WO2019213856A1 - Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique - Google Patents

Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique Download PDF

Info

Publication number
WO2019213856A1
WO2019213856A1 PCT/CN2018/086107 CN2018086107W WO2019213856A1 WO 2019213856 A1 WO2019213856 A1 WO 2019213856A1 CN 2018086107 W CN2018086107 W CN 2018086107W WO 2019213856 A1 WO2019213856 A1 WO 2019213856A1
Authority
WO
WIPO (PCT)
Prior art keywords
drb
pdu session
function
information
parameter
Prior art date
Application number
PCT/CN2018/086107
Other languages
English (en)
Chinese (zh)
Inventor
杨宁
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to CN201880082325.5A priority Critical patent/CN111512659B/zh
Priority to PCT/CN2018/086107 priority patent/WO2019213856A1/fr
Publication of WO2019213856A1 publication Critical patent/WO2019213856A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management

Definitions

  • the present invention relates to the field of wireless communication technologies, and in particular, to a data bearer (DRB) integrity protection configuration method and apparatus, and a computer storage medium.
  • DRB data bearer
  • enhanced mobile broadband eMBB
  • URLLC Ultra Reliable Low Latency Communication
  • mMTC massive machine type communication
  • 5G mobile communication technology is also called Next Generation Wireless Communication Technology (NR, New Radio).
  • NR Next Generation Wireless Communication Technology
  • LTE Long Term Evolution
  • NR cells can also be deployed independently.
  • the session management function configures the security policy information of the PDU session when the protocol data unit (PDU) session is established.
  • PDU protocol data unit
  • DRB IP DRB Integrity Protection
  • DRB Integrity Protection DRB Integrity Protection
  • the SMF determines the security policy when the final PDU session is established based on subscription data from Unified Data Management (UDM) or a locally configured security policy.
  • UDM Unified Data Management
  • the next generation base station gNB, next generation NodeB determines whether to configure each DRB to use the DRB IP function according to security policy information from the Core Access and Mobility Management Function (AMF).
  • the security policy indication of the PDU session means that the gNB must configure the DRB IP function.
  • a UE capability is defined, which specifies an aggregation rate threshold of the DRB that allows all DRB IP functions that are configured to be configured to the UE (ie, cannot exceed this threshold). Therefore, the gNB needs to decide how to select the DRB to configure the DRB IP function.
  • an embodiment of the present invention provides a configuration method and device for DRB integrity protection, and a computer storage medium.
  • the base station acquires the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate the PDU.
  • the base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the base station determines whether to configure the DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
  • the method further includes:
  • the base station For determining the first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to notify the first core network element The first PDU session cannot configure the DRB IP function.
  • the method further includes:
  • the base station For determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session;
  • the base station For determining a second PDU session capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
  • the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • the base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
  • the base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP features including:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, the session of each PDU. Whether to configure the DRB IP function and/or whether to configure the DRB IP function for each of the QOS flows in the respective PDU sessions.
  • the method further includes:
  • the base station For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to A core network element notifies the first PDU session and/or the first QOS flow that the DRB IP function cannot be configured.
  • the method further includes:
  • the base station For determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session and/or the first QOS flow;
  • the base station For determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, the base station configures a DRB IP function for the second PDU session and/or the second QOS flow.
  • the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP features including:
  • the base station Determining, by the base station, the first aggregation data rate of the QOS flow corresponding to the PDU session of the first parameter according to the security policy information of each PDU session corresponding to the terminal, where the first parameter is used to indicate the need Configure the DRB IP function.
  • the base station If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station indicates that the DRB IP indication parameter is a DRB IP function for all PDU sessions of the first parameter.
  • the determining, by the base station, whether the DRB IP function is configured, according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
  • the base station Determining, by the base station, the third PDU session in which the indication parameter of the DRB IP is the second parameter according to the security policy information of the PDU session corresponding to the terminal, where the second parameter is used to indicate that the DRB IP function is recommended to be configured;
  • the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows for a PDU session.
  • a first acquiring unit configured to obtain security policy information and priority information of a PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is a priority for indicating a DRB IP corresponding to the PDU session;
  • a second acquiring unit configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • a configuration unit configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Information, determining whether a DRB IP function is configured for the respective PDU session.
  • the device further includes:
  • a feedback unit configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to send to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
  • the configuration unit is configured to: configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second PDU that can configure the DRB IP function. A session, configuring a DRB IP function for the second PDU session.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter.
  • the DRB IP function is configured for all PDU sessions.
  • the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local policy Determining whether a DRB IP function is configured for each of the third PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • a first acquiring unit configured to acquire security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a DRB corresponding to the PDU session An indication parameter of the IP, where the priority information is used to indicate a priority of a DRB IP corresponding to the QOS flow;
  • a second acquiring unit configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • a configuration unit configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS flow in each PDU session corresponding to the terminal is used.
  • the priority information determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
  • the device further includes:
  • a feedback unit configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used by the The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • the configuration unit is configured to not configure the DRB for the first PDU session and/or the first QOS flow for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function.
  • IP function for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
  • the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregate data rate of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter of the DRB IP is the first parameter.
  • the DRB IP function is configured for all PDU sessions.
  • the configuration unit is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Instructing to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first UE The capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
  • the computer storage medium provided by the embodiment of the present invention has stored thereon computer executable instructions, and the computer executable instructions are implemented by the processor to implement the DRB integrity protection configuration method.
  • the base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the PDU session;
  • the base station acquires the first UE capability information of the terminal, and the first UE capability information includes an aggregation of the DRB IP required by the terminal.
  • the data rate capability threshold is determined by the base station according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal, and whether the DRB IP function is configured.
  • the base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session.
  • the priority information is used to indicate the priority of the DRB IP corresponding to the QOS flow;
  • the base station acquires the first UE capability information of the terminal, where the first UE capability information includes the aggregated data about the DRB IP required by the terminal. a rate capability threshold; the base station determines whether to configure according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
  • DRB IP function is used to indicate the priority of the DRB IP corresponding to the QOS flow.
  • the first core network element (such as SMF) configures the DRB IP priority of the PDU session granularity or the DRB IP priority of the QOS flow granularity, so that the base station (such as gNB) can be based on the first core network.
  • These configuration decisions of the network element determine how to configure the DRB IP function for the PDU session and/or the QOS flow (corresponding DRB), so that the base station can more rationally decide and select the DRB to configure the DRB IP function.
  • Figure 1 is a flow chart of the existing DRB integrity protection
  • FIG. 2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention
  • FIG. 5 is a second schematic flowchart of a method for configuring DRB integrity protection according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • the technical solution of the embodiment of the present invention is mainly applied to a 5G mobile communication system.
  • the technical solution of the embodiment of the present invention is not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems.
  • eMBB aims at users to obtain multimedia content, services and data, and its business needs are growing rapidly. Because eMBB may be deployed in different scenarios, such as indoors, urban areas, and rural areas, the difference in service capabilities and requirements is relatively large. Therefore, services must be analyzed in combination with specific deployment scenarios.
  • URLLC scenario Typical applications for URLLC include: industrial automation, power automation, telemedicine operations, traffic security, and more.
  • Typical characteristics of URLLC include: high connection density, small data volume, delay-insensitive service, low cost and long service life of the module.
  • the network side and the terminal side are required to negotiate the size of the MAC-I.
  • FIG. 2 is a schematic flowchart 1 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 2, the method for configuring DRB integrity protection includes the following steps:
  • Step 201 The base station acquires the security policy information and the priority information of the PDU session configured by the network element of the first core network, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority information is used to indicate The priority of the DRB IP corresponding to the PDU session.
  • the technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system.
  • the technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF.
  • the second core network element referred to below refers to the AMF.
  • the first core network element when the PDU session is established, the first core network element (such as the SMF) configures the security policy information and the priority information corresponding to the PDU session, where the security policy information includes the PDU session.
  • the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
  • the first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
  • the third parameter is used to indicate that the DRB IP function does not need to be configured.
  • the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like.
  • the priority of the DRB IP in the priority information is for the session, for example, the PDU session 1 corresponds to the first priority, the PDU session 2 corresponds to the second priority, the PDU session 3 corresponds to the third priority, and so on.
  • Step 202 The base station acquires first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
  • the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
  • Step 203 The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
  • Scenario 1 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines whether to configure the DRB IP for each PDU session according to the priority information of each PDU session corresponding to the terminal. Features. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
  • the base station for determining a first PDU session in which the DRB IP function cannot be configured, the base station does not configure a DRB IP function for the first PDU session; and for determining a second PDU session capable of configuring a DRB IP function, the base station The DRB IP function is configured for the second PDU session. Further, for determining a first PDU session in which the DRB IP function cannot be configured, the base station sends first feedback information to the first core network network element, where the first feedback information is used to the first core network element Notifying the first PDU session that the DRB IP function cannot be configured.
  • Scenario 2 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of the respective third PDU session, the first UE capability information, and the local policy, Whether the DRB IP function is configured for the three PDU sessions.
  • Scenario 3 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured;
  • the indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
  • the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB is enabled for the DRB corresponding to the PDU session.
  • the foregoing needs to be combined with the priority of the PDU session to determine whether to configure the DRB IP function, if the aggregated data rate capability threshold value defined by the first UE capability information is met, the priority is higher.
  • the PDU session is configured with the DRB IP function.
  • FIG. 3 is a flowchart of DRB integrity protection according to application example 1 of the embodiment of the present invention
  • FIG. 4 is a schematic diagram of each protocol stack of application example 1, as shown in FIG. 3 and FIG.
  • the priority information of the PDU session is also configured, and the priority information indicates that the PDU session is configured with the priority of the DRB IP.
  • the gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
  • the gNB decides whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of the PDU session of each DRB IP. specifically,
  • the gNB determines whether to configure the DRB IP according to the DRB IP priority of the PDU session.
  • the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
  • the gNB configures all the security policy indication parameters as “required”.
  • the DRB corresponding to the PDU session enables the DRB IP function.
  • the gNB determines whether to configure the DRB corresponding to the PDU session according to the aggregated data rate capability threshold, the DRB IP priority of the PDU session, and the local policy.
  • the DRB IP function is preferentially configured for the PDU session with higher priority.
  • FIG. 5 is a schematic flowchart 2 of a method for configuring DRB integrity protection according to an embodiment of the present invention. As shown in FIG. 5, the DRB integrity protection configuration method includes the following steps:
  • Step 501 The base station acquires the security policy information of the PDU session configured by the first core network element and the priority information of each QOS flow in the PDU session, where the security policy information includes an indication of the DRB IP corresponding to the PDU session. And the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
  • the technical solution of the embodiment of the present invention may be applied to, but not limited to, a 5G system.
  • the technical solution of the embodiment of the present invention is applied to a 5G system, where the base station refers to a gNB, and the first core network element refers to an SMF.
  • the second core network element referred to below refers to the AMF.
  • the first core network element configures the security policy information corresponding to the PDU session and the priority information of each QOS flow in the PDU session, where the The security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
  • the indication parameters of the DRB IP corresponding to the PDU session are classified into the following three types:
  • the first parameter (required): the first parameter is used to indicate that the DRB IP function needs to be configured.
  • the second parameter (preferred): the second parameter is used to indicate a recommended configuration of the DRB IP function.
  • the third parameter is used to indicate that the DRB IP function does not need to be configured.
  • the indication parameter of the DRB IP in the security policy information is for the PDU session, for example, the PDU session 1 corresponds to the first parameter, the PDU session 2 corresponds to the second parameter, the PDU session 3 corresponds to the first parameter, and the like.
  • the priority of the DRB IP in the priority information is for the QOS flow, for example, the QOS flow 1 corresponds to the first priority, the QOS flow 2 corresponds to the second priority, the QOS flow 3 corresponds to the third priority, etc. .
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than all PDU sessions with lower priority. The priority of the QOS stream.
  • Step 502 The base station acquires the first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal.
  • the aggregated data rate of the DRBs that are allowed to be configured to all the DRB IP functions of the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
  • Step 503 The base station determines whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
  • determining whether to configure the DRB IP function needs to be combined with the security policy information of each PDU session, and is roughly classified into the following scenarios:
  • Scenario 1 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data rate of the QOS flow corresponding to the PDU session of the first parameter, where the indication parameter of the DRB IP is the first parameter. Indicates that the DRB IP function needs to be configured. 1) If the first aggregated data rate is greater than the aggregated data rate capability threshold, the base station determines, according to the priority information of each QOS flow in each PDU session corresponding to the terminal, Whether the PDU session configures the DRB IP function and/or whether the DRB IP function is configured for each of the QOS flows in the respective PDU session. 2) If the first aggregated data rate is less than or equal to the aggregated data rate capability threshold, the base station configures a DRB IP function for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
  • the base station for determining a first PDU session and/or a first QOS flow in which the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow; A second PDU session and/or a second QOS flow of the DRB IP function can be configured, the base station configuring a DRB IP function for the second PDU session and/or the second QOS flow. Further, for determining the first PDU session and/or the first QOS flow that cannot configure the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used for The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • Scenario 2 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third PDU session of the second parameter, and the second parameter is used to indicate that the DRB IP function is recommended to be configured. For each third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station determines, according to the priority information of each QOS flow in the respective third PDU session, the first UE capability information, and the local policy. Whether to configure a DRB IP function for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • Scenario 3 The base station determines, according to the security policy information of each PDU session corresponding to the terminal, that the indication parameter of the DRB IP is the third parameter PDU session, and the third parameter is used to indicate that the DRB IP function is not required to be configured;
  • the indication parameter of the DRB IP is a fourth PDU session of the third parameter, and the base station does not configure the DRB IP function for the fourth PDU session.
  • the configuration of the DRB IP function involved in the foregoing embodiment of the present invention means that the DRB-enabled DRB IP function corresponding to the PDU session and/or the QOS flow is enabled.
  • the priority is higher under the condition that the aggregated data rate capability threshold value defined by the first UE capability information is met.
  • the QOS stream is configured with the DRB IP function.
  • FIG. 6 is a flowchart of DRB integrity protection according to application example 2 of the embodiment of the present invention
  • FIG. 7 is a schematic diagram of each protocol stack of application example 2, as shown in FIG. 6 and FIG.
  • the SMF configures the PDU session information to the gNB
  • the priority information of each QoS flow in the PDU session is also configured, and the priority information indicates that the QoS flow is configured with the priority of the DRB IP.
  • the gNB obtains the aggregated data rate capability threshold of the UE about the DRB IP, and the information may be reported from the UE or from the AMF.
  • the gNB determines whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold of the DRB IP and the priority information of each QoS flow of each PDU session. specifically,
  • the gNB decides according to the DRB IP priority of each QOS flow of the PDU session. Whether to configure the DRB IP function. For a PDU session and/or Qos flow that cannot be configured with the DRB IP function, the gNB can directly reject the SMF or the gNB to determine the corresponding DRB without the DRB IP function.
  • the gNB configures all the security policy indication parameters as “required”.
  • the DRB corresponding to the PDU session enables the DRB IP function.
  • the gNB determines whether the DRB corresponding to the QoS session of the PDU session is configured to enable the DRB IP according to the DRB IP precedence and the local policy of each QOS flow in the PDU session.
  • FIG. 8 is a schematic diagram showing the result composition of a DRB integrity protection configuration apparatus according to an embodiment of the present invention.
  • the apparatus comprises:
  • the first obtaining unit 801 is configured to obtain the security policy information and the priority information of the PDU session configured by the first core network element, where the security policy information includes an indication parameter of the DRB IP corresponding to the PDU session, where the priority is The information is used to indicate a priority of the DRB IP corresponding to the PDU session;
  • a second acquiring unit 802 configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, the base station according to the priority of each PDU session corresponding to the terminal Level information, determining whether a DRB IP function is configured for the respective PDU session.
  • the device further includes:
  • the feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session in which the DRB IP function cannot be configured, where the first feedback information is used to the first core network The element notifies that the first PDU session cannot configure the DRB IP function.
  • the configuration unit 803 is configured to: not configure a DRB IP function for the first PDU session for determining a first PDU session in which the DRB IP function cannot be configured; and determine a second function capable of configuring the DRB IP function. A PDU session, configuring a DRB IP function for the second PDU session.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
  • the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of the respective third PDU session, the first UE capability information, and the local A policy determines whether a DRB IP function is configured for each of the third PDU sessions.
  • the configuring the DRB IP function means: enabling the DRB IP function for the DRB corresponding to the PDU session.
  • the apparatus includes:
  • the first obtaining unit 801 is configured to obtain security policy information of a PDU session configured by the first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes a corresponding PDU session.
  • a second acquiring unit 802 configured to acquire first UE capability information of the terminal, where the first UE capability information includes an aggregate data rate capability threshold value of the DRB IP required by the terminal;
  • the configuration unit 803 is configured to determine whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session. .
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter.
  • the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is greater than the aggregate data rate capability threshold, each QOS in each PDU session corresponding to the terminal is used.
  • the priority information of the flow determines whether the DRB IP function is configured for the respective PDU session and/or whether the DRB IP function is configured for each QOS flow in the respective PDU session.
  • the device further includes:
  • the feedback unit 804 is configured to send first feedback information to the first core network element for determining a first PDU session and/or a first QOS flow that cannot configure the DRB IP function, where the first feedback information is used to The first core network element notifies the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
  • the configuration unit 803 is configured to: configure, for the first PDU session and/or the first QOS flow, that the DRB IP function cannot be configured, and configure the first PDU session and/or the first QOS flow.
  • the DRB IP function for determining a second PDU session and/or a second QOS flow capable of configuring a DRB IP function, configuring a DRB IP function for the second PDU session and/or the second QOS flow.
  • the configuration unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, the first aggregate data of the QOS flow corresponding to the PDU session in which the indication parameter of the DRB IP is the first parameter. Rate, the first parameter is used to indicate that the DRB IP function needs to be configured; if the first aggregate data rate is less than or equal to the aggregate data rate capability threshold, the indication parameter for the DRB IP is the first parameter All PDU sessions are configured with the DRB IP feature.
  • the configuration unit 803 is configured to determine, according to security policy information of each PDU session corresponding to the terminal, a third PDU session in which the indication parameter of the DRB IP is the second parameter, where the second parameter is used. Demonstrating the recommendation to configure the DRB IP function; for the third PDU session in which the indication parameter of the DRB IP is the second parameter, the base station according to the priority information of each QOS flow in the respective third PDU session, the first The UE capability information and the local policy determine whether a DRB IP function is configured for each of the respective third PDU sessions and/or each of the respective third PDU sessions.
  • the configuring the DRB IP function refers to: enabling the DRB IP function for the DRB corresponding to the PDU session and/or the QOS flow.
  • the PDU session also has priority information. For two PDU sessions with different priorities, all QOS flows of the PDU session with higher priority have higher priority than the lower priority. The priority of all QOS flows of the PDU session.
  • the implementation functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing DRB integrity protection configuration method.
  • the functions of the units in the DRB integrity protection configuration apparatus shown in FIG. 8 can be implemented by a program running on the processor, or can be realized by a specific logic circuit.
  • the DRB integrity protection configuration device may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer executable instructions are stored, and the computer executable instructions are executed by the processor to implement the DRB integrity protection configuration method of the embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
  • the computer device may be a terminal or a network device.
  • computer device 100 may include one or more (only one shown) processor 1002 (processor 1002 may include, but is not limited to, a Micro Controller Unit (MCU) or a programmable logic device.
  • a processing device such as an FPGA (Field Programmable Gate Array), a memory 1004 for storing data, and a transmission device 1006 for a communication function.
  • FPGA Field Programmable Gate Array
  • FIG. 9 is merely illustrative and does not limit the structure of the above electronic device.
  • computer device 100 may also include more or fewer components than shown in FIG. 9, or have a different configuration than that shown in FIG.
  • the memory 1004 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the method in the embodiment of the present invention, and the processor 1002 executes various functional applications by running software programs and modules stored in the memory 1004. And data processing, that is, to achieve the above method.
  • Memory 1004 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 1004 can further include memory remotely located relative to processor 1002, which can be connected to computer device 100 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • Transmission device 1006 is for receiving or transmitting data via a network.
  • the network specific examples described above may include a wireless network provided by a communication provider of computer device 100.
  • the transmission device 1006 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission device 1006 can be a radio frequency (RF) module for communicating with the Internet wirelessly.
  • NIC Network Interface Controller
  • RF radio frequency
  • the disclosed method and smart device may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one second processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un appareil de configuration de protection d'intégrité DRB, et un support de stockage informatique. Le procédé comprend les étapes suivantes : une station de base acquiert des informations de politique de sécurité et des informations de priorité d'une session PDU configurée par un élément de réseau d'un premier réseau central, les informations de politique de sécurité comprenant un paramètre d'indication d'une IP DRB correspondant à la session PDU, les informations de priorité étant utilisées pour indiquer une priorité de l'IP DRB correspondant à la session PDU ; la station de base acquiert des premières informations de capacité d'UE d'un terminal, les premières informations de capacité d'UE comprenant une valeur de seuil de capacité de débit de données agrégées concernant la IP DRB demandée par le terminal ; et la station de base détermine, selon les premières informations de capacité d'UE, les informations de politique de sécurité et les informations de priorité de chaque session PDU correspondant au terminal, s'il convient ou pas de configurer une fonction IP DRB.
PCT/CN2018/086107 2018-05-09 2018-05-09 Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique WO2019213856A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201880082325.5A CN111512659B (zh) 2018-05-09 2018-05-09 Drb完整性保护的配置方法及装置、计算机存储介质
PCT/CN2018/086107 WO2019213856A1 (fr) 2018-05-09 2018-05-09 Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/086107 WO2019213856A1 (fr) 2018-05-09 2018-05-09 Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique

Publications (1)

Publication Number Publication Date
WO2019213856A1 true WO2019213856A1 (fr) 2019-11-14

Family

ID=68467242

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/086107 WO2019213856A1 (fr) 2018-05-09 2018-05-09 Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique

Country Status (2)

Country Link
CN (1) CN111512659B (fr)
WO (1) WO2019213856A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660665A (zh) * 2020-04-30 2021-11-16 华为技术有限公司 一种通信方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012055114A1 (fr) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Sécurité d'un trafic sur le plan usager entre un noeud relais et un réseau d'accès radio
CN103069916A (zh) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 移动通信方法、中继节点以及无线基站
CN103314548A (zh) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 启用和禁用对数据无线电承载的完整性保护

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103069916A (zh) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 移动通信方法、中继节点以及无线基站
WO2012055114A1 (fr) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Sécurité d'un trafic sur le plan usager entre un noeud relais et un réseau d'accès radio
CN103314548A (zh) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 启用和禁用对数据无线电承载的完整性保护

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE CORPORATION ET AL.: "Framework for DRB Integrity Protection", R2-1802049, 3GPP TSG- RAN WG2 MEETING #101, 15 February 2018 (2018-02-15), XP051399817 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660665A (zh) * 2020-04-30 2021-11-16 华为技术有限公司 一种通信方法及装置

Also Published As

Publication number Publication date
CN111512659B (zh) 2021-09-21
CN111512659A (zh) 2020-08-07

Similar Documents

Publication Publication Date Title
CN110366271B (zh) 通信方法和通信装置
CN110461027B (zh) 一种网络切片选择方法及装置
CN110913508B (zh) 一种部署了upf的5g基站的数据报文处理方法
WO2018045877A1 (fr) Procédé de commande de tranchage de réseau et dispositif associé
US11553546B2 (en) Methods and systems for radio access network aggregation and uniform control of multi-RAT networks
WO2016141793A1 (fr) Procédé de configuration de pile de protocole d'interface hertzienne, ainsi que dispositif et procédé de transmission de données
EP4138443A1 (fr) Procédé et appareil de communication
WO2022017113A1 (fr) Procédé et appareil de communication
JP7128874B2 (ja) 異種ネットワーク環境での次世代ネットワークサービスを提供する方法及び装置
WO2019136622A1 (fr) Procédé et dispositif de transmission de données et support de stockage informatique
WO2019213856A1 (fr) Procédé et appareil de configuration de protection d'intégrité drb, et support de stockage informatique
WO2023088009A1 (fr) Procédé de transmission de données et appareil de communication
WO2016055026A1 (fr) Procédé et dispositif de transmission d'un segment de paquet d'accusé de réception du protocole de contrôle de transmission
US20220286899A1 (en) Interface between a radio access network and an application
EP4300983A1 (fr) Procédé de transmission de données multimédia et appareil de communication
US11363561B2 (en) Method and apparatus for reporting information by terminal, and computer storage medium
WO2019028922A1 (fr) Procédé et dispositif de transmission d'informations de configuration de cellules
WO2019140648A1 (fr) Procédé et dispositif de notification d'informations par un terminal et support d'informations d'ordinateur
US11343708B2 (en) Data transmission method and device, and computer storage medium
WO2023065953A1 (fr) Procédé et appareil de planification sans fil, et système
WO2024055871A1 (fr) Procédé de transmission de données dans un système de communication, et appareil de communication
EP4228180A1 (fr) Appareil, procédés et programmes informatiques
US20220015182A1 (en) Terminal apparatus, base station apparatus, and method therefor
WO2019136927A1 (fr) Procédé et dispositif de transmission de données, et support de stockage informatique
WO2021056386A1 (fr) Procédé de communication sans fil et dispositif terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18917959

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18917959

Country of ref document: EP

Kind code of ref document: A1