CN114205814B - Data transmission method, device and system, electronic equipment and storage medium - Google Patents
Data transmission method, device and system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114205814B CN114205814B CN202111465977.7A CN202111465977A CN114205814B CN 114205814 B CN114205814 B CN 114205814B CN 202111465977 A CN202111465977 A CN 202111465977A CN 114205814 B CN114205814 B CN 114205814B
- Authority
- CN
- China
- Prior art keywords
- data
- message
- data message
- encryption
- header
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 164
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000004891 communication Methods 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims description 69
- 238000012545 processing Methods 0.000 claims description 39
- 230000015654 memory Effects 0.000 claims description 22
- 238000001514 detection method Methods 0.000 claims description 16
- 238000013523 data management Methods 0.000 claims description 5
- 238000007726 management method Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 230000000694 effects Effects 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 5
- 238000005538 encapsulation Methods 0.000 description 4
- 208000037550 Primary familial polycythemia Diseases 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 208000017693 primary familial polycythemia due to EPO receptor mutation Diseases 0.000 description 3
- 239000007787 solid Substances 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a data transmission method, a device, a system, an electronic device and a storage medium, which relate to the field of communication and are used for solving the problem of lower message data security when a wireless terminal transmits messages with a core network in the prior art, and comprise the following steps: the user terminal sends a data message to the user plane function network element through the base station; the user plane function network element determines the encryption mode and the destination IP address of the data message; the user plane function network element sends the data message to the destination IP address. The application is used for the encrypted message transmission between the wireless terminal and the core network.
Description
Technical Field
The present application relates to the field of communications, and in particular, to a data transmission method, apparatus, system, electronic device, and storage medium.
Background
At present, after a wireless terminal establishes a bearer with a core network through a base station, when the wireless terminal transmits data messages on the bearer, all received and transmitted data messages are transmitted in a plaintext mode. The message data is transmitted in a wireless channel and a bearing network in a plaintext manner, which can cause the safety problems of message data leakage, data tampering, traffic hijacking, phishing attack and the like, and the message content can be restored only through sniffing equipment and some technical means of the network, so that the message is quite unsafe.
The prior art solution is that a wireless terminal establishes a bearer with a core network through a base station, and performs data message transmission on the bearer. Some applications with security requirements encrypt the payload portion of a data message, such as a hypertext transfer security protocol (hyper text transfer protocol over securesocket layer, HTTPS) message. However, the header portion containing the destination IP address, the source IP address, remains in clear text transmission, and the security problem is not solved.
Disclosure of Invention
The application provides a data transmission method, a device, a system, electronic equipment and a storage medium, which are used for solving the problem of lower message data security when a wireless terminal transmits messages with a core network in the prior art.
In order to achieve the above purpose, the application adopts the following technical scheme:
in a first aspect, the present application provides a data transmission method, including: the user plane function network element receives the data message from the user terminal UE. And the user plane function network element determines the encryption mode of the data message according to the message encryption mode flag bit. The user plane function network element determines the destination IP address of the data message according to the encryption mode of the data message. The user plane function network element sends the data message to the destination IP address.
In one possible implementation manner, the encryption manner of the data message includes: plaintext transmission mode, fully encrypted transmission mode, and message header confusion encrypted transmission mode.
In one possible implementation manner, the user plane function network element determines a destination IP address of the data packet according to an encryption manner of the data packet, and specifically includes: if the encryption mode of the data message is a plaintext transmission mode, acquiring the header of the data message, and determining the destination IP address of the data message according to the header of the data message. If the encryption mode of the data message is a full encryption transmission mode or a message header confusion encryption transmission mode, the user plane function network element decrypts the header of the data message and determines the destination IP address of the data message according to the decrypted header of the data message.
Based on the technical scheme, the application can bring the following beneficial effects: the application adds the message encryption mode flag bit in the data message sent by the UE, so that the user plane function network element can determine the encryption mode of the data message according to the message encryption mode flag bit after receiving the data message, and directly acquire the header of the message data to determine the destination IP address when the encryption mode is a plaintext transmission mode; and when the encryption mode is a full encryption transmission mode or a message header confusion encryption transmission mode, decrypting the word header of the data message to obtain the destination IP address of the data message. And finally, the user plane function network element sends the data message to the destination IP address. Therefore, the application can simultaneously support the UE to send the data message in the conventional mode and the encryption mode, and can effectively improve the data security and flexibility during transmission in the wireless channel and the bearing network.
In a second aspect, the present application provides a data transmission method, including: and the user terminal UE manages the UDM subscription data according to the unified data and determines a message encryption mode flag bit. The UE sends a data message to a user plane function network element.
In one possible implementation manner, the method further includes: the UE sends a data message to a user plane function network element through a base station; the data message comprises a message encryption mode flag bit, and the message encryption mode flag bit is used for indicating the encryption mode of the data message.
In addition, the technical effects of the data transmission method of the second aspect may refer to the technical effects of the data transmission method of the first aspect, which are not described herein.
In a third aspect, the present application provides a data transmission apparatus comprising: a receiving unit, a processing unit and a transmitting unit. An accepting unit, configured to receive a data packet from a user terminal UE; the data message comprises a message encryption mode flag bit. And the processing unit is used for determining the encryption mode of the data message according to the message encryption mode flag bit. And the processing unit is also used for determining the destination IP address of the data message according to the encryption mode of the data message. And the sending unit is used for sending the data message to the destination IP address.
In one possible implementation, the encryption manner of the data message includes: plaintext transmission mode, fully encrypted transmission mode, and message header confusion encrypted transmission mode.
In one possible implementation manner, the processing unit is further configured to obtain a header of the data packet when the encryption manner of the data packet is a plaintext transmission manner, and determine a destination IP address of the data packet according to the header of the data packet. And the processing unit is also used for decrypting the header of the data message when the encryption mode of the data message is a full encryption transmission mode or a message header confusion encryption transmission mode, and determining the destination IP address of the data message according to the decrypted header of the data message.
In addition, the technical effects of the data transmission device of the third aspect may refer to the technical effects of the data transmission method of the first aspect, which are not described herein.
In a fourth aspect, the present application provides a data transmission apparatus comprising: a processing unit and a transmitting unit. And the processing unit is used for managing the UDM subscription data according to the unified data and determining the flag bit of the message encryption mode. And the sending unit is used for sending the data message to the user plane functional network element.
In a possible implementation manner, the sending unit is further configured to send, through the base station, a data packet to a user plane function network element; the data message comprises a message encryption mode flag bit, and the message encryption mode flag bit is used for indicating the encryption mode of the data message.
In addition, the technical effects of the data transmission device of the fourth aspect may refer to the technical effects of the data transmission method of the first aspect, which are not described herein.
In a fifth aspect, the present application provides a data transmission system comprising: user plane function network element and user terminal UE. And the user plane functional network element is used for receiving the data message from the UE, determining the encryption mode of the data message and the destination IP address of the data message, and sending the data message to the destination IP address. UE, which is used to manage UDM subscription data according to unified data, determine the flag bit of message encryption mode, and send data message to user plane function network element; the data message comprises a message encryption mode flag bit.
In addition, the technical effects of the data transmission system according to the fifth aspect may refer to the technical effects of the data transmission method according to the first aspect, which are not described herein.
In a sixth aspect, the present application provides a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by an electronic device of the present application, cause the electronic device to perform the data transmission method as described in the first aspect, any one of the possible implementations of the first aspect, the second aspect and any one of the possible implementations of the second aspect.
In a seventh aspect, the present application provides an electronic device, comprising: a processor and a memory; wherein the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the electronic device, cause the electronic device to perform the data transmission method as described in any one of the first aspect, any one of the possible implementations of the first aspect, the second aspect, and any one of the possible implementations of the second aspect.
In an eighth aspect, the application provides a computer program product comprising instructions which, when run on a computer, cause an electronic device of the application to perform a data transmission method as described in any one of the possible implementations of the first aspect, the second aspect and any one of the possible implementations of the second aspect.
In a ninth aspect, the present application provides a chip system, which is applied to a data transmission device; the system-on-chip includes one or more interface circuits, and one or more processors. The interface circuit and the processor are interconnected through a circuit; the interface circuit is configured to receive a signal from a memory of the data transmission device and to send the signal to the processor, the signal including computer instructions stored in the memory. When the processor executes the computer instructions, the data transmission apparatus performs the data transmission method as described in any one of the possible implementations of the first aspect, the second aspect and any one of the possible implementations of the second aspect.
Drawings
Fig. 1 is a schematic diagram of a data packet according to an embodiment of the present application;
FIG. 2 is a schematic diagram of another data packet according to an embodiment of the present application;
fig. 3 is a schematic diagram of a network architecture of a data transmission method according to an embodiment of the present application;
fig. 4 is a schematic diagram of a data transmission system according to an embodiment of the present application;
fig. 5 is a flow chart of a data transmission method according to an embodiment of the present application;
Fig. 6 is a flowchart of another data transmission method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of another data transmission device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The character "/" herein generally indicates that the associated object is an "or" relationship. For example, A/B may be understood as A or B.
The terms "first" and "second" in the description and in the claims of the application are used for distinguishing between different objects and not for describing a particular sequential order of objects. For example, the first edge service node and the second edge service node are used to distinguish between different edge service nodes, rather than to describe a characteristic order of the edge service nodes.
Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or apparatus.
In addition, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations, or descriptions. Any embodiment or design described herein as "exemplary" or "e.g." should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present concepts in a concrete fashion.
In order to facilitate understanding of the technical scheme of the present application, some technical terms are described below.
The base station is mainly used for realizing the functions of resource scheduling, wireless resource management, wireless access control and the like of the terminal equipment. The base station may include various forms of base stations, such as: macro base stations, micro base stations (also referred to as small stations), relay stations, access points, and the like. The method specifically comprises the following steps: an Access Point (AP) in a wireless local area network (Wireless Local Area Network, WLAN), a base station (Base Transceiver Station, BTS) in a global system for mobile communications (Global System for Mobile Communications, GSM) or code division multiple access (Code Division Multiple Access, CDMA), a base station (NodeB, NB) in wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), an Evolved base station (Evolved Node B, eNB or eNodeB) in LTE, a relay station or access point, or a vehicle device, a wearable device, and a next generation Node B (The Next Generation Node B, gNB) in a future 5G network or a base station in a future Evolved public land mobile network (Public Land Mobile Network, PLMN) network, etc.
Some technical terms in the present application are described above.
In the prior art, after a wireless terminal establishes a bearer with a core network through a base station, when the wireless terminal transmits a data message on the bearer, all received and transmitted data messages are transmitted in a plaintext. The message data is transmitted in a wireless channel and a bearing network in a plaintext manner, which can cause the safety problems of message data leakage, data tampering, traffic hijacking, phishing attack and the like, and the message content can be restored only through sniffing equipment and some technical means of the network, so that the message is quite unsafe.
The solution at the present stage is that the wireless terminal establishes a bearer with the core network through the base station, and performs data message transmission on the bearer. Some applications with security requirements will encrypt the payload portion of a data message, such as an HTTPS message. However, the header portion containing the destination IP address, the source IP address, remains in clear text transmission, and the security problem is not solved.
For example, the prior art discloses a scheme 1, wherein the machine a transmits data to the machine B, and the step of processing the uplink data message is as follows:
1. and the wireless terminal transmits all the unencrypted data messages to the base station through a wireless link.
2. The base station encapsulates the data message by GTP-U protocol through N3 interface, and forwards the data to user plane function (user port function, UPF) network element.
3. The UPF performs GTP-U message decapsulation and header field decoding on the data, so that a source IP address and a destination IP address of the data can be obtained. UPF carries out QoS, conventional charging and PFCP node management of data message, and reports information generated by the data message to session management function (service management function, SMF) network element of 5GC core network through N4 interface.
4. And the UPF forwards the data message to an external network through an N6 interface according to the destination IP address of the data message.
As shown in fig. 1, the data packet is represented in the form of a data link layer MAC frame, and the solid frame portion is plain text data.
However, in scheme 1, the message data is transmitted in the clear over the wireless channel and the carrier network without providing any way of data encryption. The method can cause the safety problems of message data leakage, data tampering, traffic hijacking, phishing attack and the like, and can restore the message content only through sniffing equipment of the network and some technical means, so that the method is quite unsafe.
For another example, the prior art also discloses a scheme 2, wherein the processing steps of the uplink data message from the a machine to the B machine are approximately the same as those of the scheme 1, except that the payload part of the message data sent by the a machine is encrypted. As shown in fig. 2, the data packet is represented in the form of a data link layer MAC frame, the solid frame portion is plaintext data, and the dotted frame portion is encrypted data.
However, in scheme 2, the message data is encrypted only in the payload portion in the wireless channel and the bearer network, so that it is possible to ensure that the user data is in an encrypted state during transmission, and to prevent the server from being counterfeited by the phishing website. Header fields such as IP addresses, etc. are still transmitted in the clear, which may present security concerns such as IP address modification, IP address theft, etc.
Fig. 3 is a schematic diagram of a network architecture of a data transmission method according to the present application, where the network architecture includes: user equipment, new air interface, user plane function, data network, authentication service function, access and mobile management function, session management function, network storage function, unified data management, policy control function, application function, network opening function, etc.
Among them, a User Equipment (UE) is a terminal device used by a user when performing mobile communication.
A new air interface (NR) is used to complete the forwarding of control signals and user data between the terminal and the core network.
The user plane functions (user port function, UPF) are network elements that handle user data plane data for packet routing and forwarding, quality of service (quality of service, qoS) handling, packet filtering control protocol (packet filter control protocol, PFCP) node management, etc.
A Data Network (DN) is a network for transmitting data.
An authentication service function (authentication server function, AUSF) is used for terminal authentication, protection control information list, etc.
Access and mobility management functions (authentication management function, AMF) for taking care of terminal access rights and handover etc.
Session management functions (service management function, SMF) for guaranteeing service continuity, providing users with uninterrupted service experience, including IP address and anchor point change. SMF is also used to be responsible for session management, such as interacting with separate data planes, creating, updating and deleting protocol data unit (protocol data unit, PDU) sessions, and selection and control of user plane functions, etc.
The network storage function (network repository function, NRF) is used for registering, managing and detecting the state of the network function, and realizing the automatic management of all the network functions.
Unified data management (unified data management, UDM) is used to store subscription information and support authentication certificate storage and handling.
A policy control function (policy control function, PCF) is used to provide policy information, store and provide subscription information related to user policies for control plane functions.
Application functions (application function, AF) are used to interact with the core network and provide services.
The network open function (network exposure fuction, NEF) is responsible for opening network data to the outside.
In the network architecture, the N1 interface is a reference point between the terminal and the AMF; the N2 interface is a reference point of NR and AMF and is used for sending non-access layer messages and the like; the N3 interface is a reference point between NR and UPF, and uses GTP-U protocol to transmit user plane data; the N4 interface is a reference point between SMF and UPF, and uses PFCP control plane protocol stack to package signaling, transmit data buffer indication information and the like; the N6 interface is a reference point between the UPF and DN for transmitting user plane data, etc.
In the data transmission method provided by the application, the execution main body can be an electronic device (such as a computer terminal and a server), a processor in the electronic device, a control module for data transmission in the electronic device, and a client for data transmission in the electronic device.
Fig. 4 is a schematic diagram of a data transmission system 400 according to an embodiment of the present application. As shown in fig. 4, the data transmission system 400 includes: a user terminal 401 and a user plane function network element 402. The user plane function network element 402 receives a data message from the user terminal 401, determines an encryption mode and a destination IP address of the data message, and sends the data message to the destination IP address. The specific implementation of this solution will be described in detail in the following method embodiments, which are not described herein.
Alternatively, assuming that the data transmission system shown in fig. 4 is applied to the network architecture shown in fig. 3, the network element or entity corresponding to the user plane function network element 402 may be a UPF network element in the network architecture shown in fig. 3.
The application provides a data transmission method, which aims to solve the problem of lower message data security when a wireless terminal transmits messages with a core network in the prior art. As shown in fig. 5, the technical solution of the embodiment of the present application is described by taking a network element or entity corresponding to the user plane function network element 402 as an example of a UPF network element. The data transmission method provided by the application comprises the following steps:
s501, the UE sends a data message to the base station. Correspondingly, the base station receives the data message.
The message encryption mode flag bit is determined according to the UDM subscription data of the UE. The message encryption mode flag bit is used for indicating the encryption mode of the data message. It is understood that the UE sends data messages to the base station over a wireless link.
Optionally, the encryption mode of the data message includes a plaintext transmission mode, a fully encrypted transmission mode, and a message header confusion encrypted transmission mode.
S502, the base station performs protocol encapsulation on the data message.
Optionally, the base station performs protocol encapsulation on the data message through the N3 interface. The protocol used by the base station in protocol encapsulation of the data packets is illustratively the GTP-U protocol. The flow of protocol encapsulation of the data packet according to the GTP-U protocol is specifically the prior art, and the present application is not described here in detail.
S503, the base station sends the encapsulated data message to the UPF. Correspondingly, the UPF receives the encapsulated data message.
S504, the UPF determines the encryption mode of the data message.
Optionally, after receiving the data packet from the base station, the UPF determines a packet detection rule (packet detection rules, PDR) corresponding to the data packet according to the packet detection priority.
For example, if the packet detection priority is the first priority and the packet encryption mode flag bit is preset, the UPF first obtains the identification packet encryption mode flag bit. After that, the UPF determines the PDR corresponding to the data message according to the identified message encryption mode flag bit. After that, the UPF determines the encryption mode of the data message according to the PDR corresponding to the data message.
S505, UPF determines the source IP address and the destination IP address corresponding to the data message.
Optionally, the UPF decrypts the header of the data packet. It can be understood that if the transmission mode indicated by the message encryption mode flag bit is a plaintext transmission mode, decryption of the header of the data message is not required. The UPF can directly obtain the source IP address and the destination IP address corresponding to the data message according to the header of the data message.
Illustratively, in the case that the encryption mode of the data packet is a plaintext transmission mode, the UPF obtains a header of the data packet, and determines a destination IP address of the data packet according to the header of the data packet.
Illustratively, in the case that the encryption mode of the data message is a full encryption transmission mode or a message header confusion encryption transmission mode, the UPF decrypts the header of the data message, and determines the destination IP address of the data message according to the decrypted header of the data message.
S506, the PDF sends the data message to the destination IP address.
It should be noted that, after determining the encryption mode of the data packet and decoding the header of the data packet, the mode of forwarding the data packet is the same as the mode in the prior art, and the application is not repeated here.
Based on the technical scheme, the application adds the message encryption mode flag bit in the data message sent by the UE, so that the user plane function network element can determine the encryption mode of the data message according to the message encryption mode flag bit after receiving the data message, and directly acquire the header of the message data to determine the destination IP address when the encryption mode is a plaintext transmission mode; and when the encryption mode is a full encryption transmission mode or a message header confusion encryption transmission mode, decrypting the word header of the data message to obtain the destination IP address of the data message. And finally, the user plane function network element sends the data message to the destination IP address. Therefore, the application can simultaneously support the UE to send the data message in the conventional mode and the encryption mode, and can effectively improve the data security and flexibility during transmission in the wireless channel and the bearing network.
Referring to fig. 5, as shown in fig. 6, the data transmission method provided by the present application further includes a procedure of initiating PDU session creation by the UE before S501, specifically including the following steps:
s601, the UE requests PDU session establishment.
S602, AMF selects SMF according to the request.
S603, the AMF requests to create a PDU session SM context service. To establish a connection of the AMF with the SMF regarding the UE Session; transmitting subscription data UDM related to this SMF selection triggers the entire 5GC session establishment procedure.
The method comprises the steps of adding a flag-1 of a message encryption mode in a UDM (universal digital message) for packet detection of a first priority identification. The value of the flag bit flag-1 of the message encryption mode includes three parameters, and the contents of the parameters and the encryption modes represented by the parameters are respectively: 0-conventional transmission mode (namely plaintext transmission mode), 1-full encryption transmission mode and 2-message header confusion encryption transmission mode.
S604, the SMF acquires the subscription data from the UDM, or updates the subscription data.
S605, the SMF returns a create PDU session SM context service response.
S606, the SMF selects an appropriate PCF.
S607, the SMF establishes session policy with the PCF.
S608, the SMF selects a UPF serving the UE, and allocates an IP address to the UE session.
S609, the SMF sends an N4 session establishment request to the UPF, provides a Packet Detection Rule (PDR), a forwarding behavior rule (FAR), etc. to be installed on the UPF of the PDU session.
Wherein, the new ciphertext transmission identification bit flag-2 in the PDR rule is determined by the identifiers flag-1 of different message encryption modes in the UDM. Corresponding to the value of the flag bit flag-1 of the message encryption mode in S603, when the flag-2 parameter is 0, the UPF is indicated to use a conventional transmission mode; when the flag-2 parameter is 1, the message hitting the PDU session is treated as ciphertext; when the flag-2 parameter is 2, the cipher text is treated as the confusing message header. For ciphertext, the tuple matching rules in the PDR rules are decrypted and then matched.
S610, the UPF returns an N4 session establishment response to the SMF, carrying PDU session context information, for example: qoS flow list, etc.
S611, SMF sends N1/N2 message transmission request to AMF
S612, the AMF sends an N2 interface PDU session request to the base station.
S613, the base station sends a radio resource establishment request to the UE, and establishes a proper radio bearer for the UE according to PDU session information provided by the AMF.
S614, the base station returns the session receiving information of the PDU with the N2 interface to the AMF, wherein the session receiving information carries the N3 interface resource distributed by the base station, and an uplink data link is established.
S615, the AMF sends an updated SM session context request to the SMF.
S616, the SMF sends an N4 session update to the UPF. Downlink establishment.
S617, the SMF returns an update SM session context request response to the AMF. The entire session establishment procedure of 5GS ends so far.
S618, the AMF returns a request response PDU session establishment accept for session establishment to the UE, where the response carries the MSG-1 content.
S619, the UE processes the PDU session establishment accept message, analyzes and updates the content in the MSG-1 to LIST-1 and LIST-2 in an encryption and decryption module of the UE, wherein LIST-2-node-action-src-ip in the LIST-2 is initially 0.
The flow of the PDU session creation initiated by the UE in the data transmission method provided by the application is introduced.
The implementation method of the encryption mode of the data message in the embodiment of the application is described below.
(1) If the parameter of the message encryption mode flag bit is 1, the encryption mode of the data message is a full encryption transmission mode, and the specific implementation method is as follows: upf receiving the data message, judging that the data message is a fully encrypted message according to the parameter of the flag-2 (the parameter of the flag-2 is 1 at the moment) after the teid hits the pdr, transferring to a decryption module for decryption, and then carrying out a normal forwarding flow with the same plaintext; upf when downlink data is processed, hit the pdr corresponding to the UE according to the destination ip address, judge whether encryption is needed according to the identification bit in the pdr, if so, transfer to the encryption and decryption module to perform encryption processing, and then send to the corresponding UE through N3 and the base station. And carrying out encryption and decryption processing on all uplink and downlink messages by default in the UE.
(2) If the parameter of the message encryption mode flag bit is 2, the encryption mode of the data message is a message header confusion encryption transmission mode, and the specific implementation method is as follows:
according to the payload encryption and message header (IP header) confusion, the message header confusion encryption transmission is realized, and the confusion can be carried out on partial messages according to service requirements. The payload encryption part is the same as the prior art, and the present application is not described here again. The implementation steps of the confusion mechanism of the message header are as follows:
s1, the UE registers to a network to establish a pdu session, and when an ip address is allocated through the pdu session, a real ip address and a group of special ip addresses, such as 10.X.x.1/8 or an ip address LIST LIST-1, are allocated.
S2, a protocol stack of the UE is added with a confusion processing module, an N-tuple rule table LIST-2 is maintained in the confusion module, the rule table is configured by 5GC, the rule of the rule table is N-tuple LIST-2-node-rule, and the action comprises a source ip confusion address (LIST-2-node-action-src-ip) and a destination address confusion key LIST-2-node-action-dst-ip-key, and the confusion/encryption type LIST-2-node-action-payload-type of a payload part and a key LIST-2-node-action-payload-key.
S3, when the APP in the UE sends the message, the APP reaches the confusion module before sending the message from the APP to the network through the protocol stack, the confusion module is matched with the message according to the N-tuple rule table, and the fact that the message head of the ip message is required to be confused is indicated after the message is hit.
S4, a confusion mode-source IP address: the source IP address is determined according to LIST-2-node-action-src-IP in LIST-2, and when LIST-2-node-action-src-IP is 0, an IP address is randomly selected in LIST-1; when LIST-2-node-action-src-IP is not 0, the source IP address is directly replaced by LIST-2-node-action-src-IP. According to the configuration, the aging time LIST-2-node-action-src-ip-aging can be set, after the time is overtime, LIST-2-node-action-src-ip clears 0, and the address is selected again randomly when the next message is sent.
S5, a confusion mode-destination IP address: the destination IP performs confusion calculation on the real destination IP according to LIST-2-node-action-dst-IP-key, for example: the IP of the actual purpose is A.B.C.D, LIST-2-node-action-dst-IP-key is k (the value of k ranges from 1 to 254), and the confusion mode is { [ (A-k) +255]%256}, { [ (B+k) +255]%256}, { [ (C-k) +255]%256}, and { [ (D+k) +255]%256}.
S6, a confusion mode-payload: the normal encryption or confusion algorithm is adopted, and the types and the keys are as follows: LIST-2-node-action-payload-type and LIST-2-node-action-payload-key.
S7, sending message information: and transmitting the confused/encrypted message to the base station according to the conventional message transmission mode of the UE.
S8, the base station receives the information and forwards the information to the UPF through N3.
S9, after the UPF receives the uplink message, firstly, judging the encrypted message which is expressed as a mode 2 when the encrypted message is judged to be 2 according to the flag-2 after the teid hits pdr, further judging the source IP address, if the source IP address is in LIST-1, considering that the message belongs to a mixed/encrypted message, and transferring the message to a unit which is specially used for processing encryption and decryption in the UPF to perform anti-mixed and decryption processing to obtain a plaintext message; if the source IP address is not in LIST-1, the message is processed according to the normal common message.
S10, carrying out normal route forwarding on the plaintext message by the UPF.
S11, the downlink message is similar to the uplink process, the difference is that the UPF judges whether confusion and encryption are needed according to the IP and N tuples of the message purpose, if so, the UPF goes to an encryption and decryption module to carry out encryption processing, and then the UPF sends the message to the UE through the N3 and the base station.
And S12, after receiving the message, the UE judges whether decryption is needed according to the destination IP address, and if so, the decrypted message is transmitted to the APP through the protocol stack.
It should be noted that, the rule in the UE is issued in a PDU session establishment accept message, and as shown in the following table 1, the content MSG-1 for transmitting the encryption rule is newly added in a PDU session establishment accept message:
TABLE 1 Contents of encryption rules MSG-1
The method for realizing the encryption mode of the data message in the data transmission method provided by the application is introduced.
The embodiment of the application can divide the functional modules or functional units of the data transmission device according to the method example, for example, each functional module or functional unit can be divided corresponding to each function, or two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiment of the present application is schematic, which is merely a logic function division, and other division manners may be implemented in practice.
Exemplary, as illustrated in fig. 7, a schematic diagram of a possible structure of a data transmission device according to an embodiment of the present application is shown. The data transmission apparatus 700 includes: a receiving unit 701, a processing unit 702, and a transmitting unit 703.
The receiving unit 701 is configured to receive a data packet from a user terminal UE.
The processing unit 702 is configured to determine an encryption manner of the data packet.
The processing unit 702 is further configured to determine a destination IP address of the data packet according to an encryption manner of the data packet.
A sending unit 703, configured to send the data packet to the destination IP address.
Optionally, the processing unit 702 is further configured to determine an encryption mode of the data packet according to the packet encryption mode flag bit.
Optionally, the processing unit 702 is further configured to obtain a header of the data packet when the encryption mode of the data packet is a plaintext transmission mode, and determine a destination IP address of the data packet according to the header of the data packet.
Optionally, the processing unit 702 is further configured to decrypt the header of the data packet when the encryption mode of the data packet is a full encryption transmission mode or a packet header confusion encryption transmission mode, and determine the destination IP address of the data packet according to the decrypted header of the data packet.
Alternatively, the data transmission apparatus 700 may further include a storage unit (shown in a dashed box in fig. 7) storing a program or instructions that, when executed by the processing unit 702, enable the data transmission apparatus to perform the data transmission method described in the above-described method embodiment.
In addition, the technical effects of the data transmission device shown in fig. 7 may refer to the technical effects of the data transmission method described in the above embodiment, and will not be described herein.
Exemplary, as illustrated in fig. 8, a schematic diagram of another possible structure of a data transmission device according to an embodiment of the present application is shown. The data transmission apparatus 800 includes: a processing unit 801 and a transmitting unit 802.
The processing unit 801 is configured to determine a flag bit of a message encryption mode according to the unified data management UDM subscription data.
A sending unit 802, configured to send a data packet to a user plane function network element.
Optionally, the sending unit 802 is further configured to send, through the base station, a data packet to the user plane function network element.
Alternatively, the data transmission apparatus 800 may further include a storage unit (shown in a dashed line box in fig. 8) storing a program or instructions that, when executed by the processing unit 801, enable the data transmission apparatus to perform the data transmission method described in the above-described method embodiment.
In addition, the technical effects of the data transmission device described in fig. 8 may refer to the technical effects of the data transmission method described in the foregoing embodiments, and will not be described herein.
Fig. 9 is a schematic diagram illustrating still another possible configuration of the data transmission apparatus according to the above embodiment. As shown in fig. 9, the data transmission apparatus 900 includes: a processor 902.
The processor 902 is configured to control and manage the actions of the data transmission device, for example, perform the steps performed by the receiving unit 701, the processing unit 702, the sending unit 703, the processing unit 801, and the sending unit 802, and/or perform other processes of the technical solutions described herein.
The processor 902 may be implemented or realized with the various illustrative logical blocks, modules, and circuits described in connection with the present disclosure. The processor may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, etc.
Optionally, the data transmission device 900 may further comprise a communication interface 903, a memory 901 and a bus 904. Wherein the communication interface 903 is used to support communication between the data transmission device 900 and other network entities. The memory 901 is used for storing program codes and data of the data transmission apparatus.
Wherein the memory 901 may be a memory in a data transmission device, which may include a volatile memory, such as a random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk or solid state disk; the memory may also comprise a combination of the above types of memories.
Bus 909 may be an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus or the like. The bus 909 may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above. The specific working processes of the above-described systems, devices and modules may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
An embodiment of the present application provides a computer program product containing instructions, which when run on an electronic device of the present application, cause the computer to perform the data transmission method according to the above embodiment of the method.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, and when the computer executes the instructions, the electronic device executes each step executed by the data transmission device in the method flow shown in the method embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: electrical connections having one or more wires, portable computer diskette, hard disk. Random access Memory (Random Access Memory, RAM), read-Only Memory (ROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), registers, hard disk, optical fiber, portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium suitable for use by a person or persons of skill in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuit, ASIC). In embodiments of the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The foregoing is merely illustrative of specific embodiments of the present application, and the scope of the present application is not limited thereto, but any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.
Claims (7)
1. A data transmission method, applied to a user plane functional network element, the method comprising:
receiving a data message from a user terminal (UE); the data message comprises a message encryption mode flag bit;
determining the encryption mode of the data message according to the message encryption mode flag bit;
determining a destination IP address of the data message according to the encryption mode of the data message;
sending the data message to the destination IP address;
the encryption mode of the data message comprises the following steps: a plaintext transmission mode, a fully encrypted transmission mode and a message header confusion encrypted transmission mode;
the determining the encryption mode of the data message according to the message encryption mode flag bit comprises the following steps:
the packet detection priority presets a message encryption mode flag bit as a first priority, so that the user plane function network element firstly acquires an identification message encryption mode flag bit; determining a packet detection rule PDR corresponding to the data message according to the identified message encryption mode flag bit, and determining the encryption mode of the data message according to the PDR corresponding to the data message;
The determining the destination IP address of the data packet according to the encryption manner of the data packet specifically includes:
if the transmission mode indicated by the encryption mode flag bit of the data message is the plaintext transmission mode, acquiring a header of the data message, and determining a destination IP address of the data message according to the header of the data message;
and if the transmission mode indicated by the encryption mode flag bit of the data message is the full encryption transmission mode or the message header confusion encryption transmission mode, decrypting the header of the data message, and determining the destination IP address of the data message according to the decrypted header of the data message.
2. A data transmission method, applied to a user terminal UE, the method comprising:
according to unified data management UDM subscription data, determining a message encryption mode flag bit;
transmitting a data message to a user plane function network element;
the UE sends the data message to the user plane function network element through a base station; the data message comprises a message encryption mode flag bit; the packet detection priority is preset, and a message encryption mode flag bit is a first priority; the message encryption mode flag bit is used for indicating packet detection rules PDR corresponding to the data message, and the PDR corresponding to the data message is used for indicating the encryption mode of the data message; the encryption mode of the data message comprises the following steps: a plaintext transmission mode, a fully encrypted transmission mode and a message header confusion encrypted transmission mode;
If the transmission mode indicated by the encryption mode flag bit of the data message is the plaintext transmission mode, acquiring a header of the data message, and determining a destination IP address of the data message according to the header of the data message;
and if the transmission mode indicated by the encryption mode flag bit of the data message is the full encryption transmission mode or the message header confusion encryption transmission mode, decrypting the header of the data message, and determining the destination IP address of the data message according to the decrypted header of the data message.
3. A data transmission device, characterized in that the data transmission device comprises: the device comprises a receiving unit, a processing unit and a transmitting unit;
the receiving unit is used for receiving the data message from the user terminal UE; the data message comprises a message encryption mode flag bit;
the processing unit is used for determining the encryption mode of the data message according to the message encryption mode flag bit; the encryption mode of the data message comprises the following steps: a plaintext transmission mode, a fully encrypted transmission mode and a message header confusion encrypted transmission mode;
the processing unit is further configured to preset a packet encryption mode flag bit to be a first priority according to the packet detection priority, so that the receiving unit first obtains an identification packet encryption mode flag bit; determining a packet detection rule PDR corresponding to the data message according to the identified message encryption mode flag bit, and determining the encryption mode of the data message according to the PDR corresponding to the data message;
The processing unit is further used for determining a destination IP address of the data message according to the encryption mode of the data message;
the sending unit is used for sending the data message to the destination IP address;
the processing unit is further configured to obtain a header of the data packet when the transmission mode indicated by the encryption mode flag bit of the data packet is the plaintext transmission mode, and determine a destination IP address of the data packet according to the header of the data packet;
the processing unit is further configured to decrypt the header of the data packet when the transmission mode indicated by the encryption mode flag bit of the data packet is the full encryption transmission mode or the packet header confusion encryption transmission mode, and determine the destination IP address of the data packet according to the decrypted header of the data packet.
4. A data transmission device, characterized in that the data transmission device comprises: a processing unit and a transmitting unit;
the processing unit is used for managing the UDM subscription data according to the unified data and determining a message encryption mode flag bit;
the sending unit is used for sending the data message to the user plane function network element;
The sending unit is further configured to send the data packet to the user plane function network element through a base station; the data message comprises a message encryption mode flag bit; the packet detection priority is preset, and a message encryption mode flag bit is a first priority; the message encryption mode flag bit is used for indicating packet detection rules PDR corresponding to the data message, and the PDR corresponding to the data message is used for indicating the encryption mode of the data message; the encryption mode of the data message comprises the following steps: a plaintext transmission mode, a fully encrypted transmission mode and a message header confusion encrypted transmission mode;
the processing unit is further configured to obtain a header of the data packet when the transmission mode indicated by the encryption mode flag bit of the data packet is the plaintext transmission mode, and determine a destination IP address of the data packet according to the header of the data packet;
the processing unit is further configured to decrypt the header of the data packet when the transmission mode indicated by the encryption mode flag bit of the data packet is the full encryption transmission mode or the packet header confusion encryption transmission mode, and determine the destination IP address of the data packet according to the decrypted header of the data packet.
5. A communication system, characterized in that the communication system comprises a user plane function network element and a user terminal UE;
the user plane function network element is used for receiving the data message from the UE, determining the encryption mode of the data message and the destination IP address of the data message, and sending the data message to the destination IP address; the encryption mode of the data message comprises the following steps: a plaintext transmission mode, a fully encrypted transmission mode and a message header confusion encrypted transmission mode; after receiving a data message from a base station, the user plane function network element presets a message encryption mode flag bit as a first priority according to a packet detection priority, so that the user plane function network element firstly acquires an identification message encryption mode flag bit; determining a packet detection rule PDR corresponding to the data message according to the identified message encryption mode flag bit, and determining the encryption mode of the data message according to the PDR corresponding to the data message;
the UE is used for managing UDM subscription data according to unified data, determining a message encryption mode flag bit and sending the data message to the user plane function network element; wherein, the data message comprises the message encryption mode flag bit;
The user plane function network element is further configured to obtain a header of the data packet when the transmission mode indicated by the encryption mode flag bit of the data packet is the plaintext transmission mode, and determine a destination IP address of the data packet according to the header of the data packet; and when the transmission mode indicated by the encryption mode flag bit of the data message is the full encryption transmission mode or the message header confusion encryption transmission mode, decrypting the header of the data message, and determining the destination IP address of the data message according to the decrypted header of the data message.
6. An electronic device, comprising: a processor and a memory; wherein the memory is configured to store computer-executable instructions that, when the electronic device is operating, cause the electronic device to perform the data transmission method of claim 1 or 2 by the processor executing the computer-executable instructions stored by the memory.
7. A computer readable storage medium comprising instructions which, when executed by an electronic device, cause the electronic device to perform the data transmission method of claim 1 or 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111465977.7A CN114205814B (en) | 2021-12-03 | 2021-12-03 | Data transmission method, device and system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111465977.7A CN114205814B (en) | 2021-12-03 | 2021-12-03 | Data transmission method, device and system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114205814A CN114205814A (en) | 2022-03-18 |
| CN114205814B true CN114205814B (en) | 2023-11-21 |
Family
ID=80650363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111465977.7A Active CN114205814B (en) | 2021-12-03 | 2021-12-03 | Data transmission method, device and system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114205814B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473729B (en) * | 2022-09-09 | 2024-05-28 | 中国联合网络通信集团有限公司 | Data transmission method, gateway, SDN controller and storage medium |
| CN115460594A (en) * | 2022-09-16 | 2022-12-09 | 四川创智联恒科技有限公司 | Method for indicating data encryption direction by terminal side, transmitting and receiving equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105025475A (en) * | 2015-07-28 | 2015-11-04 | 东南大学常州研究院 | Andriod system-oriented implement method of mobile secure terminal |
| CN105516139A (en) * | 2015-12-09 | 2016-04-20 | 北京四达时代软件技术股份有限公司 | Network data transmission method, device and system |
| CN110177116A (en) * | 2019-06-10 | 2019-08-27 | 北京交通大学 | Intelligence melts the safety data transmission method and device of mark network |
| CN110719611A (en) * | 2018-07-11 | 2020-01-21 | 华为技术有限公司 | Message sending method and device |
| WO2020029922A1 (en) * | 2018-08-10 | 2020-02-13 | 华为技术有限公司 | Method and apparatus for transmitting message |
| CN110830989A (en) * | 2018-08-09 | 2020-02-21 | 华为技术有限公司 | Communication method and device |
| CN110913508A (en) * | 2019-11-25 | 2020-03-24 | 广州爱浦路网络技术有限公司 | 5G base station with UPF and data message processing method thereof |
| CN111901446A (en) * | 2019-05-05 | 2020-11-06 | 华为技术有限公司 | Method and equipment for allocating and acquiring IP address |
| CN112672345A (en) * | 2019-09-30 | 2021-04-16 | 华为技术有限公司 | Communication authentication method and related equipment |
| CN113472626A (en) * | 2021-07-06 | 2021-10-01 | 深圳艾灵网络有限公司 | Data message transmission method, electronic device and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210058748A1 (en) * | 2017-03-24 | 2021-02-25 | Apple Inc. | Systems and methods for group based services provisioning |
| KR102489245B1 (en) * | 2018-12-28 | 2023-01-17 | 삼성전자 주식회사 | A method and an apparatus for providing rule information in a wireless communication system |
-
2021
- 2021-12-03 CN CN202111465977.7A patent/CN114205814B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105025475A (en) * | 2015-07-28 | 2015-11-04 | 东南大学常州研究院 | Andriod system-oriented implement method of mobile secure terminal |
| CN105516139A (en) * | 2015-12-09 | 2016-04-20 | 北京四达时代软件技术股份有限公司 | Network data transmission method, device and system |
| CN110719611A (en) * | 2018-07-11 | 2020-01-21 | 华为技术有限公司 | Message sending method and device |
| CN110830989A (en) * | 2018-08-09 | 2020-02-21 | 华为技术有限公司 | Communication method and device |
| WO2020029922A1 (en) * | 2018-08-10 | 2020-02-13 | 华为技术有限公司 | Method and apparatus for transmitting message |
| CN111901446A (en) * | 2019-05-05 | 2020-11-06 | 华为技术有限公司 | Method and equipment for allocating and acquiring IP address |
| CN110177116A (en) * | 2019-06-10 | 2019-08-27 | 北京交通大学 | Intelligence melts the safety data transmission method and device of mark network |
| CN112672345A (en) * | 2019-09-30 | 2021-04-16 | 华为技术有限公司 | Communication authentication method and related equipment |
| CN110913508A (en) * | 2019-11-25 | 2020-03-24 | 广州爱浦路网络技术有限公司 | 5G base station with UPF and data message processing method thereof |
| CN113472626A (en) * | 2021-07-06 | 2021-10-01 | 深圳艾灵网络有限公司 | Data message transmission method, electronic device and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 5G端到端网络协同关键技术;刘义亮;李鑫;薄开涛;;电信科学(03);全文 * |
| Huawei.R3-161759 "RAN Support for Core Network Slicing".3GPP tsg_ran\WG3_Iu.2016,(第TSGR3_93期),全文. * |
| 移动物联网核心网技术应用及演进;谷群;李爱华;张;张彦;魏彬;苑红;;互联网天地(08);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114205814A (en) | 2022-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11695742B2 (en) | Security implementation method, device, and system | |
| CN110830991B (en) | Secure session method and device | |
| US11533610B2 (en) | Key generation method and related apparatus | |
| US20200228977A1 (en) | Parameter Protection Method And Device, And System | |
| KR102610951B1 (en) | Methods and apparatus for wireless communication using a security model to support multiple connectivity and service contexts | |
| WO2017105777A1 (en) | Securing signaling interface between radio access network and a service management entity to support service slicing | |
| CN110830993B (en) | Data processing method and device and computer readable storage medium | |
| US11234124B2 (en) | Terminal information transfer method and relevant products | |
| US8837365B2 (en) | Method and system for securely routing traffic on X2 interface in a 3GPP network | |
| CN114205814B (en) | Data transmission method, device and system, electronic equipment and storage medium | |
| KR20200086721A (en) | Security protection methods and devices | |
| US20230337002A1 (en) | Security context generation method and apparatus, and computer-readable storage medium | |
| CN113518315A (en) | Method, device and system for configuring radio bearer | |
| US20210168614A1 (en) | Data Transmission Method and Device | |
| WO2023224915A1 (en) | Security for distributed non-access stratum protocol in a mobile system | |
| CN108924826B (en) | Data transmission control method and device | |
| WO2021073382A1 (en) | Registration method and apparatus | |
| CN113645621B (en) | Secure communication method and device | |
| WO2023083346A1 (en) | Satellite communication system, method, and apparatus, receiver network element, and storage medium | |
| CN115776323A (en) | Method and system for realizing security of data link between satellites | |
| CN113938286A (en) | Data processing method and device | |
| NZ755869B2 (en) | Security implementation method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |