CN110891269B

CN110891269B - Data protection method, equipment and system

Info

Publication number: CN110891269B
Application number: CN201811051065.3A
Authority: CN
Inventors: 张博; 何承东
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2018-09-10
Filing date: 2018-09-10
Publication date: 2022-04-05
Anticipated expiration: 2038-09-10
Also published as: CN110891269A; WO2020052414A1

Abstract

Embodiments of the present application provide a data protection method, device, and system, so as to solve the problem that security of user plane data transmission is reduced when data protection is performed on a terminal and a base station. The method involves data protection of user plane data by the terminal and the user plane network element using a first parameter, i.e. data protection is performed on the terminal and the user plane network element. The first parameter is PDU session ID or QFI or DRB ID or RB ID, etc. Taking the first parameter as the PDU session ID as an example, the method comprises the following steps: the terminal determines a PDU session ID, encrypts a plaintext to be sent by using the PDU session ID to obtain a ciphertext, sends the ciphertext to the user plane network element through the access network device, determines the PDU session ID after the user plane network element receives the ciphertext, and decrypts the ciphertext by using the PDU session ID to obtain the plaintext.

Description

Data protection method, equipment and system

Technical Field

The present application relates to the field of communications technologies, and in particular, to a data protection method, device, and system.

Background

In the existing mobile communication security architecture, user plane data transmitted between a terminal and a base station can be securely protected. For example, the terminal performs data protection operation (e.g., confidentiality protection and/or integrity protection) on the user plane data sent to the network, and the base station performs corresponding security operation (e.g., decryption and/or integrity verification) after receiving the protected data. The base station performs data protection operation (such as confidentiality protection and/or integrity protection) on user plane data sent to the terminal, and the terminal performs corresponding security operation (such as decryption and/or integrity verification) after receiving the protected data.

Currently, a terminal and a base station perform data protection operation in a Packet Data Convergence Protocol (PDCP) layer, and the PDCP layer has a main function of completing data protection, such as: confidentiality protection and integrity protection. Taking confidentiality protection as an example, the confidentiality protection may include: a transmitting end inputs a series of encryption keys (keys), counts (counts), bearers (bearer) (such as radio bearer ID), directions (uplink data or downlink data), length parameters (key stream length) and the like into a security algorithm (such as an NEA function) to obtain key stream packets (keystream blocks); and carrying out XOR on the plaintext (plaintext block) and the key stream packet to obtain a ciphertext (ciphertext block) and sending the ciphertext block. And after receiving the ciphertext, the receiving end obtains a key stream packet according to the series of parameters, and performs exclusive OR on the key stream packet and the ciphertext to obtain a plaintext. The sending end can be a terminal, and the receiving end can be a base station; or, the transmitting end is a base station and the receiving end is a terminal.

As can be seen from the above, the existing data protection is executed on the terminal and the base station, and only end-to-end protection between the terminal and the base station is implemented, at this time, if the user plane data interacted between the base station and the network side is attacked, data leakage may be caused, and the security of user plane data transmission is reduced.

Disclosure of Invention

The embodiment of the application provides a data protection method, equipment and a system, which are used for solving the problem that the safety of user plane data transmission is reduced when data protection is performed on a terminal and a base station in the prior art.

In order to achieve the above purpose, the embodiments of the present application provide the following technical solutions:

in a first aspect, an embodiment of the present application provides a data protection method, which may include: the terminal determines a first parameter corresponding to a plaintext to be sent, encrypts the plaintext by using the first parameter to obtain a ciphertext, and sends the ciphertext to a user plane network element through access network equipment.

The first parameter corresponds to a user plane transmission logical channel between the terminal and the user plane network element, that is, the user plane data is encrypted by using the user plane transmission logical channel between the terminal and the user plane network element as a granularity.

Based on the method provided by the first aspect, confidentiality protection can be performed on data transmitted between the terminal and the user plane network element according to the first parameter corresponding to the user plane transmission logic channel between the terminal and the user plane network element, end-to-end protection from the terminal to the user plane network element is realized, the problems that when confidentiality protection is performed on the data by access network equipment, data leakage occurs when the user plane data interacted between the access network equipment and the network side is attacked, and the security of user plane data transmission is reduced are solved, and the security of data transmission is improved.

In a first possibility of the first aspect, with reference to the first aspect, the determining, by the terminal, a first parameter that is a session Identifier (ID) of a Protocol Data Unit (PDU) or a quality of service flow identifier (QoS flow ID) (QFI for short), and the determining, by the terminal, the first parameter corresponding to a plaintext to be sent includes: the terminal determines a first parameter according to the content information of the plaintext to be sent.

The plaintext content information may include an Internet Protocol (IP) address, a Media Access Control (MAC) address, and the like.

In a second possible design of the first aspect, with reference to the first aspect or the first possible design of the first aspect, the determining, by the terminal, a first parameter corresponding to a plaintext to be sent, where the first parameter is a Data Radio Bearer (DRB) ID, includes: and the terminal determines QFI corresponding to the plaintext according to the content information of the plaintext to be sent, and determines DRB ID corresponding to the plaintext according to the corresponding relation among the QFI, the QFI and the DRB ID corresponding to the plaintext.

And the corresponding relation between the QFI and the DRB ID is sent to the terminal by the access network equipment. In addition, the first parameter corresponding to the plaintext to be sent can be determined in other manners without limitation.

In a third possible design of the first aspect, in combination with the first aspect or any one of the possible designs of the first aspect, the method further comprises: the terminal sends a first parameter to the access network equipment; or the terminal sends an indication to the access network equipment, wherein the indication is used for indicating the first parameter.

Therefore, the first parameter used by the terminal encryption can be sent to the user plane network element through the access network device, so that the user plane network element receives the first parameter while receiving the ciphertext from the access network device, and decrypts according to the first parameter.

In a fourth possible design of the first aspect, in combination with the first aspect or any one of the possible designs of the first aspect, the method further comprises: the terminal receives the ciphertext sent by the access network equipment, determines a first parameter corresponding to the received ciphertext, and decrypts the received ciphertext by using the first parameter to obtain the plaintext.

Therefore, data protection is realized when the user plane network element transmits data to the terminal.

In a second aspect, the present application provides a communication device, which may be a terminal or a chip in a terminal or a system on a chip. The communication device may implement the functions performed by the terminal in the above aspects or possible designs, and the functions may be implemented by hardware or by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions. Such as: the communication apparatus may include: a determination unit, an encryption/decryption unit, a transmission unit;

the device comprises a determining unit, a judging unit and a judging unit, wherein the determining unit is used for determining a first parameter corresponding to a plaintext to be sent;

the encryption/decryption unit is used for encrypting the plaintext by using the first parameter to obtain a ciphertext;

and the sending unit is used for sending the ciphertext to the user plane network element through the access network equipment.

The first parameter corresponds to a user plane transmission logical channel between the terminal and a user plane network element, and a specific implementation manner of the communication device may refer to the first aspect or a behavior function of the terminal in the data protection method provided by any one of possible designs of the first aspect, which is not repeated herein. Thus, the communication device provided may achieve the same advantageous effects as the first aspect or any one of the possible designs of the first aspect.

In a third aspect, a communication apparatus is provided, including: a processor and a memory; the memory is configured to store computer executable instructions, and when the communication apparatus is running, the processor executes the computer executable instructions stored by the memory to cause the communication apparatus to perform the data protection method according to the first aspect or any one of the possible designs of the first aspect.

In a fourth aspect, there is provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to perform the data protection method of the first aspect or any one of the possible designs of the above aspect.

In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the data protection method of the first aspect described above or any one of the possible designs of the above aspects.

A sixth aspect provides a chip system, where the chip system includes a processor and a communication interface, and is used to support a communication device to implement the functions in the foregoing aspects, for example, the processor determines a first parameter corresponding to a plaintext to be sent, encrypts the plaintext by using the first parameter to obtain a ciphertext, and sends the ciphertext to a user plane network element through an access network device.

In a possible design, the first parameter corresponds to a user plane transmission logical channel between the terminal and a user plane network element, and the chip system further includes a memory for storing program instructions and data necessary for the communication device. The chip system may be constituted by a chip, or may include a chip and other discrete devices.

For technical effects brought by any design manner in the third aspect to the sixth aspect, reference may be made to the technical effects brought by the first aspect or any possible design manner in the first aspect, and details are not repeated.

In a seventh aspect, an embodiment of the present application provides a data protection method, where the method may include: and the user plane network element receives the ciphertext sent by the access network equipment, determines a first parameter corresponding to the received ciphertext, and decrypts the ciphertext by using the first parameter to obtain the plaintext.

Wherein the first parameter corresponds to a user plane transmission logical channel between the terminal and the user plane network element.

Based on the method provided by the seventh aspect, the ciphertext received by the user plane network element can be decrypted according to the first parameter corresponding to the user plane transmission logic channel between the terminal and the user plane network element, so that end-to-end protection from the terminal to the user plane network element is realized, the problems that when the confidentiality of data is protected by the access network equipment, data is leaked and the security of user plane data transmission is reduced when the user plane data interacted between the access network equipment and the network side is attacked are avoided, and the security of data transmission is improved.

In a first possible design of the seventh aspect, with reference to the seventh aspect, the determining, by the user plane network element, the first parameter corresponding to the ciphertext includes: and the user plane network element determines the QFI corresponding to the ciphertext according to the quintuple information of the ciphertext.

In a second possible design of the seventh aspect, with reference to the seventh aspect, the method further includes: and the user plane network element receives the first parameter from the access network equipment.

Therefore, the user plane network element receives the first parameter while receiving the ciphertext and decrypts according to the received first parameter without determining the first parameter corresponding to the ciphertext, and complexity of obtaining the first parameter by the user plane network element is reduced.

In a third possible design of the seventh aspect, with reference to the seventh aspect, the determining, by the user plane network element, the PDU session ID corresponding to the ciphertext by using the first parameter as the PDU session ID includes: and the user plane network element determines the QFI corresponding to the ciphertext and determines the PDU session ID corresponding to the ciphertext according to the QFI corresponding to the ciphertext, the QFI and the PDU session ID.

And the corresponding relation between the QFI and the PDU session ID is sent to the user plane network element by the session management network element.

In a fourth possible design of the seventh aspect, with reference to the seventh aspect, the first parameter is a PDU session ID, and the receiving, by the user plane network element, the ciphertext includes: the user plane network element receives the ciphertext from the N3 link;

the user plane network element determining the PDU session ID corresponding to the ciphertext comprises the following steps: and the user plane network element determines the PDU session ID corresponding to the ciphertext according to the corresponding relation between the N3 link identification and the PDU session ID, wherein the PDU session ID corresponds to the N3 link identification for identifying the N3 link.

In a fifth possible design of the seventh aspect, with reference to the seventh aspect, the determining, by the user plane network element, the DRB ID corresponding to the ciphertext by using the first parameter as the DRB ID includes: and the user plane network element determines the QFI corresponding to the ciphertext and determines the DRB ID corresponding to the ciphertext according to the QFI corresponding to the ciphertext, the corresponding relation between the QFI and the DRB ID.

And the corresponding relation between the QFI and the DRB ID is sent to the user plane network element by the access network equipment.

In a fifth possible design of the seventh aspect, in combination with the second aspect or any one of the possible designs of the second aspect, the method further includes: the user plane network element determines a first parameter corresponding to a plaintext to be sent to the terminal, encrypts the plaintext to be sent according to the first parameter to obtain a ciphertext, and sends the ciphertext to the terminal through the access network equipment.

In an eighth aspect, the present application provides a communication apparatus, which may be a user plane network element or a chip in a user plane network element or a system on a chip, and which may implement the functions performed by the user plane network element in each possible design of the seventh aspect or the seventh aspect, where the functions may be implemented by hardware or may be implemented by hardware executing corresponding software. The hardware or software comprises one or more modules corresponding to the functions. Such as: the communication apparatus may include: a receiving unit, a determining unit, a decrypting/encrypting unit;

the receiving unit is used for receiving the ciphertext sent by the access network equipment;

the determining unit is used for determining a first parameter corresponding to the ciphertext;

and the decryption/encryption unit is used for decrypting the received ciphertext by using the first parameter to obtain the plaintext.

Wherein, the first and second connecting parts are connected with each other; wherein the first parameter corresponds to a user plane transmission logical channel between the terminal and the user plane network element. The specific implementation manner of the communication apparatus may refer to the seventh aspect or the behavior function of the user plane network element in the data protection method provided by any possible design of the seventh aspect, and details are not repeated here. Therefore, the communication device provided can achieve the same advantageous effects as any one of the possible designs of the seventh aspect or the seventh aspect.

In a ninth aspect, there is provided a communication apparatus comprising: a processor and a memory; the memory is configured to store computer-executable instructions, and when the communication apparatus is running, the processor executes the computer-executable instructions stored in the memory, so as to enable the communication apparatus to perform the data protection method according to any one of the possible designs of the seventh aspect or the seventh aspect.

In a tenth aspect, there is provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to perform the data protection method of the seventh aspect or any one of the above possible designs.

In an eleventh aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the data protection method of the seventh aspect described above or any one of the possible designs of the above aspects.

In a twelfth aspect, a chip system is provided, where the chip system includes a processor and a communication interface, and is used to support a communication device to implement the functions in the foregoing aspects, for example, the processor receives a ciphertext from an access network device through the communication interface, determines a first parameter corresponding to the ciphertext, and decrypts the ciphertext by using the first parameter to obtain a plaintext.

For technical effects brought by any design manner of the ninth aspect to the twelfth aspect, reference may be made to the seventh aspect or any possible design manner of the seventh aspect, and details are not repeated.

In a thirteenth aspect, the present application provides a transmission data protection system, including: the communication apparatus according to the second to sixth aspects, the access network device, or the communication apparatus according to the eighth to twelfth aspects.

Drawings

FIG. 1 is a schematic diagram of a system framework provided by an embodiment of the present application;

fig. 2a is a schematic view of confidentiality protection according to an embodiment of the present application;

fig. 2b is a schematic diagram of integrity protection provided by an embodiment of the present application;

fig. 3 is a schematic diagram illustrating a communication device according to an embodiment of the present disclosure;

fig. 4 is a schematic flow chart of a data protection method according to an embodiment of the present application;

fig. 5 is a schematic flow chart of another data protection method according to an embodiment of the present application;

fig. 6 is a schematic flow chart of another data protection method according to an embodiment of the present application;

fig. 7 is a schematic flowchart of another data protection method according to an embodiment of the present application;

fig. 8 is a schematic flowchart of another data protection method according to an embodiment of the present application;

fig. 9 is a schematic flowchart of another data protection method according to an embodiment of the present application;

fig. 10 is a schematic flowchart of another data protection method according to an embodiment of the present application;

fig. 11 is a schematic diagram illustrating a communication device 11 according to an embodiment of the present disclosure;

fig. 12 is a schematic diagram illustrating a communication device 12 according to an embodiment of the present disclosure;

fig. 13 is a schematic composition diagram of a data protection system 13 according to an embodiment of the present application.

Detailed Description

The technical solution in the embodiments of the present application is described below with reference to the drawings in the embodiments of the present application.

The data protection method provided in the embodiment of the present application may be applied to a network system shown in fig. 1, where the network system may be a Long Term Evolution (LTE), a fifth generation (5th generation, 5G) system, a New Radio (NR) system, or another system. As shown in fig. 1, the network system may include: the system comprises a terminal, access Network equipment, a mobility management Network element, a session management Network element, a user plane Network element and a Data Network (DN), wherein all the Network elements can be connected through communication specified by a protocol. It should be noted that fig. 1 is only an exemplary architecture diagram, and besides the functional units shown in fig. 1, the network architecture may further include a policy control network element and other network elements, which is not limited in this embodiment.

The terminal in fig. 1 may be configured to connect to an access network device deployed by an operator through a wireless air interface, establish a user plane transmission logical channel between the access network device and a user plane network element, and access to a DN through the user plane transmission logical channel network element. The terminal may be a User Equipment (UE), such as: cell phones, computers, and may also be cellular phones, cordless phones, Session Initiation Protocol (SIP) phones, smart phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), computers, laptops, handheld communication devices, handheld computing devices, satellite radios, wireless modem cards, Set Top Boxes (STBs), Customer Premises Equipment (CPE), and/or other devices used to communicate over a wireless system. In addition, the terminal may also be a device supporting wired access.

The access network equipment is mainly used for realizing functions of a wireless physical layer, resource scheduling and wireless resource management, wireless access control, mobility management and the like. The access network device may be AN Access Network (AN)/Radio Access Network (RAN), and is composed of a plurality of 5G-AN/5G-RAN nodes, where the 5G-AN/5G-RAN nodes may be: an access node (AP), a next generation base station (NR nodeB, gNB), a Transmission Receive Point (TRP), a Transmission Point (TP), or some other access node. In addition, the access network device may also be a device supporting wired access.

The mobility management network element may be an access and mobility management function (AMF), and is mainly used for managing the movement of the terminal.

The session management network element may have a Session Management Function (SMF), and is mainly used to implement session management functions such as establishment, release, and modification of a user plane transmission logical channel (e.g., a Protocol Data Unit (PDU) session). The session management network element may manage one or more user plane network elements.

The user plane network element may be a User Plane Function (UPF), and the user plane network element may be an anchor point on a user plane transmission logic channel, and is mainly used to complete functions such as routing forwarding of user plane data, for example: a channel (i.e. a user plane transmission logic channel) is established between the network node and the terminal, and the channel forwards a data packet between the terminal and the DN, and is responsible for filtering data messages of the terminal, transmitting/forwarding data, controlling rate, generating charging information, and the like.

The DN may include network devices (servers or routers, etc.) that are mainly used to provide various data service services to the terminal.

In the system shown in fig. 1, in order to ensure the security of the user plane data interaction between the access network device and the network side device, end-to-end data protection between the user plane network element and the terminal is implemented. For example, after data protection is performed on data to be sent (named as plaintext in this embodiment of the present application), the terminal may send the data to be sent to a user plane network element through access network equipment; after receiving the encrypted data, the user plane network element can decrypt the encrypted data to obtain a plaintext. Similarly, when the user plane network element sends data to the terminal, the user plane network element can send the plaintext to be sent to the terminal through the access network device after performing data protection, and after receiving the encrypted data, the terminal can decrypt the encrypted data to obtain the plaintext.

The data protection in the embodiment of the present application may include the following three ways: 1) confidentiality protection; 2) integrity protection; 3) confidentiality protection and integrity protection. Wherein, confidentiality protection may refer to: some data are encrypted to achieve the effect of hiding the data, and the original data can be recovered through decryption. Integrity protection may refer to: some integrity protection operations are performed on the data, and whether the data is tampered with may be checked according to a Message Authentication Code (MAC). The main difference between integrity protection and confidentiality protection is that the integrity protection does not require operations such as exclusive or and the like, and plaintext is directly used as input of an NIA function.

The confidentiality protection provided by the embodiment of the present application is shown in fig. 2a, and may include: a sending end inputs a first parameter, an encryption key (key), a count (count), a direction (direction) (uplink data or downlink data) and a length parameter (key stream length) into a security algorithm (such as an NEA function) to obtain a key stream block, and carries out XOR on a plaintext and the key stream block to obtain a ciphertext (ciphertext block) and sends the ciphertext block; after receiving the ciphertext, the receiving end inputs the first parameter, key, count, direction (uplink data or downlink data) and length into a security algorithm (such as an NEA function) to obtain a key stream packet, and performs XOR on the ciphertext and the key stream packet to obtain a plaintext. Namely, the confidentiality protection is carried out on the data transmitted between the terminal and the user plane network element by taking the first parameter as granularity. The performing xor on the plaintext and the key stream to obtain the ciphertext may include: the method comprises the steps of dividing plaintext into a plurality of groups, carrying out XOR on each group of plaintext (called plaintext block) and a key stream block to obtain a plurality of groups of ciphertext (called ciphertext block for short), and combining the ciphertext blocks together to obtain the ciphertext. Correspondingly, performing xor on the ciphertext and the key stream packet to obtain the plaintext may include: and carrying out XOR on the ciphertext blocks corresponding to the ciphertext and the key stream blocks to obtain plaintext blocks, and combining the plaintext blocks together to obtain the plaintext.

As shown in fig. 2b, the integrity protection provided by the embodiment of the present application may include: the sending end inputs a series of parameters such as key, count, first parameter, direction, plaintext and the like into the NIA function to obtain the MAC to be eliminated and sends out the MAC; and after receiving the plaintext and the message authentication code, the receiving end calculates again according to the series of parameters to obtain the message authentication code, and compares whether the received MAC is the same as the MAC calculated by the receiving end. If the two are the same, the verification is successful. That is, the integrity protection is performed on the data transmitted between the terminal and the user plane network element by using the first parameter as the granularity.

The sending end can be a terminal, and the receiving end can be a user plane network element; or, the sending end is a user plane network element, and the receiving end may be a terminal, without limitation.

When data protection is performed on data transmitted between the terminal and the user plane network element, the first parameter is a necessary parameter, and data protection can be performed according to other parameters besides the first parameter without limitation. The first parameter may correspond to a user plane transmission logical channel between the terminal and the user plane network element. For example, the user plane transmission logical channel may be an activated user plane logical channel, and at this time, a link is maintained between the terminal and the user plane network element; or an inactive user plane logical channel, when the terminal is disconnected from the user network. For example, the first parameter may be a PDU session Identifier (ID), a quality of service flow identifier (QoS flow ID, QFI), a data radio bearer identifier (DRB ID), a slice ID, or other tunnel ID parameter, without limitation. The PDU session ID may be used to identify the PDU session, the QFI may be used to identify the QoS flow, the DRB ID may be used to identify the DRB between the terminal and the access network device, and the DRB may also be referred to as an RB. One PDU session corresponds to one PDU session ID, one QoS flow corresponds to one QFI, and one DRB corresponds to one DRB ID. Specifically, the data protection method provided by the embodiment of the present application may refer to the methods shown in fig. 4 to 9. Other possibilities, the first parameter may also be a radio bearer identity (RB ID) that identifies the radio bearer.

It should be noted that the names of the network elements, the names between the network elements, and the names of the parameters in the architecture of fig. 1 are only an example, and the names between the network elements, and the names and the parameters may be other names in a specific implementation, which is not specifically limited in this embodiment of the present application. In addition, the encryption method may include various methods, for example: the encryption method may be an encryption method in which a ciphertext is obtained by calculating a key stream and then performing exclusive or with a plaintext. The encryption method may be an encryption method in which a key is obtained by directly inputting plaintext. The embodiment of the present application does not limit such an encryption manner.

The terminal and the user plane network element in fig. 1 may be referred to as a communication device or a communication device (e.g., a chip or a system on a chip, etc.) including components for implementing the data protection method provided by the embodiment of the present application, and in order to implement the data protection method provided by the embodiment of the present application, these communication devices may include the components shown in fig. 3. Fig. 3 is a schematic diagram illustrating a communication device 300 according to an embodiment of the present disclosure. As shown in fig. 3, the communication device 300 includes at least one processor 301, a communication line 302, and at least one communication interface 303; further, a memory 304 may also be included. The processor 301, the memory 304 and the communication interface 303 may be connected by a communication line 302. In the embodiments of the present application, at least one of the two or more may be one, two, three or more, and the embodiments of the present application are not limited.

In the embodiment of the present application, the processor 301 may be a Central Processing Unit (CPU), a general purpose processor Network (NP), a Digital Signal Processor (DSP), a microprocessor, a microcontroller, a Programmable Logic Device (PLD), or any combination thereof. The processor may also be any other means having a processing function such as a circuit, device or software module. .

In the present embodiment, the communication lines 302 may include pathways for communicating information between components included in the communication device.

In this embodiment, the communication interface 303 is used for communicating with other devices or communication networks (e.g., ethernet, Radio Access Network (RAN), Wireless Local Area Networks (WLAN), etc.). Communication interface 303 may be a module, circuitry, transceiver, or any device capable of enabling communication.

In the present embodiment, the memory 304 may be a read-only memory (ROM) or other type of static storage device that can store static information and/or instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and/or instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.

In one possible design, the memory 304 may exist separately from the processor 301, i.e., the memory 304 may be a memory external to the processor 301, in which case the memory 304 may be coupled to the processor 301 via the communication line 302 for storing instructions or program code. The processor 301, when calling and executing the instructions or program codes stored in the memory 304, can implement the data protection method provided by the following embodiments of the present application. In yet another possible design, the memory 304 may also be integrated with the processor 301, that is, the memory 304 may be an internal memory of the processor 301, for example, the memory 304 is a cache memory, and may be used for temporarily storing some data and/or instruction information, and the like.

As one implementation, the processor 301 may include one or more CPUs, such as CPU0 and CPU1 in fig. 3. As another implementation, the communication device 300 may include multiple processors, such as the processor 301 and the processor 307 in fig. 3. As yet another implementable manner, the communications apparatus 300 may further include an output device 305 and an input device 306. Illustratively, the input device 306 may be a keyboard, mouse, microphone, joystick, or the like, and the output device 305 may be a display screen, speaker (spaker), or the like.

It should be noted that the communication apparatus 300 may be a general-purpose device or a special-purpose device. For example, the communication apparatus 300 may be a desktop computer, a portable computer, a web server, a PDA, a mobile phone, a tablet computer, a wireless terminal, an embedded device, a system-on-a-chip, or a device having a similar structure as in fig. 3. The embodiment of the present application does not limit the type of the communication apparatus 300. In the embodiment of the present application, the chip system may be composed of a chip, and may also include a chip and other discrete devices.

With reference to fig. 1, the data protection method provided in the embodiment of the present application is specifically described below by taking a user plane network element as a UPF, an access network device as a RAN, a session management network element as an SMF, a mobility management network element as an AMF, a user plane transmission logical channel between a terminal and the UPF as a PDU session, and confidentiality protection between the terminal and the UPF. It should be noted that, when integrity protection is adopted between the terminal and the UPF, or confidentiality protection and integrity protection are adopted to protect data transmitted between the terminal and the UPF, the description of the first parameter and the manner in which the terminal and the UPF determine the first parameter may be described with reference to the following embodiments. In addition, in the following embodiments of the present application, names of messages between network elements or names of parameters in messages are only an example, and other names may also be used in specific implementations, which is not specifically limited in this embodiment of the present application.

Fig. 4 is a data protection method according to an embodiment of the present application, where the method may protect data transmitted between a terminal and a UPF based on a PDU session ID. As shown in fig. 4, the method may include:

step 401: and establishing PDU session between the terminal and the UPF.

The establishment of the PDU session between the terminal and the UPF may include the following processes:

the terminal sends a session establishment request to the AMF; the session establishment request may be used to request establishment of a PDU session, so that a subsequent terminal may access some service applications in a Data Network (DN) through the PDU session, and the session establishment request may include a PDU session ID, where the PDU session ID may be used to identify the PDU session.

The AMF receives the session establishment request and sends a Session Management (SM) context establishment request to the SMF, wherein the SM context establishment request comprises a PDU session ID.

SMF receives the request for establishing SM context, sends response for establishing SM context to AMF and sends request for establishing (or modifying) session management to UPF; the session management setup (or modification) request may include a PDU session ID and QFI of one or more QoS flows that may be carried on the PDU session.

And the UPF receives a session management establishment (or modification) request sent by the SMF, acquires the PDU session ID and the QFI from the session management or establishment request, and stores the corresponding relation between the PDU session ID and the QFI. Wherein the PDU session ID in session management setup (or modification) is optional.

The UPF sends a session management setup (or modify) response to the SMF, where the N3 link identification (or address of the UPF) may be included in the session management setup (or modify) response. The N3 link identifier may be used to identify a logical channel between the RAN and the UPF, and in the embodiments of the present application, no limitation is imposed on the name of the logical link between the RAN and the UPF, and the logical link between the RAN and the UPF is the N3 link, which is taken as an example for description. The N3 link identification may be determined by the SMF and sent to the UPF. For all embodiments of the present application, the N3 link id may also be described as an N3 tunnel id or an N3 interface protocol tunnel id or other names, without limitation.

The SMF receives the session management establishment (or modification) response and sends an N1N2 message to the AMF, wherein the N1N2 message comprises a PDU session request which can comprise a PDU session ID, QFI and an N3 link identification.

And the AMF sends a PDU session request to the RAN, the RAN receives the PDU session request, stores the corresponding relation among the PDU session ID, the QFI and the N3 link identification, configures the DRB for the QFI and stores the corresponding relation among the PDU session ID, the QFI and the DRB ID. For example, the correspondence between PDU session ID, QFI and N3 link ID is: the PDU session ID1, QFI1, N3 link 1, the DRB configured for QFI is DRB1, and the correspondence among PDU session ID, QFI and DRB ID is: PDU session ID1, QFI1, DRB ID 1.

And the RAN sends the corresponding relation among the PDU session ID, the QFI and the DRB ID to the terminal, and the terminal receives and stores the corresponding relation among the PDU session ID, the QFI and the DRB ID. Or, the RAN sends the correspondence between the PDU session ID and the DRB ID to the terminal.

So far, the PDU session establishment is completed between the terminal and the UPF, and the terminal can access some applications in the DN through the PDU session under the condition that the PDU session is active (or working). In case the PDU session is inactive (i.e. there is no connection between the terminal and the UPF), the terminal may access some applications in the DN through the RAN and the UPF according to the routing information (e.g. the identity of the RAN, the identity of the UPF, etc.).

It should be noted that, in all embodiments of the present application, in the process of establishing a PDU session, the terminal may also not include a PDU session ID in the session establishment request, and the AMF or SMF generates the PDU session ID and sends the PDU session ID to the terminal or the UPF.

Step 402: and the terminal determines a PDU session ID corresponding to the plaintext to be sent, and performs data protection on the plaintext by using the PDU session ID to obtain a ciphertext.

The terminal can determine the PDU session ID of the plaintext according to the content information of the plaintext to be sent. The content information of the plaintext may include five-tuple information of the plaintext (e.g., protocol type, source Internet Protocol (IP) address, destination IP address, source port number, destination port number, etc.), and other information used to characterize which PDU session the plaintext belongs to (or is carried on). It should be noted that, for all embodiments of the present application, the manner of determining the PDU session ID corresponding to the plaintext by the terminal includes multiple manners, and is not limited, and the terminal may also determine the PDU session ID for at least one of other information such as an IP address based on the plaintext, a Media Access Control (MAC) address, port number information of a data packet, and a prefix of the IP address.

Optionally, the terminal performs data protection on the plaintext by using the PDU session ID to obtain the ciphertext, where:

the terminal inputs the PDU session ID, the encryption key (key) and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and the key stream packet and a plaintext are subjected to XOR to obtain a ciphertext.

In the embodiments of the present application, the key stream packet may also be described as a key stream or by other names, which is not limited. Encryption keys, security algorithms and other partial parameters (such as count, length parameters, etc.) are shared by the terminal and the UPF. The terminal can negotiate with the AMF or SMF to determine an encryption key, a security algorithm and other partial parameters, and the AMF or SMF sends the well-agreed encryption key, security algorithm and other partial parameters to the UPF; alternatively, encryption keys, security algorithms and other partial parameters are pre-configured on the terminal and UPF.

It should be noted that, the embodiments of the present application do not limit the name of the security algorithm for confidentiality protection, and the security algorithm may include NEA, EEA, and the like. The embodiments of the present application are described by taking NEA as an example.

Step 403: the terminal sends the cryptogram to the RAN.

Optionally, the terminal sends the ciphertext to the RAN through a DRB between the terminal and the RAN. Such as: the terminal can determine the DRB corresponding to the PDU session ID according to the corresponding relation between the PDU session ID and the DRB ID stored by the terminal, and send the ciphertext to the RAN through the determined DRB. Or the terminal determines the QFI corresponding to the plaintext and sends the ciphertext to the RAN through the DRB corresponding to the QFI. The embodiment of the present application does not limit the method for determining the QFI corresponding to the plaintext.

It should be noted that, for all embodiments of the present application, while sending a ciphertext to the RAN, the terminal may simultaneously send a first sending instruction, where the first sending instruction may be used to indicate that the ciphertext is sent to the UPF by the RAN, so that after receiving the ciphertext, the RAN sends the ciphertext to the UPF through the N3 link according to the first sending instruction.

Step 404: RAN receives the ciphertext and sends the ciphertext to UPF.

Optionally, the RAN receives the ciphertext sent by the terminal through the DRB, and also receives the first sending instruction, and the RAN learns that the ciphertext is the ciphertext sent to the UPF according to the first sending instruction, and sends the ciphertext to the UPF through the N3 link.

Or, when the terminal sends the ciphertext to the RAN, the terminal does not send the first sending instruction, but during the PDU session establishment process, when the RAN allocates the DRB ID, specifies that the ciphertext sent on the DRB corresponding to the DRB ID needs to be sent to the corresponding UPF. Subsequently, when receiving the ciphertext transmitted by the terminal from the DRB, the RAN learns that the ciphertext is the ciphertext transmitted to the UPF according to the DRB ID corresponding to the DRB, and transmits the ciphertext to the UPF through the N3 link.

Wherein, the RAN sending the ciphertext to the UPF through the N3 link may include: the RAN may determine the PDU session ID corresponding to the ciphertext received from the DRB according to the correspondence between the PDU session ID and the DRB ID stored therein, determine the N3 link ID corresponding to the PDU session ID according to the correspondence between the PDU session ID and the N3 link ID, and send the ciphertext to the UPF according to the N3 link ID. Or the terminal sends the cipher text and also sends QFI, the RAN determines the link identifier of N3 according to the corresponding relation between the QFI and the link identifier of N3, and sends the cipher text to the corresponding UPF through the link of N3 identified by the link identifier of N3.

Step 405: and the UPF receives the ciphertext, determines the PDU session ID corresponding to the ciphertext, and decrypts the ciphertext by using the determined PDU session ID to obtain the plaintext.

The UPF may receive the ciphertext from the N3 link, and after receiving the ciphertext, the UPF may determine the PDU session ID corresponding to the ciphertext in the following one or two ways:

the first method is as follows: the UPF saves the correspondence between the PDU session ID and the QFI through the PDU session establishment procedure of step 401. And when the UPF receives the ciphertext, the UPF determines the QFI corresponding to the ciphertext and determines the PDU session ID according to the corresponding relation between the PDU session ID and the QFI.

The UPF may determine the QFI corresponding to the ciphertext according to quintuple information of the ciphertext or an N3 link identifier of an N3 link that transmits the ciphertext. For example, the UPF may filter quintuple information of the received ciphertext through the filtering template, and if the received ciphertext satisfies the filtering template, determine that the ciphertext belongs to the QoS flow corresponding to the filtering template. The filtering template can be sent to the UPF by the SMF in the PDU session establishment process.

The second method comprises the following steps: in step 404, the RAN may send the PDU session ID to the UPF while sending the ciphertext, and the UPF may obtain the PDU session ID corresponding to the ciphertext from the RAN.

In the second mode, the RAN stores the corresponding relationship between the PDU session ID and the DRB ID, and after receiving the ciphertext transmitted by the terminal through the DRB, the RAN may determine the PDU session ID corresponding to the ciphertext according to the corresponding relationship between the PDU session ID and the DRB ID, and transmit the PDU session ID to the UPF.

Or, the RAN stores the correspondence between the PDU session ID and the QFI, and after receiving the ciphertext from the terminal, the RAN may send the ciphertext to a Service Data Adaptation Protocol (SDAP) layer of the RAN to process the resulting QFI, and then determines the PDU session ID corresponding to the ciphertext according to the correspondence between the PDU session ID and the QFI.

Or, the terminal sends the cipher text and also sends the QFI, and the RAN determines the N3 link identifier according to the corresponding relation between the QFI and the N3 link identifier and sends the cipher text to the corresponding UPF.

It should be noted that, in the second mode, the UPF may not store the corresponding relationship between the PDU session ID and the QFI, or during the PDU session establishment in step 401, the SMF does not send the PDU session ID to the UPF.

Optionally, the UPF decrypts the ciphertext by using the determined PDU session ID, so as to obtain the plaintext, where:

the UPF inputs the PDU session ID, key and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and performs XOR on the key stream packet and the ciphertext to obtain a plaintext.

The above steps 402 to 405 are an encryption process in which the terminal transmits data to the UPF, and are reverse processes in which the terminal transmits data to the UPF, and when the UPF transmits data to the terminal, confidentiality protection may be performed. Specifically, as shown in fig. 4, the method may further include:

step 406: and the UPF determines a PDU session ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the PDU session ID to obtain a ciphertext.

Optionally, the UPF inputs the PDU session ID, key, and other parameters (e.g., count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and a plaintext to obtain a ciphertext. The UPF can determine QFI corresponding to the ciphertext according to quintuple information of the plaintext, and determine PDU session ID corresponding to the plaintext according to the corresponding relation between the QFI and the PDU session ID stored in the UPF. It should be noted that, for all embodiments of the present application, the manner for determining the PDU session ID corresponding to the plaintext by the UPF may include multiple manners, which is not limited. Such as: the UPF may also determine a PDU session ID corresponding to the plaintext based on at least one of the plaintext IP address, the MAC address, the port number information of the data packet, the prefix of the IP address, and other information.

Step 407: the UPF sends the cryptogram to the RAN.

Alternatively, the UPF may send the ciphertext to the RAN over the N3 link.

It should be noted that, for all embodiments of the present application, the UPF may simultaneously send a second sending instruction while sending the ciphertext to the RAN, where the second sending instruction may be used to indicate that the RAN sends the ciphertext to the terminal, so that the RAN sends the ciphertext to the terminal through the DRB according to the second sending instruction after receiving the ciphertext.

Step 408: RAN receives the ciphertext and sends the ciphertext to the terminal.

Optionally, the RAN receives the ciphertext sent by the UPF through the N3 link, and also receives a second sending instruction, and the RAN learns that the ciphertext is the ciphertext sent to the terminal according to the second sending instruction, and sends the ciphertext to the UPF through the DRB.

Or, when the terminal sends the ciphertext to the RAN, the terminal does not send the second sending instruction, but in the PDU session establishment process, after receiving the N3 link identifier, the RAN specifies that the ciphertext sent on the N3 link corresponding to the N3 link identifier needs to be sent to the corresponding terminal. Subsequently, when the RAN receives the ciphertext sent by the UFP from the N3 link, the RAN learns that the ciphertext is the ciphertext sent to the terminal according to the N3 link identifier corresponding to the N3 link, and sends the ciphertext to the terminal through the DRB.

Step 409: and the terminal receives the ciphertext, determines the PDU session ID corresponding to the ciphertext, and decrypts the ciphertext by using the PDU session ID to obtain the plaintext.

Optionally, the terminal inputs the PDU session ID, key and other parameters (such as count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext.

The terminal can determine the QFI corresponding to the ciphertext according to the quintuple information corresponding to the ciphertext, and determine the PDU session ID corresponding to the ciphertext according to the corresponding relation between the PDU session ID and the QFI stored in the terminal. Or the terminal determines the PDU session ID corresponding to the ciphertext according to the stored corresponding relation between the PDU session ID and the DRB.

Based on the method shown in fig. 4, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to the PDU session ID, end-to-end protection from the terminal to the UPF is achieved, the problems that data leakage occurs and the security of user plane data transmission is reduced when the RAN attacks user plane data interacted with the network side when the RAN performs confidentiality protection on the data are avoided, and the security of data transmission is improved.

In addition to the PDU session ID, the embodiment of the present application may also protect data based on QFI, and specifically, this manner may be as shown in fig. 5. Fig. 5 is a data protection method according to an embodiment of the present application, where the method may protect data transmitted between a terminal and a UPF based on QFI. As shown in fig. 5, the method may include:

step 501: and establishing PDU session between the terminal and the UPF.

Step 501 is the same as step 401, and is not described again.

Step 502: and the terminal determines QFI corresponding to the plaintext to be sent, and encrypts the plaintext by using the QFI to obtain the ciphertext.

The manner of determining the QFI by the terminal is not limited, and for example, the terminal may determine the QFI corresponding to the plaintext according to the IP quintuple information of the plaintext. For example, the terminal may filter the IP quintuple information of the plaintext through the filtering template, and if the plaintext satisfies the filtering template, determine that the plaintext belongs to the QoS flow corresponding to the filtering template. The filtering template may be sent to the terminal by the SMF through the AMF and the RAN during the PDU session establishment process.

Optionally, the encrypting the plaintext by the terminal using the QFI to obtain the ciphertext includes: the terminal inputs QFI, key and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and the key stream packet and a plaintext are subjected to XOR to obtain a ciphertext.

Step 503: the terminal sends the cryptogram to the RAN.

Step 503 can be referred to as step 403, and is not described again.

Step 504: RAN receives the ciphertext and sends the ciphertext to UPF.

Step 504 can be described with reference to step 404, and is not described again.

Step 505: and the UPF receives the ciphertext, determines the QFI corresponding to the ciphertext, and decrypts the ciphertext by using the determined QFI to obtain the plaintext.

The UPF may determine the QFI corresponding to the ciphertext according to quintuple information of the ciphertext or an N3 link identifier for sending the ciphertext, and the like. For example, the UPF may filter quintuple information of the received ciphertext through the filtering template, and if the received ciphertext satisfies the filtering template, determine that the ciphertext belongs to the QoS flow corresponding to the filtering template. The filtering template can be sent to the UPF by the SMF in the PDU session establishment process.

Or, the RAN may send the QFI corresponding to the ciphertext to the UPF while sending the ciphertext in step 504, and the UPF may obtain the QFI corresponding to the ciphertext from the RAN.

The RAN may determine the QFI corresponding to the ciphertext by 1) or 2) as follows:

1) the RAN stores the corresponding relation between the QFI and the DRB ID, and after the RAN receives the ciphertext transmitted by the terminal through the DRB, the RAN can determine the QFI corresponding to the ciphertext according to the corresponding relation between the QFI and the DRB ID and transmit the QFI to the UPF.

The RAN may store the corresponding relationship between the QFI and the DRB ID in the process of establishing the PDU session in step 501. Such as: the RAN receives the PDU session request sent by the SMF and further comprises indication information, the indication information can be used for indicating that data protection is carried out by the UPF, or indicating that data protection is carried out by adopting the QFI, or indicating that at least one item of different DRBs are allocated to different QFIs, and the RAN allocates different DRB IDs to the QFIs according to the indication information.

It should be noted that, in the method 1), one QFI corresponds to one DRB ID in the correspondence between QFI and DRB ID stored in the RAN, that is, only a unique DRB is allocated to each QoS flow.

2) The terminal may also send a QFI indication to the RAN while sending the ciphertext to the RAN in step 503, and the RAN determines the QFI corresponding to the ciphertext according to the QFI indication.

The QFI indication may be used to indicate QFI, the QFI indication may be QFI or another identifier used to identify QFI, a mapping relationship exists between the QFI and the other identifier used to identify QFI, and the mapping relationship may be sent by the SMF to the RAN and the terminal in step 501, and the RAN and the terminal store the mapping relationship between the QFI and the other identifier used to identify QFI. When the QFI indication is QFI, the RAN may directly determine the QFI indication as the QFI corresponding to the ciphertext, and when the QFI indication is another identifier for identifying the QFI, the RAN may determine the QFI corresponding to the ciphertext according to a mapping relationship between the identifier and the QFI.

For example, if the QFI used in the terminal encryption is QFI1, the QFI indication may be QFI1, and may also be other identifiers that can be used to indicate QFI1, such as: character a. The RAN determines that the QFI identified by the character a is QFI1 according to the character a and the mapping relationship between the character a and QFI1 when the RAN receives the character a, where the character a and the QFI1 have a mapping relationship.

Optionally, the UPF decrypts the ciphertext by using the determined QFI, so as to obtain the plaintext, where: the UPF inputs QFI, an encryption key (key) and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and performs XOR on the key stream packet and a ciphertext to obtain a plaintext.

The above steps 502 to 505 are an encryption process in which the terminal transmits data to the UPF, and are reverse processes in which the terminal transmits data to the UPF, and when the UPF transmits data to the terminal, confidentiality protection may be performed. Specifically, as shown in fig. 5, the method may further include:

step 506: and the UPF determines QFI corresponding to the plaintext to be sent, and encrypts the plaintext by using the QFI to obtain the ciphertext.

The process of determining the QFI corresponding to the plaintext to be sent by the UPF is as described above, for example: the UPF can determine the QFI corresponding to the ciphertext according to the IP quintuple information of the plaintext.

Optionally, the UPF inputs the QFI, the key, and other parameters (such as count, direction, length parameters, and the like) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and a plaintext to obtain a ciphertext.

Step 507: the UPF sends the cryptogram to the RAN.

Step 507 can be referred to as step 407, and is not described again.

Step 508: the RAN sends the ciphertext to the terminal.

Step 508 may refer to step 408, which is not described again.

Step 509: and the terminal receives the ciphertext, determines the QFI corresponding to the ciphertext, and decrypts the ciphertext by using the QFI to obtain the plaintext.

The terminal can determine the QFI corresponding to the ciphertext according to the quintuple information corresponding to the ciphertext; or, the terminal acquires the QFI corresponding to the ciphertext from the RAN, such as: the UPF sends a ciphertext to the RAN through the N3 link, after receiving the ciphertext, the RAN determines the QFI corresponding to the ciphertext according to the N3 link identifier corresponding to the N3 link, and sends the QFI to the terminal; or the terminal determines the QFI according to the DRB ID.

Optionally, the terminal inputs the QFI, the key and other parameters (such as count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext.

Based on the method shown in fig. 5, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to QFI, end-to-end protection from the terminal to the UPF is achieved, the problems that data leakage occurs and the security of user plane data transmission is reduced when the RAN attacks user plane data interacted with the network side when the RAN performs confidentiality protection on the data are avoided, and the security of data transmission is improved.

In addition to the PDU session ID or QFI, the embodiment of the present application may also protect data based on the DRB ID, and specifically, this manner may be as shown in fig. 6. Fig. 6 is a data protection method according to an embodiment of the present application, where the method can protect data transmitted between a terminal and a UPF based on a DRB ID. As shown in fig. 6, the method may include:

step 601: and establishing PDU session between the terminal and the UPF.

Step 601 is the same as step 401, and is not described again.

Step 602: and the terminal determines the DRB ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the DRB ID to obtain the ciphertext.

The terminal may determine the QFI corresponding to the plaintext according to the quintuple information of the plaintext, and then determine the DRB ID corresponding to the plaintext according to the corresponding relationship between the QFI and the DRB ID. The process of determining the QFI corresponding to the plaintext by the terminal may refer to the process described in step 502, and is not described again.

Optionally, the encrypting the plaintext by the terminal using the DRB ID to obtain the ciphertext includes: the terminal inputs the DRB ID, the encryption key (key) and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and the key stream packet and the plaintext are subjected to XOR to obtain a ciphertext.

Step 603: the terminal sends the cryptogram to the RAN.

Step 603 can be referred to as step 403, and is not described again.

Step 604: RAN receives the ciphertext and sends the ciphertext to UPF.

Step 604 can be described with reference to step 404, and is not described again.

Step 605: and the UPF receives the ciphertext, determines the DRB ID corresponding to the ciphertext, and decrypts the ciphertext by using the determined DRB ID to obtain the plaintext.

In one possible design, the UPF may determine the QFI corresponding to the ciphertext according to quintuple information of the ciphertext or an N3 link identifier for sending the ciphertext, and then determine the DRB ID corresponding to the ciphertext according to the correspondence between the DRB ID and the QFI stored in the UPF.

The process of determining the QFI corresponding to the ciphertext by the UPF may refer to step 505, and is not described again.

Wherein, the corresponding relationship between the DRB ID and the QFI may be sent by the RAN to the UPF in the process of establishing the PDU session in step 601, and the UPF receives the corresponding relationship and then stores the corresponding relationship in the UPF, for example: and the RAN receives the indication information sent by the SMF, allocates different DRB IDs for the QFIs according to the indication information, sends the DRB IDs allocated for the QFIs to the UPF, and stores the DRB IDs by the UPF. The description of the indication information can refer to the description in step 505, and is not repeated.

In another possible design, the RAN may send the DRB ID to the UPF at the same time of sending the ciphertext to the UPF in step 604, and the UPF determines the received DRB ID as the DRB ID corresponding to the ciphertext.

In another possible design, the terminal may send the DRB ID indication to the RAN while sending the ciphertext to the RAN in step 603, and the RAN determines the DRB ID corresponding to the ciphertext according to the DRB ID indication.

The DRB ID indication may be used to indicate a DRB ID, the DRB ID indication may be a DRB ID or another identifier used to identify the DRB ID, and a mapping relationship exists between the other identifier used to identify the DRB ID and the DRB ID, where the mapping relationship may be sent by the SMF to the RAN and the terminal in step 501, and the RAN and the terminal store the mapping relationship between the other identifier used to identify the DRB ID and the DRB ID. When the DRB ID indicates a DRB ID, the RAN may directly determine the DRB ID indication as a DRB ID corresponding to the ciphertext, and when the DRB ID indicates another identifier for identifying the DRB ID, the RAN may determine the DRB ID corresponding to the ciphertext according to a mapping relationship between the identifier and the DRB ID.

For example, if the DRB ID used in the terminal encryption is DRB ID1, the DRB ID indication may be DRB ID1, or may be another identifier that can be used to indicate DRB ID1, such as: character B. The character B and the DRB ID1 have a mapping relationship, and when the RBN receives the character B, the RBN can determine that the DRB ID identified by the character B is the DRB ID1 according to the character B and the mapping relationship between the character B and the DRB ID 1.

Optionally, the UPF decrypts the ciphertext by using the determined DRB ID, so as to obtain the plaintext, where: the UPF inputs the DRB ID, the key and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and performs XOR on the key stream packet and the ciphertext to obtain a plaintext.

It should be noted that, in another possible design, when the UPF receives the DRB ID from the RAN, the UPF may store a corresponding relationship between the received DRB ID and a QFI or PDU session ID corresponding to the ciphertext, and subsequently, the UPF may determine, according to the stored corresponding relationship between the DRB ID and the QFI or PDU session ID, a DRB ID corresponding to data sent or received by the UPF, and perform confidentiality protection on the data according to the determined DRB ID.

The above steps 602 to 605 are encryption processes for the terminal to transmit data to the UPF, and are inverse processes for the terminal to transmit data to the UPF, and when the UPF transmits data to the terminal, confidentiality protection may be performed. Specifically, as shown in fig. 6, the method may further include:

step 606: and the UPF determines a DRB ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the DRB ID to obtain a ciphertext.

And the UPF determines QFI corresponding to the plaintext to be sent, and determines DRB ID corresponding to the plaintext according to the corresponding relation between the QFI and the DRB ID. The determination of the QFI corresponding to the plaintext to be sent by the UPF may refer to the description in step 605, and is not described again.

The UPF determines a PDU session ID corresponding to a plaintext to be sent, and determines a DRB ID corresponding to the plaintext according to a corresponding relation between the PDU session ID and the DRB ID. The UPF determines the PDU session ID corresponding to the plaintext to be sent, which is described with reference to the previous step and is not described again.

Optionally, the UPF inputs the DRB ID, the key, and other parameters (e.g., count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the plaintext to obtain the ciphertext.

Step 607: the UPF sends the cryptogram to the RAN.

Step 607 can be referred to as step 407, and is not described again.

Step 608: the RAN sends the ciphertext to the terminal.

Step 608 can be described with reference to step 408, and is not described again.

Step 609: and the terminal receives the ciphertext, determines the DRB ID corresponding to the ciphertext, and decrypts the ciphertext by using the DRB ID to obtain the plaintext.

The terminal may receive the ciphertext sent by the RAN from the DRB, and use the DRB ID corresponding to the DRB as the DRB ID corresponding to the ciphertext.

Optionally, the terminal inputs the DRB ID, the key, and other parameters (such as count, direction, length parameters, and the like) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext.

Based on the method shown in fig. 6, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to the DRB ID, end-to-end protection from the terminal to the UPF is achieved, the problems that data leakage occurs and the security of user plane data transmission is reduced when the RAN attacks user plane data interacted with the network side when the RAN performs confidentiality protection on the data are avoided, and the security of data transmission is improved.

Fig. 4 to 6 are applicable to the case of setting up a PDU session between a terminal and a UPF, and for the case of no connection between the terminal and the UPF, the data protection process is shown in fig. 7 to 9. In this embodiment, the unconnected state between the terminal and the UPF may mean that no logical channel is established between the terminal and the RAN, no logical channel is established between the RAN and the UPF, and no logical channel for user plane transmission is established between the terminal and the UPF, or that a logical channel for user plane transmission (for example, PDU session) established between the terminal and the UPF is not activated (or is disconnected).

The following describes the data protection process by taking the case that the user plane transmission logical channel (e.g. PDU session) established between the terminal and the UPF is not activated (or is disconnected) as shown in fig. 7 to 9. Before the PDU session is disconnected between the terminal and the UPF, the PDU session may be established through the method described in step 401, and in the process of establishing the PDU session, different from step 401, the session management establishment (or modification) response sent from the UPF to the SMF may further include an address of the UPF, after receiving the session management establishment (or modification) response, the SMF sends the address of the UPF and the PDU session ID to the RAN, and the RAN stores the mapping relationship between the addresses of the PDU session and the UPF, returns the address of the UPF to the terminal, and may also send the address of the RAN to the terminal.

Fig. 7 is another data protection method provided in this embodiment, which may protect data transmitted between a terminal and a UPF based on a PDU session ID when a PDU session is not established between the terminal and the UPF. As shown in fig. 7, the method may include:

step 701: and the terminal determines a PDU session ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the PDU session ID to obtain a ciphertext.

Step 701 may refer to step 402, which is not described again.

Step 702: the terminal sends the cryptogram to the RAN.

Step 703: and the RAN receives the ciphertext, determines the PDU session ID corresponding to the ciphertext, and sends the ciphertext and the PDU session ID to the UPF.

The RAN may obtain an address of the UPF according to a correspondence between the PDU session ID and the address of the UPF, and send the ciphertext and the PDU session ID to the UPF according to the address of the UPF.

In a possible design, in step 702, the terminal sends the cryptograph to the RAN and also sends the PDU session ID corresponding to the cryptograph to the RAN, that is, the RAN may obtain the PDU session ID corresponding to the cryptograph from the terminal.

In another possible design, in step 702, the terminal sends the cryptograph to the RAN and also sends the identifier of the terminal to the RAN, and after receiving the identifier of the terminal, the RAN determines the PDU session ID corresponding to the cryptograph according to the correspondence between the identifier of the terminal and the PDU session ID.

The correspondence between the terminal identifier and the PDU session ID may be pre-stored in the RAN when the PDU session is established between the terminal and the UPF, for example: the session establishment request sent by the terminal may further include an identifier of the terminal, subsequently, the session management establishment (or modification) message sent by the SMF to the UPF may further include an identifier of the terminal, after receiving the session management establishment (or modification) response, the SMF sends the identifier of the terminal and the PDU session ID together to the RAN, and the RAN stores a mapping relationship between the identifier of the terminal and the PDU session ID. The identity of the terminal may be used to identify the terminal, and may be a temporary identity or a permanent identity of the terminal. The identifier of the terminal sent by the terminal to the SMF may be the same as or different from the identifier of the terminal sent by the SMF to the RAN, for example, the SMF may generate the identifier of the terminal by itself and then send the identifier to the RAN, and the optional SMF may send the identifier of the terminal generated by itself to the terminal.

In another possible design, in step 702, the terminal sends the address of the UPF to the RAN while sending the cryptogram to the RAN, and after receiving the address of the UPF, the RAN sends the cryptogram to the UPF according to the address of the UPF.

In another possible design, in step 702, the terminal sends the cryptogram to the RAN and also sends the PDU session ID and the address of the UPF to the RAN, and the RAN sends the cryptogram and the PDU session ID to the UPF according to the address of the UPF.

Optionally, after receiving the ciphertext and the PDU session ID sent by the terminal, the RAN stores the correspondence between the PDU session ID and the identifier of the terminal, and the correspondence between the PDU session ID and the identifier of the terminal corresponds to a timer (or a time window), where the timer is used to limit the limited duration of the correspondence between the PDU session ID and the identifier of the terminal, and the timer is overtime, which indicates that the correspondence between the PDU session ID and the identifier of the terminal is invalid, and the RAN may delete the correspondence.

Step 704: and the UPF receives the ciphertext and the PDU session ID, and decrypts the ciphertext by using the PDU session ID to obtain a plaintext.

Further optionally, after receiving the cipher text and the PDU session ID sent by the RAN, the UPF stores a correspondence between the PDU session ID and the address of the RAN, and the correspondence between the PDU session ID and the address of the RAN corresponds to a timer (or a time window), where the timer is used to limit a limited duration of the correspondence between the PDU session ID and the address of the RAN, and the timer is overtime to indicate that the correspondence between the PDU session ID and the address of the RAN is invalid, and the UPF may delete the correspondence.

The address of the RAN may be used to identify the RAN, and the address of the RAN may be sent to the UPF when the RAN sends the cryptogram and the PDU session ID to the UPF.

It should be noted that, in step 703, the RAN may not send the PDU session ID to the UPF, but only send the identifier and the ciphertext of the terminal to the UPF. The UPF stores the corresponding relationship between the terminal identifier and the PDU session ID, and after receiving the terminal identifier and the ciphertext, the UPF can determine the PDU session ID corresponding to the ciphertext according to the corresponding relationship. The corresponding relation between the terminal identifier and the PDU session ID may be sent to the UPF by the SMF in the PDU session establishment process.

The above-mentioned steps 702 to 704 are an encryption process in which the terminal transmits data to the UPF, and are an inverse process in which the terminal transmits data to the UPF, and when the UPF transmits data to the terminal, confidentiality protection may be performed. Specifically, as shown in fig. 7, the method may further include:

step 705: and the UPF determines a PDU session ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the PDU session ID to obtain a ciphertext.

The UPF can determine QFI corresponding to the ciphertext according to quintuple information of the plaintext, and determine PDU session ID corresponding to the plaintext according to the corresponding relation between the QFI and the PDU session ID stored in the UPF; or the UPF directly determines the PDU session ID according to the plaintext service type, such as IP address. Then, the PDU session ID, key and other parameters (such as count, direction, length parameters and the like) are input into a security algorithm to generate a key stream packet, and the key stream packet and a plaintext are subjected to XOR to obtain a ciphertext.

The corresponding relationship between the QFI and the PDU session ID may be pre-stored in the UPF when the PDU session is established between the terminal and the UPF.

Step 706: the UPF sends the cryptogram to the RAN.

The UPF may obtain an address of the RAN according to the PDU session ID determined by the UPF and a corresponding relationship between the PDU session ID and the address of the RAN, and send a ciphertext to the RAN according to the address of the RAN.

Optionally, the UPF further sends the PDU session ID to the RAN.

Step 707: RAN sends cipher text and PDU session ID to terminal.

Optionally, the RAN may obtain the identifier of the terminal according to the received PDU session ID and the correspondence between the stored PDU session ID and the identifier of the terminal, and send the ciphertext and the PDU session ID to the terminal according to the identifier of the terminal.

Optionally, the RAN determines the DRB ID according to the stored correspondence between the PDU session ID and the DRB ID, or the correspondence between the address of the UPF and the DRB ID, and then sends the ciphertext to the terminal according to the DRB identified by the DRB ID.

Step 708: and the terminal receives the ciphertext and the PDU session ID, and decrypts the ciphertext by using the PDU session ID to obtain a plaintext.

Optionally, the terminal inputs the PDU session ID, the encryption key (key), and other parameters (such as count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext. The terminal can determine the QFI corresponding to the ciphertext according to the quintuple information corresponding to the ciphertext, and determine the QFI corresponding to the ciphertext according to the corresponding relationship between the PDU session ID stored in the terminal and the QFI.

It should be noted that, in step 707, the RAN may not send the PDU session ID to the terminal, and only send the ciphertext to the terminal through the DRB. In step 708, after receiving the ciphertext through the DRB, the terminal may determine the PDU session ID according to the correspondence between the DRB ID and the PDU session ID.

Based on the method shown in fig. 7, under the condition that no connection is established between the terminal and the UPF, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to the PDU session ID, end-to-end protection from the terminal to the UPF is achieved, the problems that when the RAN performs confidentiality protection on the data, data is leaked and the security of user plane data transmission is reduced when the RAN and the user plane data interacted with the network side are attacked are avoided, and the security of data transmission is improved.

In the case that a connection is not established between the terminal and the UPF, besides the PDU session ID, data may be protected based on QFI, and specifically, this manner may be as shown in fig. 8. Fig. 8 is a further data protection method according to an embodiment of the present application, which can protect data transmitted between a terminal and a UPF based on QFI when no QFI is established between the terminal and the UPF. As shown in fig. 8, the method may include:

step 801: and the terminal determines QFI corresponding to the plaintext to be sent, and encrypts the plaintext by using the QFI to obtain the ciphertext.

Step 801 may refer to step 502, which is not described again.

Step 802: the terminal sends the cryptogram to the RAN.

The RAN may be a default RAN, or the terminal sends the cryptograph to the RAN according to the address of the RAN received in the PDU session establishment process.

Step 803: and the RAN receives the ciphertext, determines the QFI corresponding to the ciphertext and transmits the ciphertext and the QFI to the UPF.

In a possible design, in step 802, the terminal sends the ciphertext to the RAN and also sends the QFI corresponding to the ciphertext to the RAN, that is, the RAN may obtain the QFI corresponding to the ciphertext from the terminal.

In another possible design, in step 802, the terminal sends the identifier of the terminal to the RAN while sending the ciphertext to the RAN, and after receiving the identifier of the terminal, the RAN determines the QFI corresponding to the ciphertext according to the correspondence between the identifier of the terminal and the QFI.

The correspondence between the identifier of the terminal and the QFI may be pre-stored on the RAN when the QFI is established between the terminal and the UPF, for example: the session establishment request sent by the terminal may further include an identifier of the terminal, and subsequently, the session management establishment (or modification) response sent by the UPF to the SMF may further include the identifier of the terminal, after receiving the session management establishment (or modification) response, the SMF sends the identifier of the terminal to the RAN, and after the RAN allocates the QFI to the DRB, the RAN stores the mapping relationship between the identifier of the terminal and the QFI. The identity of the terminal may be used to identify the terminal, and may be a temporary identity or a permanent identity of the terminal.

In the two possible manners, the RAN may obtain the address of the UPF according to the QFI corresponding to the ciphertext and the correspondence between the addresses of the QFI and the UPF, and send the ciphertext and the QFI to the UPF according to the address of the UPF.

In another possible design, in step 802, the terminal sends the address of the UPF to the RAN while sending the ciphertext to the RAN, and after receiving the address of the UPF, the RAN determines the QFI corresponding to the ciphertext according to the correspondence between the address of the UPF and the QFI, and sends the ciphertext and the QFI to the UPF according to the address of the UPF.

In another possible design, in step 802, the terminal sends the address of the QFI and the UPF to the RAN while sending the ciphertext to the RAN, and the RAN sends the address of the QFI and the address of the UPF to the UPF.

Optionally, after receiving the ciphertext and the QFI sent by the terminal, the RAN stores the correspondence between the QFI and the identifier of the terminal, and the correspondence between the QFI and the identifier of the terminal corresponds to a timer (or a time window), where the timer is used to limit the limited duration of the correspondence between the QFI and the identifier of the terminal, and the timer is overtime, which indicates that the correspondence between the QFI and the identifier of the terminal is invalid, and the RAN may delete the correspondence.

Step 804: and the UPF receives the ciphertext and the QFI, and decrypts the ciphertext by using the QFI to obtain a plaintext.

Optionally, after receiving the ciphertext and the QFI sent by the RAN, the UPF stores the correspondence between the QFI and the address of the RAN, and the correspondence between the QFI and the address of the RAN corresponds to a timer (or a time window), where the timer is used to limit the limited duration of the correspondence between the QFI and the address of the RAN, and the timer is overtime, which indicates that the correspondence between the QFI and the address of the RAN is invalid, and the UPF may delete the correspondence.

The address of the RAN may be used to identify the RAN, and the address of the RAN may be sent to the UPF when the RAN sends the cryptogram and the QFI to the UPF.

The above steps 802 to 804 are an encryption process for the terminal to send data to the UPF, and are the reverse process for the terminal to send data to the UPF, and when the UPF sends data to the terminal, confidentiality protection can be performed. Specifically, as shown in fig. 8, the method may further include:

step 805: and the UPF determines QFI corresponding to the plaintext to be sent, and encrypts the plaintext by using the QFI to obtain the ciphertext.

The UPF can determine QFI corresponding to the ciphertext according to quintuple information of the plaintext, input the QFI, the encryption key (key) and other parameters (such as count, direction, length parameters and the like) into a security algorithm to generate a key stream packet, and perform XOR on the key stream packet and the plaintext to obtain the ciphertext.

Step 806: the UPF sends the cryptogram to the RAN.

The UPF can obtain the address of the RAN according to the QFI determined by the UPF and the corresponding relation between the QFI and the address of the RAN, and send a ciphertext to the RAN according to the address of the RAN.

Optionally, the UPF also sends the QFI to the RAN.

Step 807: the RAN sends the ciphertext and the QFI to the terminal.

Optionally, the RAN may obtain the identifier of the terminal according to the received QFI and the corresponding relationship between the stored QFI and the identifier of the terminal, and send the ciphertext and the QFI to the terminal according to the identifier of the terminal.

Optionally, the RAN determines the DRB ID according to the previously stored information of the DRB corresponding to the QFI, and sends the ciphertext to the terminal according to the DRB corresponding to the DRB ID.

Step 808: and the terminal receives the ciphertext and the QFI, and decrypts the ciphertext by using the QFI to obtain a plaintext.

Optionally, the terminal inputs the QFI, the encryption key (key), and other parameters (such as count, direction, length parameters, etc.) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext. And the terminal can determine the QFI corresponding to the ciphertext according to the quintuple information corresponding to the ciphertext.

Based on the method shown in fig. 8, under the condition that no connection is established between the terminal and the UPF, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to the QFI, end-to-end protection from the terminal to the UPF is realized, the problems that when the RAN performs confidentiality protection on the data, data leakage occurs when the RAN and user plane data interacted with the network side are attacked, and the security of user plane data transmission is reduced are solved, and the security of data transmission is improved.

In the case that a connection is not established between the terminal and the UPF, besides the PDU session ID or QFI, data may be protected based on the DRB ID, specifically, this manner may be as shown in fig. 9. Fig. 9 is a further data protection method according to an embodiment of the present application, where the method can protect data transmitted between a terminal and a UPF based on a DRB ID when the DRB ID is not established between the terminal and the UPF. As shown in fig. 9, the method may include:

step 901: and the terminal determines the DRB ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the DRB ID to obtain the ciphertext.

Step 901 may refer to step 602, which is not described again.

Step 902: the terminal sends the cryptogram to the RAN.

Optionally, the RAN may be a default RAN, or the terminal sends the cryptograph to the RAN according to the address of the RAN received in the PDU session establishment process.

Step 903: and the RAN receives the ciphertext, determines the DRB ID corresponding to the ciphertext, and sends the ciphertext and the DRB ID to the UPF.

In a possible design, in step 902, the terminal sends the ciphertext to the RAN and also sends the DRB ID corresponding to the ciphertext to the RAN, and the RAN may obtain the DRB ID corresponding to the ciphertext from the terminal, obtain the address of the UPF according to the DRB ID corresponding to the ciphertext and the correspondence between the DRB ID and the address of the UPF, and send the ciphertext and the DRB ID to the UPF according to the address of the UPF.

The correspondence between the address of the UPF and the DRB ID may be pre-stored in the RAN when a PDU session is established between the terminal and the UPF, for example: in the PDU session establishment, the SMF sends the address of the UPF to the RAN. And after distributing the DRB ID for the terminal, the RAN stores the mapping relation between the UPF address and the DRB ID. The address of the UPF may be used to identify the UPF, may be an IP address or a MAC address of the UPF, etc.

In another possible design, in step 902, the terminal sends the identifier of the terminal to the RAN while sending the ciphertext to the RAN, and after receiving the identifier of the terminal, the RAN determines the address of the UPF corresponding to the ciphertext according to the correspondence between the identifier of the terminal and the address of the UPF.

Wherein, such as: in session management setup, the SMF sends the identity of the terminal and the address of the UPF to the RAN. And the RAN determines the address of the UPF according to the received identifier of the terminal. The identity of the terminal may be used to identify the terminal, and may be a temporary identity or a permanent identity of the terminal.

In another possible design, in step 902, the terminal sends the cipher text to the RAN and also sends the address of the UPF to the RAN, after receiving the address of the UPF, the RAN determines the DRB ID corresponding to the cipher text according to the correspondence between the address of the UPF and the DRB ID, and sends the cipher text and the DRB ID to the UPF according to the address of the UPF.

In another possible design, in step 902, the terminal sends the cipher text to the RAN and also sends the DRB ID and the address of the UPF to the RAN, and the RAN sends the cipher text and the DRB ID to the UPF according to the address of the UPF.

Optionally, after receiving the ciphertext and the DRB ID sent by the terminal, the RAN stores the corresponding relationship between the DRB ID and the identifier of the terminal, and the corresponding relationship between the DRB ID and the identifier of the terminal corresponds to a timer (or a time window), where the timer is used to limit the limited duration of the corresponding relationship between the DRB ID and the identifier of the terminal, and the timer is overtime, which indicates that the corresponding relationship between the DRB ID and the identifier of the terminal is invalid, and the RAN may delete the corresponding relationship.

Step 904: and the UPF receives the ciphertext and the DRB ID, and decrypts the ciphertext by using the DRB ID to obtain a plaintext.

Optionally, after receiving the ciphertext and the DRB ID sent by the RAN, the UPF stores the correspondence between the DRB ID and the address of the RAN, and the correspondence between the DRB ID and the address of the RAN corresponds to a timer (or a time window), where the timer is used to limit the limited duration of the correspondence between the DRB ID and the address of the RAN, and the timer is overtime, which indicates that the correspondence between the DRB ID and the address of the RAN is invalid, and the UPF may delete the correspondence.

The address of the RAN may be used to identify the RAN, and the address of the RAN may be sent to the UPF when the RAN sends the UPF the ciphertext and the DRB ID.

The above steps 902 to 904 are an encryption process for the terminal to send data to the UPF, which is a reverse process for the terminal to send data to the UPF, and when the UPF sends data to the terminal, confidentiality protection can be performed. Specifically, as shown in fig. 9, the method may further include:

step 905: and the UPF determines a DRB ID corresponding to the plaintext to be sent, and encrypts the plaintext by using the DRB ID to obtain a ciphertext.

Optionally, the UPF may determine the DRB ID corresponding to the ciphertext according to the quintuple information of the plaintext, input the DRB ID, the encryption key (key), and other parameters (such as count, direction, length parameters, and the like) into the security algorithm to generate a key stream packet, and perform xor on the key stream packet and the plaintext to obtain the ciphertext.

Optionally, the UPF first determines a PDU session ID, and determines a DRB ID according to a correspondence between the DRB ID and the PDU session ID. The method for determining the PDU session ID may refer to the description of the previous embodiment, and is not described in detail.

Step 906: the UPF sends the cryptogram to the RAN.

The UPF may obtain an address of the RAN according to the DRB ID determined by the UPF and a correspondence between the DRB ID and the address of the RAN, and send the ciphertext to the RAN according to the address of the RAN.

Optionally, the UPF also sends the DRB ID to the RAN.

Optionally, the UPF also sends the identity of the terminal to the RAN.

Step 907: and the RAN sends the ciphertext to the terminal based on the DRB corresponding to the DRB ID.

Optionally, the RAN may send the ciphertext to the terminal by using the corresponding DRB according to the received DRB ID.

Optionally, the RAN stores a mapping between the DRB ID and the identifier of the terminal; and the RAN receives the identification and the ciphertext of the terminal from the UPF, determines the DRB ID according to the identification of the terminal, and then sends the ciphertext to the terminal by adopting the DRB corresponding to the DRB ID.

Step 908: and the terminal receives the ciphertext and identifies the DRB ID, and decrypts the ciphertext by using the DRB ID to obtain the plaintext.

Optionally, the terminal inputs the DRB ID, the encryption key (key), and other parameters (such as count, direction, length parameters, and the like) into the security algorithm to generate a key stream packet, and performs xor on the key stream packet and the ciphertext to obtain a plaintext.

Optionally, the terminal may determine the DRB ID corresponding to the ciphertext according to the quintuple information corresponding to the ciphertext.

Based on the method shown in fig. 9, under the condition that no connection is established between the terminal and the UPF, confidentiality protection can be performed on data transmitted between the terminal and the UPF according to the DRB ID, end-to-end protection from the terminal to the UPF is achieved, the problems that when the RAN performs confidentiality protection on the data, data is leaked and the security of user plane data transmission is reduced when the RAN and the user plane data interacted with the network side are attacked are avoided, and the security of data transmission is improved.

In fig. 4 to fig. 9, PDU session ID or QFI or DRB ID is used as granularity to protect data, alternatively, in this embodiment of the present application, data may also be protected by using slice ID of a network slice where a UPF is located, or identifier of a terminal, or address of the UPF, or N3 link identifier, or tunnel identifier, or bearer identifier, or other parameters as granularity, which is not limited. Such as: the terminal can input the slice ID (or the terminal identifier or the address of the UPF) of the network slice where the UPF is located, the encryption key (key) and other parameters (such as count, direction, length parameters, and the like) into the security algorithm to generate a key stream packet, and perform xor on the key stream packet and the plaintext to obtain the ciphertext. After receiving the ciphertext, the UPF inputs the slice ID (or the terminal identifier or the address of the UPF), the encryption key (key) and other parameters (such as count, direction, length parameters, and the like) of the network slice in which the UPF is located into a security algorithm to generate a key stream packet, and performs exclusive or on the key stream packet and the ciphertext to obtain a plaintext.

The above embodiments describe the protection method of the terminal and the UPF in the case of encryption. For integrity protection, participation of the first parameter is also required. And the basic flow of integrity protection is similar to the above embodiments, such as: the terminal or UPF first determines the first parameter corresponding to the plaintext, then performs the NIA algorithm based on this first parameter and other parameters (e.g., key stream length) and the plaintext, and outputs the message authentication code. Meanwhile, after receiving the plaintext and the message authentication code, the other party firstly determines a first parameter, and then verifies the correctness of the received message authentication code based on the first parameter, other parameters (such as key, key stream length) and the plaintext. It should be noted that, in the embodiment of the present application, a name of a security algorithm for integrity protection is not limited, and the security algorithm for integrity protection may include an NIA, an EIA, and the like. The above embodiments have been described with respect to the NIA as an example.

In addition to protecting data based on PDU session ID, QFI, DRB ID, or other parameters, in another possible scheme, data transmitted between a terminal and a UPF may also be protected based on IPsec protocol, specifically, the scheme is shown in fig. 10.

Fig. 10 is a further data protection method provided in this embodiment, where the method may protect data transmitted between a terminal and a UPF based on an IPsec protocol, and as shown in fig. 10, the method may include:

step 1001: the SMF determines that data protection is performed by the UPF.

The SMF determines that the UPF performs data protection, which is referred to in the prior art and is not described in detail.

Step 1002: and the SMF determines the security mode of the IPsec according to the user plane security policy.

The user plane security policy is used for stipulating whether confidentiality protection and/or integrity protection are carried out on data, the user plane security policy can be stored in the SMF in advance or obtained from other network elements, a mapping relation exists between the user plane security policy and PDU sessions, and one PDU session corresponds to one user plane security policy.

For example, the SMF determining the security mode of the IPsec according to the user plane security policy may include:

if the user plane security policy specifies that confidentiality protection is performed on data, the security mode of the IPsec is an IPSec ESP mode;

if the user plane security policy specifies that data is subjected to integrity protection, the security mode of the IPsec is an IPSec AH mode or an IPSec ESP integrity protection mode;

if the user plane security policy specifies that confidentiality protection and integrity protection are performed on data, the security mode of the IPsec is the confidentiality protection and integrity protection mode of the IPSec ESP or the mode of the IPsec ESP + AH;

step 1003: the IPsec Security Association (SA) between the UPF and the terminal is determined.

Optionally, determining the IPsec SA between the UPF and the terminal includes:

the first method is as follows: the SMF generates an encryption key of the UPF according to the user plane security policy and sends the generated encryption key to the UPF; the SMF sends a session establishment response to the terminal, the terminal is triggered to generate an encryption key of the terminal, then the SMF triggers the terminal and the UPF to execute a negotiation process of the IPsec SA, and after the negotiation process is finished, the terminal and the UPF both determine the IPsec SA.

The second method comprises the following steps: the SMF generates an encryption key of the UPF according to the user plane security policy and sends the generated encryption key to the UPF; SMF sends a session establishment response to the terminal, and triggers the terminal to generate an encryption key of the terminal; and then the terminal and the SMF execute a negotiation process of the IPsec SA, and after the negotiation process is finished, the SMF sends the determined IPsec SA to the UPF.

The third method comprises the following steps: the SMF sends a user plane security policy to the AMF, the AMF generates an encryption key of the UPF according to the user plane security policy and sends the generated encryption key to the UPF; the AMF sends a session establishment response to the terminal and triggers the terminal to generate an encryption key of the terminal; and then the terminal and the AMF execute a negotiation process of the IPsec SA, and after the negotiation process is finished, the AMF sends the determined IPsec SA to the UPF.

In the first to third modes, the encryption key may also be referred to as a root key or a protection key, and the process of the SMF generating the encryption key of the UPF according to the user plane security policy, the process of the terminal generating the encryption key of the terminal, and the negotiation process of the IPsec SA may refer to the prior art and will not be described again.

The SMF determines a hash type algorithm and an encryption algorithm in the IPsec SA according to a user plane security policy, the security capability of the terminal and an algorithm list supported by the UPF (or an algorithm priority list supported by the UPF), and the hash type algorithm, the encryption algorithm and the IPsec security mode form a complete IPsec SA;

the SMF generates an encryption key of the UPF, transmits the IPsec SA and the encryption key to the UPF, transmits the IPsec SA to the terminal so that the terminal generates an encryption key of the terminal, and thereafter the terminal and the UPF can perform data protection based on the encryption key, the IPsec SA.

The SMF may preset or acquire a UPF-supported algorithm list from the UPF.

The SMF sends a user plane security policy to the AMF, the AMF determines a hash type algorithm and an encryption algorithm in the IPsec SA according to the user plane security policy, the security capability of the terminal and an algorithm list supported by the UPF (or an algorithm priority list supported by the UPF), and the hash type algorithm, the encryption algorithm and the IPsec security mode form a complete IPsec SA;

the AMF sends the IPsec SA to the terminal through the RAN, triggers the terminal to generate an encryption key of the terminal, simultaneously sends the IPsec SA to the UPF through the SMF, can generate the encryption key of the UPF through the AMF, and sends the encryption key of the UPF to the UPF through the SMF; or the SMF generates an encryption key of the UPF and sends the encryption key of the UPF to the UPF; or the UPF receives the IPsec SA and generates a user plane encryption key.

The AMF may preset an algorithm list supported by the UPF, may also obtain the algorithm list supported by the UPF from the SMF, and may also obtain the algorithm list supported by the UPF from the UPF.

The method six: the SMF sends a user plane security policy to the UPF, the UPF determines a hash type algorithm and an encryption algorithm in the IPsec SA according to the user plane security policy, the security capability of the terminal and an algorithm list (or an algorithm priority list supported by the UPF) supported by the UPF, the hash type algorithm, the encryption algorithm and the IPsec security mode form a complete IPsec SA, and meanwhile, the UPF generates a user plane encryption key;

and the UPF sends the IPsec SA to the terminal through the RAN and triggers the terminal to generate an encryption key of the terminal.

It should be noted that in the fourth to sixth methods, the SMF, the AMF, or the UPF may further determine a hash-type algorithm and an encryption algorithm in the IPsec SA according to the security capability of the terminal and an algorithm list supported by the UPF (or an algorithm priority list supported by the UPF), and combine the hash-type algorithm, the encryption algorithm, and the IPsec security mode into a complete IPsec SA.

Step 1004: and the terminal and the UPF perform data protection according to the IPsec SA and respective protection keys.

Such as: and after receiving the ciphertext, the UPF decrypts the ciphertext according to the IPsec SA and the protection key of the UPF to obtain the plaintext.

In the method shown in fig. 10, the protection key of the terminal and the protection key of the UPF are the same.

Based on the method shown in fig. 10, confidentiality protection can be performed on data transmitted between the terminal and the UPF based on the IPsec protocol, end-to-end protection from the terminal to the UPF is achieved, the problems that data is leaked and the security of user plane data transmission is reduced when the RAN attacks user plane data interacted with the network side when the RAN performs confidentiality protection on the data are avoided, and the security of data transmission is improved.

Alternatively, data protection may be performed between the terminal and the UPF based on Transport Layer Security (TLS), where a process of performing data protection between the terminal and the UPF based on TLS is similar to the above process of performing data protection using IPsec, and may include:

the SMF determines whether confidentiality protection and/or integrity protection are/is needed between the terminal and the UPF;

when determining that confidentiality protection and/or integrity protection are/is required between the terminal and the UPF, negotiating and determining a TLS (security _ suite, for example) cipher suite used for data protection between the terminal and the UPF, and triggering the terminal and the UPF to perform data protection based on the determined TLS cipher suite.

The TLS cipher suite is used to indicate some information required for data protection between the terminal and the UPF, such as: which key exchange algorithm to use, which encryption algorithm (and key length) to use, which integrity protection algorithm to use, and which random number generation algorithm to use. Specifically, the TLS cipher suite may include: a cipher exchange algorithm, an encryption algorithm (and key length), an integrity protection algorithm, and a random number generation algorithm.

Optionally, the SMF determines whether confidentiality protection and/or integrity protection is required between the terminal and the UPF according to the user plane security policy. Alternatively, whether confidentiality protection and/or integrity protection are required between the terminal and the UPF can be determined by the terminal or the UPF according to the user plane security policy. The description of the user plane security policy and the manner of determining whether confidentiality protection and/or integrity protection are/is required between the terminal and the UPF according to the user plane security policy are described in the method shown in fig. 10, and are not described again.

Optionally, the terminal may negotiate with the SMF or the AMF to determine a TLS password suite, and at this time, the SMF or the AMF may send the negotiated TLS password suite to the UPF, so that data protection is performed between the terminal and the UPF based on the determined TLS password suite; or, the terminal may negotiate with the UPF to determine a TLS cipher suite, and perform data protection based on the determined TLS cipher suite. The process of negotiating and determining the TLS cipher suite may refer to the prior art, and is not described in detail.

The above-mentioned scheme provided by the embodiment of the present application is introduced mainly from the perspective of interaction between network elements. It is to be understood that the terminal and user plane network elements described above contain corresponding hardware structures and/or software modules for performing the respective functions in order to implement the functions described above. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiment of the present application, the terminal and the user plane network element may be divided into functional modules according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.

Fig. 11 shows a schematic block diagram of a communication device 11, where the communication device 11 may be a terminal or a chip or a system on a chip in the terminal, and the communication device 11 may be configured to perform the functions of the terminal in the above embodiments. As one implementation, the communication device 11 shown in fig. 11 includes: a determination unit 110, an encryption/decryption unit 111, a transmission unit 112;

the determining unit 110 is configured to determine a first parameter corresponding to a plaintext to be sent. For example, the determining unit 110 may be configured to support the communication apparatus 11 to perform the actions of determining the first parameter in steps 402, 502, 602, 701, 801, and 901.

And an encrypting/decrypting unit 111, configured to encrypt the plaintext by using the first parameter to obtain a ciphertext. For example, the encryption/decryption unit 111 may be configured to support the communication apparatus 11 to perform the encryption actions in step 402, step 502, step 602, step 701, step 801, and step 901.

A sending unit 112, configured to send the ciphertext to the user plane network element through the access network device. For example, the sending unit 112 may be configured to support the communication apparatus 11 to perform step 403, step 503, step 603, step 702, step 802, and step 902.

Further, as shown in fig. 11, the communication device 11 may further include:

the receiving unit 113: the device is used for receiving a ciphertext sent by the access network equipment; for example, the receiving unit 113 may be configured to support the communication apparatus 11 to perform the actions of receiving the ciphertext in step 409, step 509, step 609, step 708, step 808, and step 908.

The determining unit 110 may be further configured to determine a first parameter corresponding to the received ciphertext; for example, the determining unit 110 may be configured to support the communication device 11 to perform the actions of determining the first parameter in steps 409, 509, and 609.

The encryption/decryption unit 111 may further be configured to decrypt the received ciphertext using the first parameter to obtain a plaintext. For example, the encryption/decryption unit 111 may be configured to support the communication apparatus 11 to perform the decryption actions in step 409, step 509, step 609, step 708, step 808, and step 908.

The first parameter corresponds to a user plane transmission logical channel between the terminal and the user plane network element, and may be a PDU session ID or QFI or DRB ID or RB ID.

It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The communication device 11 provided in the embodiment of the present application is configured to execute the function of the terminal in the data protection method, so that the same effect as that of the data protection method can be achieved.

As still another implementation, the communication device 11 shown in fig. 11 may include: a processing module and a communication module. The determination unit 110, the encryption/decryption unit 111 are integrated in a communication module in which the processing module, the transmission unit 112, and the reception unit 113 are integrated. The processing module is used for controlling and managing the actions of the communication apparatus 11, for example, the processing module is used for supporting the communication apparatus 11 to execute the steps 402, 502, 602, 701, 801, 901 and other processes for executing the technology described herein. The communication module is configured to support the communication device 11 to perform steps 403, 503, 603, 702, 802, 902 and communicate with other network entities, for example, communicate with the access network device shown in fig. 1 or other network entities through the DRB. Further, the communication device 11 may also include a storage module for storing program codes and data of the communication device 11.

The processing module may be a processor or a controller. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like. The communication module may be a transceiver circuit or a communication interface, etc. The storage module may be a memory. When the processing module is a processor, the communication module is a communication interface, and the storage module is a memory, the communication device 11 shown in fig. 11 may be the communication device shown in fig. 3.

Fig. 12 is a schematic block diagram of a communication device 12, where the communication device 12 may be a user plane network element or a chip or a system on chip in the user plane network element. The communication means 12 may be adapted to perform the functions of the user plane network element referred to in the above embodiments. As one implementation, the communication device 12 shown in fig. 12 includes: a receiving unit 120, a determining unit 121, a decrypting/encrypting unit 122;

a receiving unit 120, configured to receive a ciphertext from an access network device; for example, the receiving unit 120 may be configured to support the communication apparatus 12 to perform the actions of receiving the first ciphertext in step 405, step 505, step 605, step 704, step 804, and step 904.

A determining unit 121, configured to determine a first parameter corresponding to the ciphertext; for example, the determining unit 121 may be configured to support the communication device 12 to perform the actions of determining the first parameter in steps 405, 505, and 605.

And a decryption/encryption unit 122, configured to decrypt the ciphertext using the first parameter to obtain a plaintext. For example, decryption/encryption unit 122 may be configured to enable communication apparatus 12 to perform the actions of decrypting in steps 405, 505, 605, 704, 804, and 904.

Further, the determining unit 121 may be further configured to determine a first parameter corresponding to a plaintext to be sent to the terminal. For example, the determining unit 121 may be configured to support the communication apparatus 12 to perform the actions of determining the first parameter in steps 406, 506, 606, 705, 805.

The decryption/encryption unit 122 may be further configured to encrypt a plaintext to be sent according to the first parameter to obtain a ciphertext. For example, the decryption/encryption unit 122 may be configured to enable the communication apparatus 12 to perform the actions of encrypting in steps 406, 506, 606, 705, 805 and 805.

As shown in fig. 12, the communication device 12 may further include:

a sending unit 123, configured to send the ciphertext to the terminal through the access network device. For example, the sending unit 123 may be configured to support the communication apparatus 12 to perform step 407, step 507, step 607, step 706, step 806, and step 906.

It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The communication device 12 provided in this embodiment of the present application is configured to execute the function of the user plane network element in the data protection method, so that the same effect as that of the data protection method can be achieved.

As yet another implementation, the communication device 12 shown in fig. 12 may include: a processing module and a communication module. The determination unit 121, the decryption/encryption unit 122 may be integrated in a communication module, and the reception unit 120, the transmission unit 123 may be integrated in a communication module. The processing module is used for controlling and managing the action of the communication device 12. The communication module is used to support the communication apparatus 12 to perform steps 403, 503, 406, and 508 and communicate with other network entities, such as the remote device or the radio access network device shown in fig. 1 or other network entities. Further, the communication device 12 may also include a memory module for storing program codes and data for the communication device 12.

The processing module may be a processor or a controller. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like. The communication module may be a transceiver circuit or a communication interface, etc. The storage module may be a memory. When the processing module is a processor, the communication module is a communication interface, and the storage module is a memory, the communication device 12 shown in fig. 12 may be the communication device shown in fig. 3.

Fig. 13 shows a schematic composition diagram of a data protection system 13, and as shown in fig. 13, the data protection system may include a terminal 130, an access network device 131, and a user plane network element 132. A DRB may be established between the terminal 130 and the access network device 131, and a PDU session may be established between the access network device 131 and the user plane network element 132.

The terminal 130 has the functions of the communication device 11, and may be configured to determine a first parameter corresponding to a plaintext to be sent, encrypt the plaintext by using the first parameter to obtain a ciphertext, and send the ciphertext to the access network device 131.

The access network device 131 may be configured to receive the ciphertext sent by the terminal 130, and send the ciphertext to the user plane network element 132.

The user plane network element 132 has the function of the communication device 12, and may be configured to receive a ciphertext from the access network device 131, determine a first parameter corresponding to the ciphertext, and decrypt the ciphertext with the first parameter to obtain a plaintext; wherein the first parameter corresponds to a user plane transmission logical channel between the terminal 130 and the user plane network element 132.

As the reverse process of the terminal 130 sending data to the user plane network element 132, when the user plane network element 132 issues data to the terminal 130, each network element further has the following functions:

the user plane network element 132 may also be configured to determine a first parameter corresponding to a plaintext to be sent to the terminal 130, encrypt the plaintext to be sent according to the first parameter to obtain a ciphertext, and send the ciphertext to the access network device 131.

The access network device 131 may be configured to receive the ciphertext sent by the user plane network element 132, and send the ciphertext to the terminal 130.

The terminal 130 may also be configured to receive a ciphertext sent by the access network device 131, determine a first parameter corresponding to the received ciphertext, and decrypt the received ciphertext according to the first parameter to obtain a plaintext.

It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the network element corresponding to the data protection system, and are not described herein again.

Based on the data protection system, confidentiality protection can be performed between the terminal 130 and the user plane network element 132 according to a first parameter corresponding to a user plane transmission logic channel between the terminal 130 and the user plane network element 132, end-to-end protection from the terminal 130 to the user plane network element 132 is realized, the problems that data leakage occurs when the user plane data interacted between the access network device 131 and the network side is attacked when confidentiality protection is performed on the data by the access network device 131 are avoided, and the security of user plane data transmission is reduced are solved, and the security of data transmission is improved.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or can comprise one or more data storage devices, such as a server, a data center, etc., that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the present application as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A method for data protection, the method comprising:

the terminal determines a first parameter corresponding to a plaintext to be sent;

the terminal inputs the first parameter into a security algorithm to generate a ciphertext corresponding to the plaintext to be sent;

the terminal sends a first QFI (quality of service) stream identifier QFI, a sending instruction and the ciphertext to access network equipment so as to send the first QFI and the ciphertext to a user plane network element, wherein the sending instruction is used for instructing to send the ciphertext to the user plane network element;

if the first parameter is a protocol data unit session identifier PDU session ID or the first QFI corresponding to the plaintext to be sent, the determining, by the terminal, the first parameter corresponding to the plaintext to be sent includes: the terminal determines the first parameter according to the content information of the plaintext to be sent; or

If the first parameter is a first data radio bearer identity DRB ID, the determining, by the terminal, a first parameter corresponding to a plaintext to be sent includes:

and the terminal determines the first QFI according to the content information of the plaintext to be sent, and determines the first DRB ID corresponding to the plaintext according to the corresponding relation among the first QFI, the QFI and the DRB ID.

2. The method of claim 1, further comprising:

the terminal sends the first parameter to the access network equipment; alternatively, the first and second electrodes may be,

and the terminal sends an indication to the access network equipment, wherein the indication is used for indicating the first parameter.

3. A method for data protection, the method comprising:

the method comprises the steps that a user plane network element receives a first quality of service flow identifier QFI and a ciphertext from access network equipment, wherein the ciphertext is triggered and sent to the user plane network element by a sending instruction, and the sending instruction is used for instructing to send the ciphertext to the user plane network element;

the user plane network element determines a first parameter corresponding to the ciphertext;

the user plane network element inputs the first parameter into a security algorithm to generate a plaintext corresponding to the ciphertext;

if the first parameter is a protocol data unit session identification PDU session ID corresponding to the ciphertext, the determining, by the user plane network element, the first parameter corresponding to the ciphertext includes: the user plane network element determines a PDU session ID corresponding to the ciphertext according to the first QFI and the corresponding relation between the stored QFI and the PDU session ID; or

If the first parameter is a first data radio bearer identity DRB ID, the determining, by the user plane network element, the first parameter corresponding to the ciphertext includes:

and the user plane network element determines the first DRB ID corresponding to the ciphertext according to the first QFI and the corresponding relation between the stored QFI and the DRB ID.

4. The method of claim 3, wherein the first parameter is a quality of service flow identity QFI; the determining, by the user plane network element, a first parameter corresponding to the ciphertext includes:

and the user plane network element determines the first QFI according to the quintuple information of the ciphertext.

5. The method of claim 3, wherein the first parameter is a PDU session ID, and the receiving, by the user plane network element, a ciphertext sent by the access network device includes:

the user plane network element receives a ciphertext sent by the access network equipment through an N3 link;

the determining, by the user plane network element, a first parameter corresponding to the ciphertext includes:

and the user plane network element determines the PDU session ID corresponding to the N3 link identifier for identifying the N3 link according to the corresponding relation between the N3 link identifier and the PDU session ID.

6. A communication apparatus, characterized in that the communication apparatus comprises:

the encryption/decryption unit is used for inputting the first parameter into a security algorithm to generate a ciphertext corresponding to the plaintext to be sent;

a sending unit, configured to send a first quality of service stream identifier QFI, a sending instruction, and the ciphertext to an access network device, so as to send the first QFI and the ciphertext to a user plane network element, where the sending instruction is used to instruct to send the ciphertext to the user plane network element;

the determining unit is specifically configured to: if the first parameter is a protocol data unit session identifier PDU session ID or the first QFI corresponding to the plaintext to be sent, determining the first parameter according to content information of the plaintext to be sent; or

And if the first parameter is a first data radio bearer identification (DRB ID), determining the first QFI according to the content information of the plaintext to be sent, and determining the first DRB ID corresponding to the plaintext according to the first QFI, the corresponding relation between the first QFI and the DRB ID.

7. The communication device of claim 6,

the sending unit is further configured to send the first parameter to the access network device; or sending an indication to the access network device, where the indication is used to indicate the first parameter.

8. A communication apparatus, characterized in that the communication apparatus comprises:

a receiving unit, configured to receive a first quality of service stream identifier QFI and a ciphertext from an access network device, where the ciphertext is triggered and sent to the user plane network element by a sending instruction, and the sending instruction is used to instruct to send the ciphertext to the user plane network element;

the decryption/encryption unit is used for inputting the first parameter into a security algorithm to generate a plaintext corresponding to the ciphertext;

the determining unit is specifically configured to:

if the first parameter is a protocol data unit session identification PDU session ID corresponding to the ciphertext, determining that the first parameter corresponding to the ciphertext comprises: determining a PDU session ID corresponding to the ciphertext according to the first QFI and the corresponding relation between the stored QFI and the PDU session ID; or

If the first parameter is a first data radio bearer identity (DRB ID), determining that the first parameter corresponding to the ciphertext comprises: and determining the first DRB ID corresponding to the ciphertext according to the first QFI and the corresponding relation between the stored QFI and the DRB ID.

9. The communications device of claim 8, wherein the first parameter is a quality of service flow identity QFI; the determining unit is specifically configured to:

and determining the first QFI according to the quintuple information of the ciphertext.

10. The communications apparatus of claim 8, wherein the first parameter is a PDU session ID,

the receiving unit is specifically configured to receive a ciphertext sent by the access network device through the N3 link;

the determining unit is specifically configured to determine, according to a correspondence between an N3 link identifier and a PDU session ID, the PDU session ID corresponding to the N3 link identifier for identifying the N3 link to the PDU session ID corresponding to the ciphertext.