryption mode, and the second encryption and decryption mode may be an encryption and decryption mode used before security configuration conversion is performed. The identification of the designated data packet may include at least one of: an identifier of an uplink data packet, and an identifier of a downlink data packet.
In implementation, before the ue does not acquire the indication information, the ue may set security configuration information, where the security configuration information may be used to indicate an encryption or decryption manner used when transmitting or receiving a data packet. In this case, when a sending end (e.g., a PDCP sending end) of the user equipment needs to send a certain data packet (e.g., send a certain data packet to the network side equipment), the data packet may be encrypted by using the second encryption/decryption method, and after the encryption is completed, the encrypted data packet may be sent. Accordingly, when a receiving end (e.g., a PDCP receiving end) of the user equipment receives a certain data packet (e.g., a certain data packet sent by the network equipment), the data packet may be decrypted by using the second encryption/decryption method to obtain the data packet.
In S404, the instruction information is acquired.
The indication information may be based on a predetermined protocol convention, or may be determined based on configuration information of the network side device, and the like. In the case that the indication information is based on a predetermined protocol convention, the indication information may be set in the last received data packet when the number of received data packets reaches a protocol convention value, or the indication information may be set in the last transmitted data packet when the number of transmitted data packets reaches the protocol convention value, where the protocol convention value may be 10 or 20, and taking the protocol convention value as 10 as an example, when the number of received or transmitted data packets reaches 10, the user-side device obtains an identifier of the data packet in the 10 th received or transmitted data packet, so as to obtain the indication information, and based on the above, the user-side device may perform encryption or decryption processing on the data packet in a second encryption/decryption manner that is used when receiving or transmitting the 1 st to 9 th data packets. In practical applications, in addition to the indication information may be constituted by the identifier of the last received or transmitted data packet, the indication information may be constituted by the identifier of the next received or transmitted data packet of the last received or transmitted data packet, and based on the above example, the identifier of the 11 th received or transmitted data packet may be acquired. The indication information may include a PDCP number value (e.g., a PDCP COUNT value), which may be used to indicate an identifier of a specific data packet, that is, the PDCP number value may be used as an identifier, where it should be noted that the number value of a data packet may be a sequential number of the data packet after the data packet is sequentially formed according to a time sequence of receiving or transmitting corresponding data, for example, the earlier the data packet is received or transmitted, the greater the number value of the data packet is, the later the data packet is received or transmitted, for example, a piece of data may be transmitted by 10 data packets, the data in the 1 st data packet should be the data that needs to be transmitted or received earliest in the piece of data, the data in the 2 nd data packet should be the data … that needs to be transmitted or received earliest in the piece of data, the data in the 10 th packet should be the latest data to be transmitted or received in the piece of data, and the like.
For the specific processing procedure of the above S404, reference may be made to relevant contents in the above first embodiment, which is not described herein again.
It should be noted that the indication information may be provided in a data packet that needs to be transmitted or received, so that when the data packet is transmitted or received, the data packet may be encrypted or decrypted by using the first encryption/decryption manner corresponding to the indication information. After the instruction information is acquired, the processing of S406 described below needs to be performed on the received or transmitted packet, or the instruction information and the like may be added to each packet that needs to be transmitted or received.
In S406, a target packet is acquired.
The target data packet may be any data packet, and the target data packet may be acquired when the instruction information is acquired, or may be acquired after the instruction information is acquired. The obtained target data packet may be a data packet received by the PDCP receiving end of the user equipment, or a data packet that needs to be sent by the PDCP sending end of the user equipment.
In S408, the target packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the instruction information.
The first encryption and decryption mode is different from the second encryption and decryption mode, the second encryption and decryption mode may be an encryption and decryption mode used before the security configuration conversion is performed, and the first encryption and decryption mode may be an encryption and decryption mode used during the security configuration conversion or after the security configuration conversion is performed.
In an implementation, if the target packet is a packet received by the receiving end, the receiving end of the user side device (e.g., the PDCP receiving end of the user side device) may decrypt the target packet using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the user side device (e.g., the PDCP sending end of the user side device) may encrypt the target data packet by using the first encryption/decryption method.
In S410, the second encryption/decryption method used before the instruction information is acquired is deleted.
In implementation, since the user-side device has performed security configuration conversion through the above indication information, that is, the encryption/decryption mode of the data packet is already converted from the second encryption/decryption mode to the first encryption/decryption mode, and the PDCP entity of the user side device can only maintain one piece of security configuration information at the same time (after the user side device obtains the indication information, the security configuration information is converted from the security configuration information corresponding to the second encryption/decryption mode to the security configuration information corresponding to the first encryption/decryption mode), at this time, the user side device may delete the security configuration information corresponding to the second encryption/decryption manner or the second encryption/decryption manner without using the security configuration information corresponding to the second encryption/decryption manner or the second encryption/decryption manner, in this way, only one set of encryption and decryption modes or security configuration information corresponding to the encryption and decryption modes is reserved in the user side equipment.
In practical applications, after the processing in S408, the user-side device may further reserve the second encryption/decryption manner or the security configuration information corresponding to the second encryption/decryption manner, so that the user-side device may reserve a plurality of sets of encryption/decryption manners or the security configuration information corresponding to each set of encryption/decryption manner.
In practical application, the user side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In implementation, after the network side device determines that the user side device has acquired the indication information, the network side device may send the indication information for deleting the second encryption/decryption manner to the user side device, and after the user side device receives the indication information for deleting the second encryption/decryption manner, the user side device may delete the second encryption/decryption manner or the security configuration information corresponding to the second encryption/decryption manner.
In the second mode, the mobility processing procedure is completed.
The mobility handling procedure may be a random access procedure such as handover or SCG change.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
In implementation, the network side device may be provided with configuration information for deleting the second encryption/decryption scheme. After the network side device determines that the user side device has acquired the indication information, the network side device may send the configuration information for deleting the second encryption/decryption manner to the user side device, and after the user side device receives the configuration information for deleting the second encryption/decryption manner, the user side device may delete the second encryption/decryption manner or the security configuration information corresponding to the second encryption/decryption manner.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
In implementation, after obtaining the information, the user-side device may send instruction information for deleting the second encryption/decryption manner to the network-side device, and the user-side device may delete the second encryption/decryption manner or security configuration information corresponding to the second encryption/decryption manner.
And in the fifth mode, the user side equipment sends a re-access request.
Specifically, in the fifth mode, for example, after the user side device establishes a connection with the target node, a new random access procedure is initiated to the target node.
The processing of S410 may be executed after S408, may be executed when the instruction information is acquired, or may be executed at any time after the instruction information is acquired, and the processing manner is only one implementation manner, which is not limited in the embodiment of the present application.
The embodiment of the present application provides an information processing method, which is applied to a user side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that the user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
EXAMPLE III
As shown in fig. 5, the embodiment of the present application provides an information processing method, which can be applied to transmission and reception of data packets, and encryption or decryption processing of data packets after transmission and reception of data packets. The execution main body of the method can be user side equipment, wherein the user side equipment can be terminal equipment, the terminal equipment can be mobile terminal equipment such as a mobile phone, a tablet computer or wearable equipment, and the terminal equipment can also be terminal equipment such as a personal computer. In this embodiment, description is given taking an example in which the indication information is used to indicate header information of a specific packet, and the specific packet is a packet subjected to security configuration conversion. The method may specifically comprise the steps of:
in S502, before the instruction information is acquired, the received or transmitted packet is encrypted or decrypted using the second encryption/decryption scheme.
In implementation, before the user-side device does not obtain the indication information, when a sending end (e.g., a PDCP sending end) of the user-side device needs to send a certain data packet (e.g., send the certain data packet to the network-side device), the data packet may be encrypted by using the second encryption/decryption method, and after the encryption is completed, the encrypted data packet may be sent. Accordingly, when a receiving end (e.g., a PDCP receiving end) of the user equipment receives a certain data packet (e.g., a certain data packet sent by the network equipment), the data packet may be decrypted by using the second encryption/decryption method to obtain the data packet.
In S504, indication information is obtained, where the indication information is used to indicate header information of a specific data packet, and the specific data packet is a data packet for security configuration conversion.
The indication information may be header information of a specified data packet, the header information may include a predetermined identification bit value, and whether security configuration conversion is required or not may be represented by different predetermined identification bit values, for example, if the predetermined identification bit value is 1, it may be indicated that security configuration conversion is performed, that is, a first encryption/decryption manner corresponding to the indication information is used to encrypt or decrypt a data packet that needs to be transmitted and received, or security configuration information corresponding to the first encryption/decryption manner is enabled, and if the predetermined identification bit value is 0, it may be indicated that a second encryption/decryption manner is used to encrypt or decrypt a data packet that needs to be transmitted and received, or security configuration information corresponding to the second encryption/decryption manner is still used. The indication information may be determined based on a predetermined protocol convention, or based on configuration information of the network side device. For the case that the indication information is based on the predetermined protocol convention, the indication information may be set in the last received or sent data packet when the number of received data packets reaches the protocol convention value, or the indication information may be set in the last sent data packet when the number of sent data packets reaches the protocol convention value, which may specifically refer to the relevant contents in the above-mentioned embodiment two and will not be described herein again.
It should be noted that the indication information may be provided in a data packet that needs to be transmitted or received, so that when the data packet is transmitted or received, the data packet may be encrypted or decrypted by using the first encryption/decryption manner corresponding to the indication information. After the instruction information is acquired, the following processing of S506 needs to be performed on the received or transmitted packet.
In S506, the target packet is acquired.
In S508, the destination packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the instruction information.
In an implementation, the destination data packet may be a data packet received by a receiving end, and the receiving end of the user side device (e.g., the PDCP receiving end of the user side device) may decrypt the destination data packet using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the user side device (e.g., the PDCP sending end of the user side device) may encrypt the target data packet by using the first encryption/decryption method.
In S510, the second encryption/decryption method used before the instruction information is acquired is deleted.
In practical applications, only one set of encryption and decryption manners or security configuration information corresponding to the encryption and decryption manners may be reserved in the ue, and at this time, the ue may continue to perform S510 after completing the processing of S508. In addition, the ue may further retain multiple sets of encryption/decryption manners or security configuration information corresponding to each set of encryption/decryption manners, and at this time, after the ue performs the processing in S508, the ue may trigger the processing in S510 to be performed through one or more triggering manners.
The user side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, which is applied to a user side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that the user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
Example four
As shown in fig. 6, the embodiment of the present application provides an information processing method, which can be applied to transmission and reception of data packets, and encryption or decryption processing of data packets after transmission and reception of data packets. The execution main body of the method can be user side equipment, wherein the user side equipment can be terminal equipment, the terminal equipment can be mobile terminal equipment such as a mobile phone, a tablet computer or wearable equipment, and the terminal equipment can also be terminal equipment such as a personal computer. In this embodiment, a case where the indication information is sent to the user side device by the network side device is taken as an example, and the specified data packet is a data packet for performing security configuration conversion. The method may specifically comprise the steps of:
in S602, before the instruction information is acquired, the second encryption/decryption method is used to encrypt or decrypt the received or transmitted data packet, where the instruction information is used to instruct at least one of an identifier of a designated data packet and header information, and the designated data packet is a data packet subjected to security configuration conversion.
In S604, the indication information sent by the network side device is received.
The indication information may be based on a predetermined protocol convention, or may be determined based on configuration information of the network side device, and the like. In the case that the indication information is based on the predetermined protocol agreement, the indication information may be set in the last received data packet when the number of received data packets reaches the protocol agreement value, or the indication information may be set in the last transmitted data packet when the number of transmitted data packets reaches the protocol agreement value. The identification of the designated data packet may include at least one of: an identifier of an uplink data packet, and an identifier of a downlink data packet. The indication information may include a PDCP number value, which may be used to indicate the identity of the specified packet. The indication information may be header information of the specific data packet, and the header information includes a predetermined identification bit value. The indication information is used to indicate different situations of the identifier of the specified data packet or the header information, which may be referred to related contents in the second embodiment and the third embodiment, and is not described herein again.
In S606, the target packet is acquired.
In S608, the target packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the instruction information.
In an implementation, if the target packet is a packet received by the receiving end, the receiving end of the user side device (e.g., the PDCP receiving end of the user side device) may decrypt the target packet using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the user side device (e.g., the PDCP sending end of the user side device) may encrypt the target data packet by using the first encryption/decryption method.
In S610, the second encryption/decryption method used before the instruction information is acquired is deleted.
In practical applications, only one set of encryption and decryption manners or security configuration information corresponding to the encryption and decryption manners may be reserved in the ue, and at this time, the ue may continue to perform S610 after completing the processing of S608. In addition, the ue may further retain multiple sets of encryption/decryption manners or security configuration information corresponding to each set of encryption/decryption manners, and at this time, after the ue performs the processing in S608, the ue may trigger the processing in S610 to be performed through one or more triggering manners.
The user side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, which is applied to a user side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that the user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
EXAMPLE five
As shown in fig. 7, an embodiment of the present application provides an information processing method, and an execution subject of the method may be a network-side device. The method can be applied to the transmission and reception of data packets, and the encryption or decryption processing of the data packets after the data packets are transmitted and received, wherein the network side device may be a wireless device that performs information transfer with a user side device in a certain radio coverage area, the network side device may include one device, such as a base station, and the network side device may further include a plurality of devices, such as a network side device that may include a key control node MME and/or a serving gateway device, in addition to the base station. In this embodiment, an example is given in which the indication information indicates an identifier of a specific packet, and the specific packet is a packet for performing security configuration conversion. The method may specifically comprise the steps of:
in S702, before the instruction information is acquired, the received or transmitted packet is encrypted or decrypted using the second encryption/decryption scheme.
In this embodiment, an example is given in which the indication information is used to indicate an identifier of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion. The identification of the designated data packet may include at least one of: an identifier of an uplink data packet, and an identifier of a downlink data packet.
In implementation, before the network side device does not acquire the indication information, security configuration information may be set in the network side device, and the security configuration information may be used to indicate an encryption or decryption method used when transmitting or receiving a data packet. In this case, when a sending end (e.g., a PDCP sending end) of the network side device needs to send a certain data packet (e.g., send the certain data packet to the user side device), the second encryption/decryption method may be used to encrypt the data packet, and after the encryption is completed, the encrypted data packet may be sent. Accordingly, when a receiving end (e.g., a PDCP receiving end) of the network side device receives a certain data packet (e.g., a certain data packet sent by the user side device), the receiving end may decrypt the data packet by using the second encryption/decryption method to obtain the data packet.
In S704, the instruction information is acquired.
The indication information may be based on a predetermined protocol convention, or may be determined based on configuration information of the network side device, and the like. In the case that the indication information is based on the predetermined protocol agreement, the indication information may be set in the last received data packet when the number of received data packets reaches the protocol agreement value, or the indication information may be set in the last transmitted data packet when the number of transmitted data packets reaches the protocol agreement value. The indication information may include a PDCP number value (e.g., a PDCP COUNT value), which may be used to indicate an identifier of the specified packet, that is, the PDCP number value may be used as an identifier.
For the specific processing procedure of the above S704, reference may be made to relevant contents in the above first embodiment, which is not described herein again.
It should be noted that the indication information may be provided in a data packet that needs to be transmitted or received, so that when the data packet is transmitted or received, the data packet may be encrypted or decrypted by using the first encryption/decryption manner corresponding to the indication information. After the instruction information is acquired, the following processing of S706 needs to be performed on the received or transmitted packet.
In S706, the target packet is acquired.
The target data packet may be any data packet, and the target data packet may be acquired when the instruction information is acquired, or may be acquired after the instruction information is acquired. The obtained target data packet may be a data packet received by a PDCP receiving end of the network side device, or a data packet that needs to be sent by a PDCP sending end of the network side device.
In S708, the target packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the indication information.
In an implementation, if the target packet is a packet received by the receiving end, the receiving end of the network side device (e.g., the PDCP receiving end of the network side device) may decrypt the target packet using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the network side device (e.g., the PDCP sending end of the network side device) may encrypt the target data packet by using the first encryption/decryption method.
In S710, the second encryption/decryption method used before the instruction information is acquired is deleted.
In practical applications, only one set of encryption and decryption manners or security configuration information corresponding to the encryption and decryption manners may be reserved in the network side device, and at this time, the network side device may continue to execute the above S710 after the process of the above S708 is completed. In addition, the network side device may further retain multiple sets of encryption and decryption manners or security configuration information corresponding to each set of encryption and decryption manners, and at this time, the network side device may trigger the execution of the processing of S710 through some kind or multiple kinds of triggering manners after the execution of the processing of S708 is completed.
The network side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, which is applied to a network side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
EXAMPLE six
As shown in fig. 8, an embodiment of the present application provides an information processing method, and an execution subject of the method may be a network-side device. The method can be applied to the transmission and reception of data packets, and the encryption or decryption processing of the data packets after the data packets are transmitted and received, wherein the network side device may be a wireless device that performs information transfer with a user side device in a certain radio coverage area, the network side device may include one device, such as a base station, and the network side device may further include a plurality of devices, such as a network side device that may include a key control node MME and/or a serving gateway device, in addition to the base station. In this embodiment, description is given taking an example in which the indication information is used to indicate header information of a specific packet, and the specific packet is a packet subjected to security configuration conversion. The method may specifically comprise the steps of:
in S802, before the instruction information is acquired, the received or transmitted packet is encrypted or decrypted using the second encryption/decryption scheme.
In implementation, before the network side device does not obtain the indication information, when a sending end (e.g., a PDCP sending end) of the network side device needs to send a certain data packet (e.g., send the certain data packet to the user side device), the second encryption/decryption method may be used to encrypt the data packet, and after the encryption is completed, the encrypted data packet may be sent. Accordingly, when a receiving end (e.g., a PDCP receiving end) of the network side device receives a certain data packet (e.g., a certain data packet sent by the user side device), the receiving end may decrypt the data packet by using the second encryption/decryption method to obtain the data packet.
In S804, the indication information is obtained, where the indication information is used to indicate the header information of the designated data packet, and the designated data packet is a data packet for performing security configuration conversion.
The indication information may be header information of a specific data packet, the header information may include a predetermined identification bit value, and whether security configuration conversion is required may be represented by different predetermined identification bit values. The indication information may be determined based on a predetermined agreement, or may be determined based on predetermined configuration information, etc.
It should be noted that the indication information may be provided in a data packet that needs to be transmitted or received, so that when the data packet is transmitted or received, the data packet may be encrypted or decrypted by using the first encryption/decryption manner corresponding to the indication information. After the instruction information is acquired, the following processing of S806 needs to be performed on the received or transmitted packet.
In S806, the target packet is acquired.
In S808, the target packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the indication information.
In an implementation, the target packet may be a packet received by a receiving end, and the receiving end of the network side device (e.g., a PDCP receiving end of the network side device) may decrypt the target packet by using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the network side device (e.g., the PDCP sending end of the network side device) may encrypt the target data packet by using the first encryption/decryption method.
In S810, the second encryption/decryption method used before the instruction information is acquired is deleted.
In practical applications, only one set of encryption and decryption manners or security configuration information corresponding to the encryption and decryption manners may be reserved in the network side device, and at this time, the network side device may continue to execute the step S810 after the process of the step S808 is completed. In addition, the network side device may further reserve a plurality of sets of encryption and decryption manners or security configuration information corresponding to each set of encryption and decryption manner, and at this time, the network side device may trigger the execution of the processing of S810 through some kind or a plurality of kinds of triggering manners after the execution of the processing of S808.
The network side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, which is applied to a network side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
EXAMPLE seven
As shown in fig. 9, an embodiment of the present application provides an information processing method, and an execution subject of the method may be a network-side device. The method can be applied to the transmission and reception of data packets, and the encryption or decryption processing of the data packets after the data packets are transmitted and received, wherein the network side device may be a wireless device that performs information transfer with a user side device in a certain radio coverage area, the network side device may include one device, such as a base station, and the network side device may further include a plurality of devices, such as a network side device that may include a key control node MME and/or a serving gateway device, in addition to the base station. In this embodiment, a case where the indication information is sent to the network side device by the user side device is taken as an example, and the specified data packet is a data packet for performing security configuration conversion. The method may specifically comprise the steps of:
in S902, before the indication information is acquired, a second encryption/decryption method is used to encrypt or decrypt the received or transmitted data packet, where the indication information is used to indicate at least one of an identifier of a specific data packet and header information, and the specific data packet is a data packet subjected to security configuration conversion.
In S904, the indication information transmitted by the user side device is received.
The indication information may be determined based on a predetermined agreement or predetermined configuration information. In the case that the indication information is based on the predetermined protocol agreement, the indication information may be set in the last received data packet when the number of received data packets reaches the protocol agreement value, or the indication information may be set in the last transmitted data packet when the number of transmitted data packets reaches the protocol agreement value. The identification of the designated data packet may include at least one of: an identifier of an uplink data packet, and an identifier of a downlink data packet. The indication information may include a PDCP number value, which may be used to indicate the identity of the specified packet. The indication information may be header information of the specific data packet, and the header information includes a predetermined identification bit value. The indication information is used to indicate different situations of the identifier of the specified data packet or the packet header information, which may be referred to related contents in the fifth embodiment and the sixth embodiment, respectively, and is not described herein again.
In S906, the target packet is acquired.
In S908, the destination packet is encrypted or decrypted based on the first encryption/decryption scheme corresponding to the instruction information.
In an implementation, if the target packet is a packet received by the receiving end, the receiving end of the network side device (e.g., the PDCP receiving end of the network side device) may decrypt the target packet using the first encryption/decryption method. If the target data packet is a data packet of the sending end, the sending end of the network side device (e.g., the PDCP sending end of the network side device) may encrypt the target data packet by using the first encryption/decryption method.
In S910, the second encryption/decryption method used before the instruction information is acquired is deleted.
In practical applications, only one set of encryption and decryption methods or security configuration information corresponding to the encryption and decryption methods may be reserved in the network side device, and at this time, the network side device may continue to execute the above S910 after the completion of the processing of the above S908. In addition, the network side device may further retain multiple sets of encryption and decryption manners or security configuration information corresponding to each set of encryption and decryption manners, and at this time, the network side device may trigger the execution of the processing of S910 through some kind or multiple kinds of triggering manners after the execution of the processing of S908 is completed.
The network side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, which is applied to a network side device, and by obtaining indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and it is avoided that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed), and the phenomenon of data (or data packet) loss is caused, and the safety in the data transmission process is ensured.
Example eight
As shown in fig. 10, an embodiment of the present application provides an information processing method, which may be applied to processing of signaling transmission failure. The method can be realized by user side equipment and network side equipment together, wherein the user side equipment can be terminal equipment, the terminal equipment can be mobile terminal equipment such as a mobile phone, a tablet computer or wearable equipment, and the terminal equipment can also be terminal equipment such as a personal computer. The network side device may be a wireless device that performs information transfer with a user side device in a certain radio coverage area, and the network side device may include one device, for example, a base station, and the network side device may further include multiple devices, for example, the network side device may include a key control node MME and/or a serving gateway device, and the like, in addition to the base station. The method may specifically comprise the steps of:
in S1002, before the user-side device and/or the network-side device acquires the indication information, the indication information is used to indicate at least one of an identifier of a specific data packet and header information, and the specific data packet is a data packet for security configuration conversion, and the received or transmitted data packet is encrypted or decrypted by using a second encryption/decryption method.
In S1004, the user-side device and the network-side device acquire instruction information.
The indication information may be determined based on a predetermined agreement or predetermined configuration information. In the case that the indication information is based on the predetermined protocol agreement, the indication information may be set in the last received data packet when the number of received data packets reaches the protocol agreement value, or the indication information may be set in the last transmitted data packet when the number of transmitted data packets reaches the protocol agreement value. The identification of the designated data packet may include at least one of: an identifier of an uplink data packet, and an identifier of a downlink data packet. The indication information may include a PDCP number value, which may be used to indicate the identity of the specified packet. The indication information may be header information of the specific data packet, and the header information includes a predetermined identification bit value. The indication information is used to indicate different situations of the identifier of the specified data packet or the packet header information, which may be referred to related contents in the fifth embodiment and the sixth embodiment, respectively, and is not described herein again.
In implementation, the obtaining of the indication information may be that the user side device and/or the network side device obtain based on a predetermined protocol, or obtain based on configuration information of the network side device, or that any one of the user side device and the network side device obtains the indication information and then sends the indication information to another device.
It should be noted that the indication information may be provided in a data packet that needs to be transmitted or received, so that when the data packet is transmitted or received, the data packet may be encrypted or decrypted by using the first encryption/decryption manner corresponding to the indication information. After the instruction information is acquired, the following processes of S1006 to S1012 or S1014 to S1020 need to be executed for the received or transmitted packet.
In S1006, the network side device acquires the target packet.
In implementation, the target packet acquired by the network side device may be a packet sent by the user side device to the network side device, and the user side device may be the same as or different from the user side device that receives the encrypted target packet, described below.
In S1008, the transmitting end of the network-side device encrypts the target packet based on the first encryption/decryption scheme corresponding to the indication information.
The sending end of the network side device may be a PDCP sending end of the network side device.
In S1010, the transmitting end of the network side device transmits the encrypted target data packet to the receiving end of the user side device.
Wherein, the receiving end of the user side device may be a PDCP receiving end of the user side device, etc.
In S1012, the ue decrypts the encrypted target packet based on the first encryption/decryption scheme corresponding to the indication information.
In addition to the network side device sending the destination packet to the user side device, the user side device may also send the destination packet to the network side device, which may be specifically referred to in the following processing from S1014 to S1020.
In S1014, the user-side device acquires the target packet.
In S1016, the transmitting end of the ue encrypts the target packet according to the first encryption/decryption scheme corresponding to the indication information.
The transmitting end of the user side device may be a PDCP transmitting end of the user side device.
In S1018, the transmitting end of the user-side device transmits the encrypted target packet to the receiving end of the network-side device.
The receiving end of the network side device may be a PDCP receiving end of the network side device, or the like.
In S1020, the network device decrypts the encrypted target packet based on the first encryption/decryption scheme corresponding to the indication information.
In S1022, the ue and/or the network device deletes the second encryption/decryption method used before the indication information is obtained.
In practical applications, only one set of encryption and decryption method or security configuration information corresponding to the encryption and decryption method may be reserved in the ue and/or the network, and in this case, the ue or the network may continue to execute the above S1022 after the completion of the processing in S1006 to S1012 or S1014 to S1020. In addition, the ue and/or the network device may further retain multiple sets of encryption/decryption manners or security configuration information corresponding to each set of encryption/decryption manners, and in this case, after the ue or the network device completes the processing in S1006 to S1012 or S1014 to S1020, the ue or the network device may trigger the processing in S1022 through one or more triggering manners.
The user side device and/or the network side device may be triggered to delete the second encryption and decryption manner or the security configuration information corresponding to the second encryption and decryption manner through multiple triggering manners, and 5 optional implementation manners are provided below, which may specifically include the following manner one to manner five.
In the first mode, the network side equipment sends indication information for deleting the second encryption and decryption mode.
In the second mode, the mobility processing procedure is completed.
And in the third mode, the configuration information of the second encryption and decryption mode is deleted, wherein the configuration information is configured by the network side equipment.
And in the fourth mode, the user side equipment sends the indication information for deleting the second encryption and decryption mode to the network side equipment.
And in the fifth mode, the user side equipment sends a re-access request.
The embodiment of the present application provides an information processing method, in which indication information is obtained, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates to perform security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user-side device or a network-side device can encrypt or decrypt the corresponding data packet by using a corresponding encryption manner and a corresponding decryption manner in time, and a phenomenon that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt when a service node is converted (or changed) to cause data (or data packet) loss is avoided, the safety in the data transmission process is ensured.
Example nine
Based on the same idea, the information processing method provided in the embodiment of the present application further provides a user-side device, as shown in fig. 11.
The user-side device may include an information acquisition module 1101.
The information obtaining module 1101 is configured to obtain indication information, where the indication information is used to indicate at least one of an identifier of a specific data packet and packet header information, and the specific data packet is a data packet for performing security configuration conversion.
In the embodiment of the present application, the indication information is based on a predetermined protocol agreement.
In this embodiment, the indication information is set in the last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol-specified value.
In this embodiment of the present application, the indication information is header information of the specified data packet, where the header information includes a predetermined identification bit value.
In the embodiment of the present application, the indication information includes a PDCP number, and the PDCP number is used to indicate an identifier of a specific packet.
In this embodiment, the ue further includes:
the data packet acquisition module is used for acquiring a target data packet;
and the encryption and decryption module is used for encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
In the embodiment of the present application, the target data packet is a data packet received by a receiving end,
and the encryption and decryption module is used for decrypting the target data packet by using the first encryption and decryption mode.
In the embodiment of the present application, the target packet is a packet of a sending end,
and the encryption and decryption module is used for encrypting the target data packet by using the first encryption and decryption mode.
In this embodiment, the ue further includes:
and the deleting module is used for deleting the second encryption and decryption mode used before the indication information is acquired.
In this embodiment of the present application, the triggering manner for deleting the second encryption/decryption manner may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
In this embodiment of the application, the identifier of the designated data packet includes at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
In the embodiment of the present application, the information obtaining module is configured to receive the indication information sent by a network side device.
The embodiment of the present application provides a user side device, which obtains indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates that security configuration conversion is performed from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that the user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and a phenomenon that when a service node is converted (or changed), a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt, which results in data (or data packet) loss is avoided, the safety in the data transmission process is ensured.
Example ten
Based on the same idea, an embodiment of the present application further provides a network side device, as shown in fig. 12.
The network side device may include an information obtaining module 1201.
An information obtaining module 1201, configured to obtain indication information, where the indication information is used to indicate at least one of an identifier of a specific data packet and header information, and the specific data packet is a data packet for performing security configuration conversion.
In the embodiment of the present application, the indication information is based on a predetermined protocol agreement.
In this embodiment, the indication information is set in the last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol-specified value.
In this embodiment of the present application, the indication information is header information of the specified data packet, where the header information includes a predetermined identification bit value.
In the embodiment of the present application, the indication information includes a PDCP number, and the PDCP number is used to indicate an identifier of a specific packet.
In this embodiment, the network side device further includes:
the data packet acquisition module is used for acquiring a target data packet;
and the encryption and decryption module is used for encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
In the embodiment of the present application, the target data packet is a data packet received by a receiving end,
and the encryption and decryption module is used for decrypting the target data packet by using the first encryption and decryption mode.
In the embodiment of the present application, the target packet is a packet of a sending end,
and the encryption and decryption module is used for encrypting the target data packet by using the first encryption and decryption mode.
In this embodiment, the network side device further includes:
and the deleting module is used for deleting the second encryption and decryption mode used before the indication information is acquired.
In this embodiment of the present application, the triggering manner for deleting the second encryption/decryption manner may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
In this embodiment of the application, the identifier of the designated data packet includes at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
The embodiment of the present application provides a network side device, which obtains indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates that security configuration conversion is performed from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and a phenomenon that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or reconstructed to cause data (or data packet) loss when a service node is converted (or changed) is avoided, the safety in the data transmission process is ensured.
EXAMPLE eleven
Fig. 13 is a block diagram of a user-side device according to another embodiment of the present application. The user-side device 1300 shown in fig. 13 includes: at least one processor 1301, memory 1302, at least one network interface 1304, and a user interface 1303. The various components in the user-side device 1300 are coupled together by a bus system 1305. It is understood that the bus system 1305 is used to implement connective communication between these components. The bus system 1305 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled in FIG. 13 as the bus system 1305.
The user interface 1303 may include, among other things, a display, a keyboard or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen).
It will be appreciated that the memory 1302 in embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a Read-only memory (ROM), a programmable Read-only memory (PROM), an erasable programmable Read-only memory (erasabprom, EPROM), an electrically erasable programmable Read-only memory (EEPROM), or a flash memory. The volatile memory may be a Random Access Memory (RAM) which functions as an external cache. By way of example, but not limitation, many forms of RAM are available, such as static random access memory (staticiram, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (syncronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (DDRSDRAM ), Enhanced Synchronous DRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DRRAM). The memory 1302 of the systems and methods described in this application is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, memory 1302 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof: an operating system 13021 and application programs 13022.
The operating system 13021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application 13022 includes various applications such as a media player (MediaPlayer), a Browser (Browser), etc. for implementing various application services. A program for implementing the method according to the embodiment of the present application may be included in the application 13022.
In this embodiment of the present application, the user-side device 1300 further includes: a computer program stored on the memory 1302 and executable on the processor 1301, the computer program when executed by the processor 1301 performing the steps of:
acquiring indication information, wherein the indication information is used for indicating at least one of an identifier of a specified data packet and packet header information, and the specified data packet is a data packet for performing security configuration conversion.
The method disclosed in the embodiments of the present application may be applied to the processor 1301 or implemented by the processor 1301. Processor 1301 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 1301. The processor 1301 may be a general-purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may reside in ram, flash memory, rom, prom, or eprom, registers, among other computer-readable storage media known in the art. The computer readable storage medium is located in the memory 1302, and the processor 1301 reads the information in the memory 1302, and combines the hardware to complete the steps of the method. In particular, the computer readable storage medium has stored thereon a computer program, which when executed by the processor 1301, implements the steps of the above described network element selection method embodiment.
It is to be understood that the embodiments described in connection with the embodiments disclosed herein may be implemented by hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the functions described herein, or a combination thereof.
For a software implementation, the techniques described in this application may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described in this application. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
Optionally, the indication information is based on a predetermined protocol convention.
Optionally, the indication information is set in a last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol-specified value.
Optionally, the indication information is header information of the specified data packet, where the header information includes a predetermined identification bit value.
Optionally, the indication information includes a PDCP number value, and the PDCP number value is used to indicate an identifier of a specific packet.
Optionally, when the indication information is obtained or after the indication information is obtained, the method further includes:
acquiring a target data packet;
and encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
Optionally, the target data packet is a data packet received by a receiving end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end decrypts the target data packet by using the first encryption and decryption mode.
Optionally, the target data packet is a data packet of a sending end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end encrypts the target data packet by using the first encryption and decryption mode.
Optionally, after the obtaining of the indication information, the method further includes:
and deleting the second encryption and decryption mode used before the indication information is acquired.
Optionally, the triggering manner for deleting the second encryption and decryption manner may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
Optionally, the identifier of the specific data packet includes at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
Optionally, the method is applied to the user side device and/or the network side device.
Optionally, the method is applied to a user side device, and the obtaining of the indication information includes:
and receiving the indication information sent by the network side equipment.
The embodiment of the present application provides a user side device, which obtains indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates that security configuration conversion is performed from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that the user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and a phenomenon that when a service node is converted (or changed), a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt, which results in data (or data packet) loss is avoided, the safety in the data transmission process is ensured.
Example twelve
Fig. 14 is a block diagram of a network-side device according to another embodiment of the present application. The network side device 1400 shown in fig. 14 includes: at least one processor 1401, memory 1402, at least one network interface 1404, and a user interface 1403. The various components in network-side device 1400 are coupled together by a bus system 1405. It will be appreciated that bus system 1405 is used to enable communications among the components connected. The bus system 1405 includes a power bus, a control bus, and a status signal bus, in addition to the data bus. For clarity of illustration, however, the various buses are labeled as bus system 1405 in fig. 14.
User interface 1403 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It will be appreciated that the memory 1402 in the subject embodiments can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a Read-only memory (ROM), a programmable Read-only memory (PROM), an erasable programmable Read-only memory (erasabprom, EPROM), an electrically erasable programmable Read-only memory (EEPROM), or a flash memory. The volatile memory may be a Random Access Memory (RAM) which functions as an external cache. By way of example, but not limitation, many forms of RAM are available, such as static random access memory (staticiram, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (syncronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (DDRSDRAM ), Enhanced Synchronous DRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DRRAM). The memory 1402 of the systems and methods described in embodiments herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, memory 1402 stores elements, executable modules or data structures, or a subset thereof, or an expanded set thereof as follows: an operating system 14021 and application programs 14022.
The operating system 14021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The application 14022 contains various applications, such as a media player (MediaPlayer), a Browser (Browser), and the like, for implementing various application services. A program implementing the methods of embodiments of the present application may be included in application 14022.
In this embodiment of the present application, the network side device 1400 further includes: a computer program stored on the memory 1402 and executable on the processor 1401, which computer program, when executed by the processor 1401, performs the steps of:
acquiring indication information, wherein the indication information is used for indicating at least one of an identifier of a specified data packet and packet header information, and the specified data packet is a data packet for performing security configuration conversion.
The methods disclosed in the embodiments of the present application described above may be applied to the processor 1401, or implemented by the processor 1401. Processor 1401 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware integrated logic circuits or software in the processor 1401. The processor 1401 may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may reside in ram, flash memory, rom, prom, or eprom, registers, among other computer-readable storage media known in the art. The computer readable storage medium is located in the memory 1402, and the processor 1401 reads the information in the memory 1402, and implements the steps of the above method in combination with the hardware thereof. In particular, the computer readable storage medium has stored thereon a computer program which, when being executed by the processor 1401, carries out the steps of the embodiments of the method of selecting a network element as described above.
It is to be understood that the embodiments described in connection with the embodiments disclosed herein may be implemented by hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the functions described herein, or a combination thereof.
For a software implementation, the techniques described in this application may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described in this application. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
Optionally, the indication information is based on a predetermined protocol convention.
Optionally, the indication information is set in a last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol-specified value.
Optionally, the indication information is header information of the specified data packet, where the header information includes a predetermined identification bit value.
Optionally, the indication information includes a PDCP number value, and the PDCP number value is used to indicate an identifier of a specific packet.
Optionally, when the indication information is obtained or after the indication information is obtained, the method further includes:
acquiring a target data packet;
and encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
Optionally, the target data packet is a data packet received by a receiving end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end decrypts the target data packet by using the first encryption and decryption mode.
Optionally, the target data packet is a data packet of a sending end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end encrypts the target data packet by using the first encryption and decryption mode.
Optionally, after the obtaining of the indication information, the method further includes:
and deleting the second encryption and decryption mode used before the indication information is acquired.
Optionally, the triggering manner for deleting the second encryption and decryption manner may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
Optionally, the identifier of the specific data packet includes at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
The embodiment of the present application provides a network side device, which obtains indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for performing security configuration conversion, and thus, the identifier and/or header information of the data packet indicates that security configuration conversion is performed from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user side device or a network side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and a phenomenon that a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or reconstructed to cause data (or data packet) loss when a service node is converted (or changed) is avoided, the safety in the data transmission process is ensured.
EXAMPLE thirteen
Based on the same idea, embodiments of the present application also provide a computer-readable storage medium.
The computer-readable storage medium stores one or more programs that, when executed by a device including a plurality of application programs, cause the device to perform operations such as the processes of fig. 1-10:
acquiring indication information, wherein the indication information is used for indicating at least one of an identifier of a specified data packet and packet header information, and the specified data packet is a data packet for performing security configuration conversion.
Optionally, the indication information is based on a predetermined protocol convention.
Optionally, the indication information is set in a last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol-specified value.
Optionally, the indication information is header information of the specified data packet, where the header information includes a predetermined identification bit value.
Optionally, the indication information includes a PDCP number value, and the PDCP number value is used to indicate an identifier of a specific packet.
Optionally, when the indication information is obtained or after the indication information is obtained, the method further includes:
acquiring a target data packet;
and encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
Optionally, the target data packet is a data packet received by a receiving end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end decrypts the target data packet by using the first encryption and decryption mode.
Optionally, the target data packet is a data packet of a sending end, and the encrypting or decrypting the target data packet by using the first encryption and decryption manner corresponding to the indication information includes:
and the receiving end encrypts the target data packet by using the first encryption and decryption mode.
Optionally, after the obtaining of the indication information, the method further includes:
and deleting the second encryption and decryption mode used before the indication information is acquired.
Optionally, the triggering manner for deleting the second encryption and decryption manner may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
Optionally, the identifier of the specific data packet includes at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
The embodiment of the present application provides a computer-readable storage medium, which is configured to obtain indication information, where the indication information is used to indicate at least one of an identifier and header information of a specific data packet, where the specific data packet is a data packet for security configuration conversion, and thus, the identifier and/or header information of the data packet indicates security configuration conversion from the specific data packet, that is, a data packet received after the specific data packet is to be encrypted or decrypted by using new security configuration information or an encryption manner and a decryption manner, so that a user-side device or a network-side device can encrypt or decrypt the corresponding data packet by using the corresponding encryption manner and decryption manner in time, and a phenomenon that when a service node is converted (or changed), a PDCP entity, an RLC entity, a MAC entity, and the like need to be reset or rebuilt, which may cause data (or data packet) loss is avoided, the safety in the data transmission process is ensured.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (16)

1. A method for processing information, comprising:
acquiring indication information, wherein the indication information is used for indicating at least one of an identifier and packet header information of a specified data packet, and the specified data packet is a data packet for performing security configuration conversion;
for the case that the indication information is based on a predetermined protocol convention, the indication information is set in the last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol convention value.
2. The method of claim 1, wherein the indication information is header information of the specific data packet, and the header information includes a predetermined identification bit value.
3. The method of claim 1, wherein the indication information comprises a Packet Data Convergence Protocol (PDCP) number value indicating an identity of a specific packet.
4. The method of claim 1, wherein when or after the indication information is obtained, the method further comprises:
acquiring a target data packet;
and encrypting or decrypting the target data packet based on a first encryption and decryption mode corresponding to the indication information.
5. The method according to claim 4, wherein the target data packet is a data packet received by a receiving end, and the encrypting or decrypting the target data packet based on the first encryption/decryption manner corresponding to the indication information includes:
and the receiving end decrypts the target data packet by using the first encryption and decryption mode.
6. The method according to claim 4, wherein the target packet is a packet at a transmitting end, and the encrypting or decrypting the target packet based on the first encryption/decryption manner corresponding to the indication information includes:
and the receiving end encrypts the target data packet by using the first encryption and decryption mode.
7. The method of claim 1, wherein after the obtaining the indication information, the method further comprises:
and deleting the second encryption and decryption mode used before the indication information is acquired.
8. The method according to claim 7, wherein the trigger for deleting the second encryption/decryption mode may include one or more of the following:
the network side equipment sends indication information for deleting the second encryption and decryption mode;
the mobility processing procedure is completed;
the configuration information of the second encryption and decryption mode is deleted and configured by the network side equipment;
the user side equipment sends indication information for deleting the second encryption and decryption mode to the network side equipment;
and the user side equipment sends a re-access request.
9. The method of claim 1, wherein the identification of the designated packet comprises at least one of:
an identifier of an uplink data packet, and an identifier of a downlink data packet.
10. The method according to any of claims 1-9, wherein the method is applied to a user side device and/or a network side device.
11. The method according to claim 1, wherein the method is applied to a ue, and the obtaining the indication information includes:
and receiving the indication information sent by the network side equipment.
12. A user-side device, comprising:
the information acquisition module is used for acquiring indication information, wherein the indication information is used for indicating at least one of identification and header information of a specified data packet, and the specified data packet is a data packet for performing security configuration conversion;
for the case that the indication information is based on a predetermined protocol convention, the indication information is set in the last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol convention value.
13. A network-side device, comprising:
the information acquisition module is used for acquiring indication information, wherein the indication information is used for indicating at least one of identification and header information of a specified data packet, and the specified data packet is a data packet for performing security configuration conversion;
for the case that the indication information is based on a predetermined protocol convention, the indication information is set in the last received or transmitted data packet when the number of received or transmitted data packets reaches a protocol convention value.
14. A user-side device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 9 and 11.
15. A network-side device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 9.
16. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 11.
CN201810941718.9A 2018-08-17 2018-08-17 Information processing method, user side equipment and network side equipment Active CN110839266B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810941718.9A CN110839266B (en) 2018-08-17 2018-08-17 Information processing method, user side equipment and network side equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810941718.9A CN110839266B (en) 2018-08-17 2018-08-17 Information processing method, user side equipment and network side equipment

Publications (2)

Publication Number Publication Date
CN110839266A CN110839266A (en) 2020-02-25
CN110839266B true CN110839266B (en) 2021-12-24

Family

ID=69573568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810941718.9A Active CN110839266B (en) 2018-08-17 2018-08-17 Information processing method, user side equipment and network side equipment

Country Status (1)

Country Link
CN (1) CN110839266B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11641398B2 (en) * 2021-07-14 2023-05-02 Secturion Systems, Inc. Secure data transfer over wireless networks using data storage encryptors

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8473480B1 (en) * 2004-12-30 2013-06-25 Google Inc. Continuous security updates
CN103841082A (en) * 2012-11-22 2014-06-04 中国电信股份有限公司 Security capability negotiation method, system, service server and user terminal
CN106817696A (en) * 2015-12-01 2017-06-09 宏达国际电子股份有限公司 Process the device and method of the data transmission/reception for dual link
CN108282830A (en) * 2017-01-06 2018-07-13 电信科学技术研究院 A kind of method, terminal and the network entity device of network entity switching

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8473480B1 (en) * 2004-12-30 2013-06-25 Google Inc. Continuous security updates
CN103841082A (en) * 2012-11-22 2014-06-04 中国电信股份有限公司 Security capability negotiation method, system, service server and user terminal
CN106817696A (en) * 2015-12-01 2017-06-09 宏达国际电子股份有限公司 Process the device and method of the data transmission/reception for dual link
CN108282830A (en) * 2017-01-06 2018-07-13 电信科学技术研究院 A kind of method, terminal and the network entity device of network entity switching

Also Published As

Publication number Publication date
CN110839266A (en) 2020-02-25

Similar Documents

Publication Publication Date Title
CN110022224B (en) Data processing method, user side equipment and network side equipment
JP7074847B2 (en) Security protection methods, devices and systems
CN109246705B (en) Data radio bearer integrity protection configuration method, terminal and network equipment
CN109729524B (en) RRC (radio resource control) connection recovery method and device
CN109560946B (en) Method and device for processing data transmission failure
KR20130036240A (en) Signaling radio bearer security handling for single radio voice call continuity operation
WO2018137716A1 (en) Method and device for keeping continuity of udc function
US11882436B2 (en) Key generation method, apparatus, and system
CN112637785A (en) Method and apparatus for multicast transmission
TW201911901A (en) Data transmission method, terminal device and network device
WO2018161965A1 (en) Wireless communication method and device
WO2019140664A1 (en) Signalling radio bearer configuration method, terminal device and network device
CN112449348B (en) Communication method and communication device
CN110839266B (en) Information processing method, user side equipment and network side equipment
KR102256582B1 (en) Method for obtaining context configuration information, terminal equipment and access network equipment
KR20200055712A (en) Wireless communication method and terminal device
KR102650826B1 (en) How to distinguish data formats, devices and communication devices
US20230092744A1 (en) Ckey obtaining method and apparatus
US20210377756A1 (en) Communications Method, Communications Apparatus, and Computer-Readable Storage Medium
JP2022510556A (en) Security algorithm processing methods and devices, terminals
CN114642014A (en) Communication method, device and equipment
CN114342472A (en) Handling of NAS containers in registration requests upon AMF reallocation
JP2022511577A (en) Wireless communication and equipment
CN113810903B (en) Communication method and device
RU2771619C2 (en) System, device and key generation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant