WO2021056464A1 - Data safety processing method and communication apparatus - Google Patents

Abstract

The present application provides a data safety processing method and a communication apparatus. The method comprises: determining a first transmission mode of first data, the first transmission mode being at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode; and determining a safety processing mode for the first data according to the first transmission mode. According to the method provided in the present application, one PDCP is associated with one or more RLC entities, the transmission mode corresponding to one RLC entity is the unicast or multicast transmission mode, and the plurality of RLC entities comprise RLC entities corresponding to the unicast transmission mode and the multicast transmission mode. During data transmission, according to different data transmission modes in the same radio bearer, corresponding safety processing is performed on the data. The safety of data transmission is improved, and by implementing different safety processing processes in the same bearer, safety requirements of data under different transmission modes are satisfied, and the flexibility of safety processing is improved.

Description

Method and communication device for data safety processing Technical field

This application relates to the field of communications, and more specifically, to a method and communication device for data security processing.

Background technique

Devices that perform wireless communication (such as network devices and terminal devices) have a certain protocol stack structure. The protocol stack may include radio resource control (RRC) layer, packet data convergence protocol (PDCP) layer, radio link control (RLC) layer, media access control (media Access control, MAC) layer and physical layer (physics, PHY) and other protocol layers. Each layer has corresponding functional entities to perform corresponding functions, for example, the PDCP layer corresponds to the PDCP entity, and the RLC layer corresponds to the RLC entity. When data is transmitted between a network device and a terminal device, the data needs to pass through the various protocol layers on the network device and the terminal device in turn, and perform corresponding processing at each layer.

Multicast transmission technology refers to a technology in which a network device sends data and multiple terminal devices simultaneously receive the data, that is, point-to-multipoint transmission. Unicast transmission technology (or called unicast transmission mode) refers to a technology in which a network device sends data and only one terminal device receives the data, that is, point-to-point transmission.

In the prior art, when data is transmitted between a network device and a terminal device in a multicast transmission manner, neither the network device nor the terminal device will perform secure processing on the multicast data. Therefore, during the transmission of the multicast data, security problems may be caused, which may result in tampering or eavesdropping of the multicast data, which affects the user experience.

Summary of the invention

This application provides a method and communication device for data security processing. Associate one or more RLC entities by configuring a PDCP. The transmission mode corresponding to one RLC entity is a unicast transmission mode or a multicast transmission mode, and the multiple RLC entities include the RLC entity corresponding to the unicast transmission mode and the RLC entity in the multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. Moreover, after judging the transmission mode adopted for the data in the same radio bearer, corresponding security processing is performed on the data according to different transmission modes. On the one hand, the security of data transmission is improved. On the other hand, by implementing different security processing procedures in the same bearer, the respective security requirements of data under different transmission modes can be met, and the flexibility of security processing can be improved.

In the first aspect, a method for data security processing is provided. The execution subject of the method can be either the first device or the second device, or a chip applied in the first device or the second device. Optionally, the first device may be a network device, and the second device may be a terminal device. In the protocol stacks of the first device and the second device, one PDCP entity is associated with one or more RLC entities. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the multiple RLC entities include the RLC entity corresponding to the unicast transmission mode and the RLC entity in the multicast transmission mode. The method includes: determining a first transmission mode of first data, the first transmission mode being at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and a multicast transmission mode, the unicast and multicast transmission The mode is a transmission mode using unicast and multicast transmission; according to the first transmission mode, a safe processing mode for the first data is determined.

In the method for data security processing provided by the first aspect, one or more RLC entities are associated with one PDCP configuration. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. And, according to the unused transmission method, the corresponding security processing of the data is carried out. On the one hand, the security of data transmission is improved. On the other hand, different security processing procedures within the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In a possible implementation of the first aspect, when the first transmission mode is a unicast transmission mode, the secure processing mode of the first data is the first secure processing; or,

When the first transmission mode is a multicast transmission mode, the secure processing mode of the first data is the second secure processing; or,

When the first transmission method is unicast or multicast transmission, the secure processing method of the first data is the first secure processing, the secure processing method of the second data is the second secure processing, and the second data is copied This first data is obtained.

In a possible implementation of the first aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt and/or integrity protect the data. The second security process is no security process.

In a possible implementation of the first aspect, the first security processing includes using a third parameter and/or a third algorithm to encrypt data and/or integrity protection. The second security process is no security process.

In a possible implementation manner of the first aspect, the first security processing is no security processing. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data.

In a possible implementation manner of the first aspect, the first security processing is no security processing. The second security processing includes using a fourth parameter and/or a fourth algorithm to encrypt data and/or integrity protection.

In a possible implementation of the first aspect, the first security processing includes using a first parameter and/or a first algorithm to encrypt and/or integrity protection data, or the first security processing includes using a third The parameters and/or the third algorithm perform decryption and/or integrity verification on the data.

The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protection of the data, or the second security processing includes using the fourth parameter and/or the fourth algorithm to decrypt the data and / Or integrity verification.

The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or. The third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.

In a possible implementation of the first aspect, the first parameter includes a first secret key, and/or the second parameter includes a second secret key; or, the third parameter includes a third secret key, and/ Or, the fourth parameter includes a fourth secret key.

In a possible implementation of the first aspect, the first security processing may be to use the first parameter and/or the first algorithm to encrypt data, or the first security processing may be to use the first parameter and/or the first algorithm. The algorithm performs integrity protection on the data, or, the first security processing may include using the first algorithm to encrypt the data and using the first parameter to perform integrity protection on the data.

In a possible implementation of the first aspect, the second security processing may be using the second parameter and/or the second algorithm to encrypt data, or the second security processing may be using the second parameter and/or the second algorithm. The algorithm performs integrity protection on the data, or the second security processing may be to use the second algorithm to encrypt the data and use the second parameter to perform integrity protection on the data.

In a possible implementation of the first aspect, the third security processing may be to use the third parameter and/or the third algorithm to decrypt the data, or the first security processing may be to use the third parameter and/or the third algorithm to decrypt the data. The algorithm verifies the integrity of the data, or the third security process may be to decrypt the data using the third algorithm and use the third parameter to verify the integrity of the data.

In a possible implementation of the first aspect, the fourth security processing may be using the fourth parameter and/or the fourth algorithm to decrypt data, or the fourth security processing may be using the fourth parameter and/or the fourth algorithm. The algorithm verifies the integrity of the data, or the fourth security process may be to decrypt the data using the fourth algorithm and use the fourth parameter to verify the integrity of the data.

In a possible implementation of the first aspect, not performing security processing can be understood as not performing decryption and/or integrity verification on the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

In the second aspect, a method for data security processing is provided. The execution subject of the method can be either a first device or a chip applied to the first device. Optionally, the first device may be a network device, and in the protocol stack of the first device, one PDCP entity is associated with one or more RLC entities. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the multiple RLC entities include the RLC entity corresponding to the unicast transmission mode and the RLC entity in the multicast transmission mode. The method includes: performing a first security process on the first data; performing a second security process on the second data, the second data being obtained by copying the first data; and sending through the first data according to the first transmission mode of the data. The first data after a security process, and/or the second data after the second security process is sent, the first transmission mode is a unicast transmission mode, a multicast transmission mode, or unicast and multicast At least one of the transmission modes, and the unicast and multicast transmission modes are transmission modes that use unicast and multicast for transmission.

In the method for data security processing provided by the second aspect, one or more RLC entities are associated with one PDCP configuration. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. When performing data transmission, all possible transmission methods of the data are respectively subjected to corresponding security processing procedures, and multiple copies of the data after the security processing are respectively submitted to the RLC entity of the corresponding transmission method, and finally the RLC entity determines the transmission method used for the data. Use a certain transmission method to send data. Improve the security of data transmission. In addition, different security processing procedures in the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In a possible implementation manner of the second aspect, according to the first data transmission mode, the first data after the first security processing is sent, and/or the second data after the second security processing is sent Data, including:

When the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

When the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

When the first data transmission mode is a unicast or a multicast transmission mode, the first data after the first security processing and the second data after the second security processing are sent.

In a possible implementation of the second aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt data and/or integrity protection; the second security processing is not performing security processing.

In a possible implementation of the second aspect, the first security processing is not performing security processing; the second security processing includes using a second parameter and/or a second algorithm to encrypt and/or integrity protect data.

In a possible implementation of the second aspect, the first security processing includes using a first parameter and/or a first algorithm to encrypt and/or integrity protection; the second security processing includes using a second parameter and /Or the second algorithm performs encryption and/or integrity protection on the data; the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

In a possible implementation manner of the second aspect, the first parameter includes a first secret key, and/or, the second parameter includes a second secret key.

In a third aspect, a method for data security processing is provided. The execution subject of the method can be either a first device or a chip applied to the first device. Optionally, the first device may be a network device, and one PDCP entity in the protocol stack of the first device is associated with one or more RLC entities. The transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode, and the multiple RLC entities include the RLC entity corresponding to the unicast transmission mode and the RLC entity in the multicast transmission mode. The method includes: performing first security processing on first data; determining a first transmission mode of the first data after the first security processing, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or At least one of unicast and multicast transmission methods, the unicast and multicast transmission methods are transmission methods that use unicast and multicast; when the first transmission method is unicast transmission, use the unicast transmission The first data after the first security processing is sent in a method; when the first transmission method is a multicast transmission method, the first data after the first security processing is sent using the multicast transmission method; when the first transmission method is One transmission mode is unicast and multicast transmission. The unicast transmission mode is used to send the first data after the first security processing, and the multicast transmission mode is used to send the third data. The third data is copied Obtained from the first data after the first security processing.

The method for data security processing provided by the third aspect associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. In addition, the security processing methods corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device first processes the data securely, and then sends the securely processed data according to the unused transmission mode of the data. Improve the security of data transmission. It can realize the data security processing process in the same bearer, meet the security requirements of data under different transmission modes, and improve communication efficiency.

In a possible implementation of the third aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt data and/or integrity protection; or, the first security processing is not performing security deal with.

In a possible implementation manner of the third aspect, the first parameter includes a first secret key.

It should be understood that in the data security processing methods provided in various aspects of this application, the leaflet broadcast transmission mode, the multicast transmission mode, the unicast and the multicast transmission modes are all for the same radio bearer, and can be understood as a radio The bearer supports different transmission methods, or the data in a bearer can be transmitted using different transmission methods. This radio bearer can be an existing radio bearer or a new type of radio bearer.

In a fourth aspect, a communication device is provided. The communication device may be a network device or a terminal device. One PDCP in the protocol stack of the communication device is associated with one or more RLC entities. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

The processing unit is configured to determine a first transmission mode of the first data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and a multicast transmission mode, the unicast and multicast transmissions The transmission method is a transmission method that uses unicast and multicast. The processing unit is further configured to determine a safe processing method for the first data according to the first transmission method.

The communication device provided in the fourth aspect associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. And, according to the unused transmission method, the data is processed safely. On the one hand, the security of data transmission is improved. On the other hand, different security processing procedures within the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In a possible implementation manner of the fourth aspect, when the first transmission mode is a unicast transmission mode, the processing unit determines that the secure processing mode of the first data is the first secure processing; or

When the first transmission mode is a multicast transmission mode, the processing unit determines that the secure processing mode of the first data is the second secure processing; or,

When the first transmission mode is unicast or multicast transmission, the processing unit determines that the security processing mode of the first data is the first security processing, and the security processing mode of the second data is the second security processing, and the second security processing mode is the second security processing mode. The data is obtained by copying the first data.

In a possible implementation manner of the fourth aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt and/or integrity protect the data. The second security process is no security process.

In a possible implementation manner of the fourth aspect, the first security processing includes using a third parameter and/or a third algorithm to encrypt data and/or integrity protection. The second security process is no security process.

In a possible implementation manner of the fourth aspect, the first security processing is no security processing. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data.

In a possible implementation manner of the fourth aspect, the first security processing is no security processing. The second security processing includes using a fourth parameter and/or a fourth algorithm to encrypt data and/or integrity protection.

In a possible implementation of the fourth aspect, the first security processing includes using a first parameter and/or a first algorithm to encrypt and/or integrity protection data, or the first security processing includes using a third Parameter and/or third algorithm to decrypt and/or integrity verification of data;

The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protection of the data, or the second security processing includes using the fourth parameter and/or the fourth algorithm to decrypt the data and / Or integrity verification.

The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or the third parameter and the fourth parameter are the same or different, the third algorithm and the fourth algorithm Same or different.

In a possible implementation of the fourth aspect, the first parameter includes a first secret key, and/or the second parameter includes a second secret key; or, the third parameter includes a third secret key, and/ Or, the fourth parameter includes a fourth secret key.

In a fifth aspect, a communication device is provided. The communication device may be a network device. One PDCP in the protocol stack of the communication device is associated with one or more RLC entities. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

The processing unit is configured to perform first security processing on the first data.

The processing unit is further configured to perform second security processing on the second data, the second data being obtained by copying the first data.

The transceiver unit is configured to send the first data after the first security processing and/or send the second data after the second security processing according to the first transmission mode of the data, the first transmission mode It is at least one of a unicast transmission method, a multicast transmission method, or a unicast and a multicast transmission method, and the unicast and multicast transmission methods are transmission methods that use unicast and multicast for transmission.

The communication device provided in the fifth aspect associates one or more RLC entities by configuring one PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. When performing data transmission, all possible transmission methods of the data are respectively subjected to corresponding security processing procedures, and multiple copies of the data after the security processing are respectively submitted to the RLC entity of the corresponding transmission method, and finally the RLC entity determines the transmission method used for the data. Use a certain transmission method to send data. Improve the security of data transmission. In addition, different security processing procedures in the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In a possible implementation manner of the fifth aspect, the transceiver unit is also used for;

When the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

When the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

When the first data transmission mode is a unicast or a multicast transmission mode, the first data after the first security processing and the second data after the second security processing are sent.

In a possible implementation manner of the fifth aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt and/or integrity protect the data. The second security process is no security process.

In a possible implementation manner of the fifth aspect, the first security processing is no security processing. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data.

In a possible implementation manner of the fifth aspect, the first security processing includes using the first parameter and/or the first algorithm to encrypt and/or integrity protect the data. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data. The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

In a possible implementation manner of the fifth aspect, the first parameter includes a first secret key, and/or, the second parameter includes a second secret key.

In a sixth aspect, a communication device is provided. The communication device may be a network device, and one PDCP in the protocol stack of the communication device is associated with one or more RLC entities. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The communication device includes:

The processing unit is configured to perform first security processing on the first data. The processing unit is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode At least one of the unicast and multicast transmission modes is a transmission mode using unicast and multicast for transmission.

The transceiver unit is configured to use the unicast transmission mode to send the first data after the first security processing when the first transmission mode is a unicast transmission mode. The transceiver unit is further configured to use the multicast transmission mode to send the first data after the first security processing when the first transmission mode is a multicast transmission mode.

The transceiver unit is further configured to use the unicast transmission mode to send the first data after the first security processing, and use the multicast transmission mode to send the first data. Three data, the third data is obtained by copying the first data after the first security processing.

A sixth aspect provides a communication device, which associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include the RLC entity corresponding to the unicast transmission mode and the RLC entity corresponding to the multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. In addition, the security processing methods corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device first processes the data securely, and then sends the securely processed data according to the unused transmission mode of the data. Improve the security of data transmission. It can realize the data security processing process in the same bearer, meet the security requirements of data under different transmission modes, and improve communication efficiency.

In a possible implementation of the sixth aspect, the first security processing includes encrypting and/or integrity protection using the first parameter and/or the first algorithm; or, the first security processing is not performing security deal with.

In a possible implementation manner of the sixth aspect, the first parameter includes a first secret key.

In a seventh aspect, a communication device is provided, the device includes at least one processor and a memory, and the at least one processor is configured to execute the above first aspect or the method in any possible implementation manner of the first aspect.

In an eighth aspect, a communication device is provided, the device includes at least one processor and a memory, and the at least one processor is configured to execute the above first aspect to the third aspect, or any possible one of the first aspect to the third aspect The method in the implementation mode.

In a ninth aspect, a communication device is provided, which includes at least one processor and an interface circuit, and the at least one processor is configured to execute the above first aspect or the method in any possible implementation of the first aspect.

In a tenth aspect, a communication device is provided. The device includes at least one processor and an interface circuit. The at least one processor is configured to execute the first aspect to the third aspect, or any of the first aspect to the third aspect. The method in the implementation.

In an eleventh aspect, a terminal device is provided. The terminal device includes the communication device provided in the foregoing fourth aspect, or the terminal device includes the communication device provided in the foregoing seventh aspect, or the terminal device includes the foregoing ninth aspect The provided communication device.

In a twelfth aspect, a network device is provided, the network device includes the communication device provided in the fourth aspect to the sixth aspect, or the network device includes the communication device provided in the eighth aspect, or the network device includes The communication device provided by the above tenth aspect.

In a thirteenth aspect, a computer program product is provided. The computer program product includes a computer program. When the computer program is executed by a processor, it is used to execute the method in any possible implementation manner of the first aspect to the third aspect , Or execute the method in any possible implementation manner of the first aspect to the third aspect.

In a fourteenth aspect, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program. When the computer program is executed, it is used to execute the first aspect to the third aspect, or the first to the third aspect. The method in any possible implementation of the third aspect.

In a fifteenth aspect, a communication system is provided. The communication system includes the aforementioned terminal device and network device.

In a sixteenth aspect, a chip is provided. The chip includes a processor for calling and running a computer program from a memory, so that a communication device installed with the chip executes the first aspect to the third aspect, or the first aspect To the method in any possible implementation manner of the third aspect, or execute the second aspect or the method in any possible implementation manner of the second aspect.

According to a seventeenth aspect, a method for acquiring system information is provided. The method includes: a terminal device receives first indication information from a network device, where the first indication information is used to indicate an OSI update of other system information, and the OSI includes at least one System information block SIB; the first indication information includes the content version valueTag of at least one SIB; the terminal device determines the SIB that needs to be updated.

In a possible implementation manner, the first indication information includes the valueTags of all SIBs in the OSI.

In a possible implementation manner, the first indication information includes the valueTag of a part of the SIB in the OSI.

In a possible implementation manner, the terminal device sends a request message to the network device, and the request message is used to request the SIB that needs to be updated.

The method may be executed by a first communication device, and the first communication device may be a communication device or a communication device capable of supporting the communication device to implement the functions required by the method, such as a chip system. Exemplarily, the communication device is a terminal device.

In an eighteenth aspect, a method for sending system information is provided. The method includes: a network device sends first indication information to a terminal device, where the first indication information is used to indicate an OSI update of other system information, and the OSI includes at least One system information block SIB; the first indication information includes the content version valueTag of at least one SIB;

In a possible implementation manner, the first indication information includes the valueTags of all SIBs in the OSI.

In a possible implementation manner, the first indication information includes the valueTag of a part of the SIB in the OSI.

In a possible implementation manner, the network device receives a request message from the terminal device, and the request message is used to request the SIB that needs to be updated.

The method may be executed by a second communication device, and the second communication device may be a terminal or a communication device capable of supporting the terminal to implement the functions required by the method, and of course it may also be another communication device, such as a chip system. Here, the second communication device is a network device as an example.

In a nineteenth aspect, an embodiment of the present application provides a communication device, including a transceiver unit and a processing unit, wherein:

The transceiver unit is configured to receive first indication information from a network device, the first indication information is used to indicate other system information OSI updates, the OSI includes at least one system information block SIB; the first indication information includes at least The content version valueTag of a SIB;

The processing unit is used to determine the SIB that needs to be updated;

In a possible implementation manner, the transceiver unit is further configured to send a request message to the network device, where the request message is used to request the SIB that needs to be updated.

In a twentieth aspect, an embodiment of the present application provides a communication device, including a transceiver unit, wherein:

The transceiver unit is configured to send first indication information to the terminal device, the first indication information is used to indicate other system information OSI update, the OSI includes at least one system information block SIB; the first indication information includes at least one SIB content version valueTag.

In a possible implementation manner, the first indication information includes the valueTags of all SIBs in the OSI.

In a possible implementation manner, the first indication information includes the valueTag of a part of the SIB in the OSI.

In a possible implementation manner, the transceiver unit is further configured to receive a request message from the terminal device, and the request message is used to request the SIB that needs to be updated.

In a twenty-first aspect, a communication device is provided, the device includes at least one processor and a memory, and the at least one processor is configured to execute the above seventeenth aspect or the method in any possible implementation manner of the seventeenth aspect.

In a twenty-second aspect, a communication device is provided, the device includes at least one processor and a memory, and the at least one processor is configured to execute the eighteenth aspect above, or any of the possible implementation manners in the eighteenth aspect method.

In a twenty-third aspect, a communication device is provided, the device includes at least one processor and an interface circuit, the at least one processor is configured to execute the above seventeenth aspect or the method in any possible implementation of the seventeenth aspect .

In a twenty-fourth aspect, a communication device is provided, the device includes at least one processor and an interface circuit, and the at least one processor is configured to execute the eighteenth aspect above, or any possible implementation of the eighteenth aspect Methods.

In a twenty-fifth aspect, a terminal device is provided, the terminal device includes the communication device provided in the nineteenth aspect, or the terminal device includes the communication device provided in the twenty-first aspect, or the terminal device includes The communication device provided in the above twenty-third aspect.

In a twenty-sixth aspect, a network device is provided, the network device includes the communication device provided in the aforementioned twentieth aspect, or the network device includes the communication device provided in the aforementioned twenty-second aspect, or the network device includes The communication device provided in the above twenty-fourth aspect.

In a twenty-seventh aspect, a computer program product is provided. The computer program product includes a computer program. When the computer program is executed by a processor, the computer program is used to execute the seventeenth aspect to the eighteenth aspect, or the seventeenth aspect To any possible implementation of the eighteenth aspect.

In a twenty-eighth aspect, a computer-readable storage medium is provided, and the computer-readable storage medium stores a computer program. When the computer program is executed, it is used to execute the seventeenth to eighteenth aspects, or The method in any possible implementation from the seventeenth aspect to the eighteenth aspect.

In a twenty-ninth aspect, a communication system is provided, and the communication system includes the aforementioned terminal device and network device.

In a thirtieth aspect, a chip is provided, the chip includes: a processor, configured to call and run a computer program from a memory, so that a communication device installed with the chip executes the seventeenth to eighteenth aspects, or the first aspect The method in any possible implementation from the seventeenth aspect to the eighteenth aspect.

The embodiment of the present application provides a method for data security processing. For the same radio bearer, one or more RLC entities are associated by configuring one PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. Moreover, after judging the transmission mode adopted for the data in the same radio bearer, corresponding security processing is performed on the data according to different transmission modes. On the one hand, the security of data transmission is improved. On the other hand, by implementing different security processing procedures in the same bearer, the respective security requirements of data under different transmission modes can be met, and the flexibility of security processing can be improved.

Description of the drawings

Figure 1 is a schematic diagram of data transmission at each layer of the protocol stack.

Figure 2 is a schematic diagram of the protocol stack structure when the network device and the terminal device use the multicast transmission mode to transmit data.

FIG. 3 is a schematic diagram of an example of the architecture of a mobile communication system applicable to an embodiment of the present application.

FIG. 4 is a schematic interaction diagram of an example of a method for data security processing provided by an embodiment of the present application.

[Corrected according to Rule 91 24.10.2019]

[Corrected according to Rule 91 24.10.2019]

FIG. 5 is a schematic diagram of an example of the protocol stack architecture of the first device according to an embodiment of the present application.

FIG. 6 is a schematic diagram of another example of the protocol stack architecture of the first device according to an embodiment of the present application.

FIG. 7 is a schematic diagram of an example of the protocol stack architecture of a second device provided by an embodiment of the present application.

FIG. 8 is a schematic diagram of another example of the protocol stack architecture of the second device provided by an embodiment of the present application.

FIG. 9 is a schematic diagram of an example of a first device sending first data to a second device according to an embodiment of the present application.

FIG. 10 is a schematic diagram of another example of a first device sending first data to a second device according to an embodiment of the present application.

FIG. 11 is a schematic interaction diagram of another example of a method for data security processing provided by an embodiment of the present application.

FIG. 12 is a schematic interaction diagram of another example of a method for data security processing provided by an embodiment of the present application.

FIG. 13 is a schematic diagram of an example protocol stack structure provided by an embodiment of the present application.

FIG. 14 is a schematic diagram of another example protocol stack structure provided by an embodiment of the present application.

FIG. 15 is a schematic diagram of another example protocol stack structure provided by an embodiment of the present application.

FIG. 16 is a schematic block diagram of an example of a communication device provided by an embodiment of the present application.

FIG. 17 is a schematic block diagram of another example of a communication device according to an embodiment of the present application.

FIG. 18 is a schematic block diagram of an example of a communication device provided by an embodiment of the present application.

FIG. 19 is a schematic block diagram of another example of a communication device according to an embodiment of the present application.

FIG. 20 is a schematic block diagram of a communication device provided by an embodiment of the present application.

FIG. 21 is a schematic block diagram of another example of a communication device according to an embodiment of the present application.

FIG. 22 is a schematic block diagram of a terminal device provided by an embodiment of the present application.

FIG. 23 is a schematic block diagram of another example of a terminal device according to an embodiment of the present application.

FIG. 24 is a schematic block diagram of a network device provided by an embodiment of the present application.

FIG. 25 is a schematic block diagram of a BWP provided by an embodiment of the present application.

FIG. 26 is a schematic interaction diagram of a method for acquiring system information provided by an embodiment of the present application.

detailed description

The technical solution in this application will be described below in conjunction with the accompanying drawings.

The technical solutions of the embodiments of this application can be applied to various communication systems, such as: Global System of Mobile Communication (GSM) system, Code Division Multiple Access (CDMA) system, and Wideband Code Division Multiple Access (Wideband Code Division Multiple Access, WCDMA) system, General Packet Radio Service (GPRS), Long Term Evolution (LTE) system, LTE Frequency Division Duplex (FDD) system, LTE Time Division Duplex (TDD), Universal Mobile Telecommunication System (UMTS), Worldwide Interoperability for Microwave Access (WiMAX) communication system, the future 5th Generation (5th Generation, 5G) system or New Radio (NR), etc.

In addition, various aspects or features of the present application can be implemented as methods, devices, or products using standard programming and/or engineering techniques. The term "article of manufacture" used in this application encompasses a computer program accessible from any computer-readable device, carrier, or medium. For example, computer-readable media may include, but are not limited to: magnetic storage devices (for example, hard disks, floppy disks, or tapes, etc.), optical disks (for example, compact discs (CD), digital versatile discs (DVD)) Etc.), smart cards and flash memory devices (for example, erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.). In addition, various storage media described herein may represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.

In order to facilitate the understanding of the embodiments of the present application, some terms of the embodiments of the present application are explained below to facilitate the understanding of those skilled in the art.

1) Network equipment, a device capable of providing random access for terminal equipment or a chip that can be installed in the device, including but not limited to: evolved Node B (evolved Node B, eNB), radio network controller (radio network controller, RNC), node B (Node B, NB), base station controller (BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved NodeB, or home Node B, HNB), baseband unit (BBU), access point (AP), wireless relay node, wireless backhaul node, transmission point ( transmission and reception point, TRP or transmission point, TP, etc., and can also be 5G, such as NR, gNB in the system, or transmission point (TRP or TP), one or a group of base stations in the 5G system (including Multiple antenna panels) Antenna panels, or, may also be network nodes that constitute a gNB or transmission point, such as a baseband unit (BBU), or a distributed unit (DU, distributed unit).

2) Terminal, also known as user equipment (UE), mobile station (MS), mobile terminal (MT), etc., is a way to provide users with voice and/or data connectivity device of. For example, terminal devices include handheld devices with wireless connection functions, vehicle-mounted devices, and so on. At present, terminal devices can be: mobile phones (mobile phones), tablets, notebook computers, handheld computers, mobile Internet devices (MID), wearable devices, virtual reality (VR) devices, augmented reality ( augmented reality (AR) equipment, industrial control (industrial control) wireless terminals, unmanned driving (self-driving) wireless terminals, remote medical surgery (remote medical surgery) wireless terminals, smart grid (smart grid) Wireless terminals, wireless terminals in transportation safety, wireless terminals in smart cities, or wireless terminals in smart homes, etc.

3) Multicast (multicast) transmission technology, or it can also be called multimedia broadcast multicast service (MBMS) technology, or it can also be called multicast transmission method, which refers to a certain service passing through network equipment Technology of sending data to multiple terminal devices at the same time. When using multicast technology for transmission, a network device (such as a base station) sends the same data, and multiple terminal devices receive it at the same time. Currently, multicast transmission technologies are mainly divided into two types: multimedia broadcast multicast single frequency network service (multimedia broadcast multicast service single frequency network, MBSFN) and single cell point to multipoint service (single cell point to multipoint, SC-PTM). Among them, the MBSFN mode means that multiple cells (such as multiple base stations) that are synchronized with each other in the MBSFN area transmit the same information to multiple terminal devices at the same time. From the perspective of the terminal device, the received data is a single superimposed data. The strength of the received signal can be improved, and the interference between cells can be eliminated at the same time. The SC-PTM mode means that the MBMS service is only transmitted through one cell (for example, a base station), and a network device performs group scheduling on multiple terminal devices at the same time.

4). Sending by multicast transmission means: when a device sends the transport block (TB) corresponding to the protocol data unit (protocol data unit, PDU), the packet radio network temporary identification (group radio) is used. network temporary identifier, G-RNTI) scrambles the PDU, or scrambles the downlink control information (DCI) corresponding to the PDU, and at the same time, one or more devices perform scrambling on the same PDU according to the same G-RNTI Receiving; or using multicast to transmit PDUs can mean telling multiple devices the location of the same PDU in a semi-static manner, and multiple devices can receive the PDU at the same time; or using multicast to transmit PDUs can mean that the PDU is It is transmitted in the radio bearer established by multicast transmission or in a channel specially designed for multicast.

Receiving in a multicast transmission mode means that when sending in a multicast mode, one of the multiple receiving devices receives the PDU according to the G-RNTI; or one of the multiple receiving devices receives the PDU according to the G-RNTI; The radio bearer established by the transmission receives or receives PDUs on the channel used for multicast transmission.

In this application, multicast is a specific method of multicast, therefore, multicast may also be referred to as multicast.

The multicast transmission method may include sending and receiving in a multicast manner.

5). Sending by unicast transmission means: when a device sends the TB corresponding to the PDU, it uses the cell network temporary identifier (C-RNTI) to scramble the PDU, or to The DCI corresponding to the PDU is scrambled, and only one device receives the same PDU according to the C-RNTI; or the unicast transmission of the PDU can mean that the PDU is transmitted in a radio bearer established for unicast transmission or in a dedicated unicast transmission. It is transmitted in the channel designed for broadcasting.

Reception by unicast transmission means that when unicast transmission is used, the one receiving device receives the PDU according to the C-RNTI; or the one device receives the PDU through the radio bearer established for unicast transmission or is used for unicast transmission. Receiving on the channel of broadcast transmission.

Unicast transmission methods can include unicast transmission and unicast reception.

6) Sending and receiving by means of broadcast transmission means that a certain device sends the TB corresponding to the PDU on the broadcast channel, and all receiving devices can receive the PDU on the broadcast channel.

Between the network equipment and the terminal equipment, the MBMS service can be sent to the terminal equipment in a unicast transmission mode by establishing a dedicated radio bearer for the terminal equipment, or it can be sent to the terminal equipment in a multicast transmission mode by establishing a dedicated MBMS radio bearer. Terminal Equipment. When there are multiple terminal devices that need to receive a certain MBMS service, if it is sent in unicast transmission mode, a dedicated radio bearer needs to be established for a large number of terminal devices, which consumes a lot of resources; if it is sent in multicast transmission mode, For the UE, only the MBMS dedicated multicast radio bearer needs to be established, and all terminal devices interested in the service can receive the MBMS service. When multiple terminal devices are interested in the same service, the network device can send to multiple terminal devices through multicast transmission, which can save network resources. The radio bearer can be understood as a data transmission channel, which can include a PDCP (layer) entity and an RLC (layer) entity. When data is transmitted in the radio bearer, it needs to be processed by the corresponding PDCP entity and RLC entity. A terminal device may establish multiple radio bearers for different data services. For example, the data in the multicast radio bearer is sent through multicast transmission, and the data in the unicast radio bearer is sent through unicast transmission. The data in the radio bearer can be sent using a variety of transmission methods, including but not limited to unicast transmission, multicast transmission, and simultaneous unicast and multicast transmission. The different transmission modes can be switched. Unless otherwise specified, the technical solutions of this application are all for the same radio bearer.

Devices that communicate with each other (such as network devices and terminal devices) have a certain protocol stack structure. For example, the control plane protocol stack structure may include the functions of the RRC layer, the PDCP layer, the RLC layer, the MAC layer, and the physical layer. The user plane protocol stack structure may include the functions of the PDCP layer, the RLC layer, the MAC layer, and the physical layer. Among them, the physical layer is located at the lowest layer (layer one), the MAC layer, RLC, and PDCP belong to the middle layer (layer two), and the RRC belongs to the higher layer (layer three). In one implementation, above the PDCP layer and below the RRC layer, a service data adaptation protocol (SDAP) layer may also be included.

The functions of these protocol layers can be implemented by one node or multiple nodes; for example, in an evolution structure, the radio access network device can include a centralized unit (CU) and a distributed unit (CU). DU), multiple DUs can communicate with one CU. The CU and the DU each have a part of the wireless communication protocol stack structure. For example, the functions of the PDCP layer and the above protocol layers are set in the CU, and the protocol layers below the PDCP, for example, the functions of the RLC layer and the MAC layer are set in the DU.

It should be understood that this division of protocol layers is just an example, and it can also be divided in other protocol layers, for example, in the RLC layer. The functions of the RLC layer and above protocol layers are set in the CU, and the protocol layers below the RLC layer The functions are set in the DU; or, divided in a certain protocol layer, for example, part of the functions of the RLC layer and the functions of the protocol layer above the RLC layer are set in the CU, and the remaining functions of the RLC layer and the functions of the protocol layer below the RLC layer Set in DU. In addition, it can also be divided in other ways, for example, by time delay. The functions that need to meet the delay requirement for processing time are set in the DU, and the functions that do not need to meet the delay requirement are set in the CU.

When network equipment and terminal equipment perform data transmission, the upstream data transmission is taken as an example, as shown in Fig. 1, which is a schematic diagram of data transmission at each layer of the protocol stack. The data first goes to the PDCP layer of the terminal device, and is processed by the PDCP layer and then transmitted to the RLC layer and the MAC layer. After the RLC layer and the MAC layer are processed, they are sent to the network device through the physical layer. When a network device receives data, the protocol layers that it passes through in sequence are the physical layer, the MAC layer, the RLC layer, and the PDCP layer. The data in each radio bearer needs to be processed by various layers. Each layer has corresponding functional entities to perform corresponding functions, for example, the PDCP layer corresponds to the PDCP entity, the RLC layer corresponds to the RLC entity, and the MAC layer corresponds to the MAC entity. Among them, each radio bearer includes one or more PDCP entities and one or more RLC entities, and each RLC entity corresponds to a logical channel. One MAC entity corresponds to multiple logical channels, and data in different logical channels can be multiplexed at the MAC layer, for example, multiplexed into the same MAC PDU at the MAC layer, and finally sent out through the physical layer. The transmission process of downlink data is similar.

For the data in the traditional unicast radio bearer, when passing through the PDCP layer, the PDCP entity will fully process the data. Related security processing includes at least encryption/decryption and integrity protection/integrity verification processes. The device that sends the data in the unicast radio bearer and the device that receives the data in the unicast radio bearer perform security processing on the unicast radio bearer at the PDCP layer. For the device that sends the unicast radio bearer (such as network equipment), the data packet is encrypted and/or integrity protected, and the device that receives the data in the unicast radio bearer (such as the terminal device) decrypts the data packet accordingly And/or integrity verification.

Among them, the encryption process is: the sender device uses the key and other parameters to convert the data into ciphertext through an operation through an encryption algorithm. The decryption process is: the receiving end device uses the key and other parameters to transform the ciphertext into data through the inverse operation through the corresponding decryption algorithm.

The process of integrity protection is: the sender device calculates a parameter A through the integrity protection algorithm according to parameters such as data packets and keys, and notifies the receiver device of the parameter A. The integrity verification process is: the receiving end device calculates a parameter B through the integrity verification algorithm according to parameters such as the data packet and the key. If the parameters A and B are consistent, the integrity verification passes.

At present, for the data in the traditional multicast wireless bearer or when the network equipment and the terminal equipment use the multicast transmission method to transmit data, as shown in Figure 2, Figure 2 is the use of multicast transmission between the network equipment and the terminal equipment. Schematic diagram of the protocol stack structure when transmitting data in a way. It can be seen that there is no PDCP layer in the protocol stack. Therefore, in traditional transmission, the multicast data does not pass through the PDCP layer, and neither the network equipment nor the terminal equipment will transmit the data in the multicast radio bearer or the data transmitted by the multicast transmission method. Proceed to safe handling.

The multicast data packet passes directly through the RLC layer and the MAC layer of the network device, and is finally sent out through the physical layer. Multiple terminal devices (for example, terminal device 1 and terminal device 2) receive the multicast data, and send them to a higher layer through the processing of the physical layer, the MAC layer, and the RLC layer in sequence.

For the data in the traditional multicast radio bearer or the data sent by the multicast transmission method, the network equipment and terminal equipment do not carry out the security processing process, which may cause security problems during the transmission of the multicast data, resulting in the multicast transmission. The data is tampered with or tapped, which affects the user experience.

In view of this, this application provides a data transmission method, which associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. Moreover, after judging the transmission mode adopted for the data in the same radio bearer, corresponding security processing is performed on the data according to different transmission modes. On the one hand, the security of data transmission is improved. On the other hand, by implementing different security processing procedures in the same bearer, the respective security requirements of data under different transmission modes can be met, and the flexibility of security processing can be improved.

In order to facilitate the understanding of the embodiments of the present application, firstly, a communication system suitable for the embodiments of the present application is briefly introduced with reference to FIG.

Fig. 3 is a schematic diagram of a communication system suitable for an embodiment of the present application. As shown in FIG. 3, the mobile communication system 100 may include at least one wireless access network device 110 and at least one terminal device ( terminal devices 120, 130, 140, 150, 160 as shown in FIG. 3). The terminal device is connected to the wireless access network device in a wireless manner, and the wireless access network device may be the aforementioned network device. At least one terminal device can send uplink data or information to the wireless access network device, and the wireless access network device 110 can also send downlink data or information to at least one terminal device. In the process of sending the downlink data or information to at least one terminal device, the data provided in this application can be used for safe processing. method. In addition, multiple terminal devices may also form a communication system. For example, the terminal devices 140, 150, and 160 may form a communication system. For example, the terminal device 140 may also use the data security processing method provided in this application in the process of sending data or information to the terminal device 150 and/or 160. The terminal equipment and the wireless access network equipment can transmit uplink and downlink data and information related to the URLLC service.

Should be understood. FIG. 3 is only a schematic diagram, and the communication system may also include other network devices and/or terminal devices, which are not shown in FIG. 3. The embodiments of the present application do not limit the number of wireless access network devices and terminals included in the mobile communication system. In the mobile communication system 100, the wireless access network device 110 may be the aforementioned network device. In addition, the communication between network equipment and terminal equipment follows a certain protocol stack structure. The network equipment can be an integrated gNB, or it can include CU and DU. CU and DU can be set separately or centrally. The embodiments of the application are not limited here.

The following describes in detail the data security processing method provided by the present application with reference to FIG. 4. FIG. 4 is a schematic flowchart of a data security processing method 200 according to an embodiment of the present application. The method 200 can be applied in the scenario shown in FIG. 3 , For example, in a scenario where multicast transmission is used and/or unicast transmission is used. The embodiments of the application are not limited here.

It should be understood that, in the following description, the first device and the second device are used as an example to execute the method of each embodiment to describe the method of each embodiment. The first device may be the aforementioned access network device, and the second device may be the aforementioned terminal device. As an example and not a limitation, the execution subject of the method may also be a chip applied to the first device and the second device.

As shown in FIG. 4, the method 200 shown in FIG. 4 may include step S210 to step S250. Hereinafter, each step in the method 200 will be described in detail with reference to FIG. 4. The method 200 includes:

S210. The first device determines a first transmission mode of the first data. The first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and a multicast transmission mode. The transmission method is a transmission method that uses unicast and multicast.

S220: The first device determines a secure processing mode for the first data according to the first transmission mode.

S230: The first device sends the securely processed first data to the second device according to the first transmission mode. Correspondingly, the second device receives the data sent by the first device.

S240: The second device determines a first transmission mode of the received data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast transmission mode and a multicast transmission mode.

S250: The second device determines a safe processing mode for the received data according to the first transmission mode.

Specifically, in the embodiment of the present application, one PDCP entity (referred to as the “first PDCP entity” hereinafter) in the protocol stack of the first device is associated with one or more RLC entities. The association of one or more RLC entities with the first PDCP entity can be understood to mean that the first PDCP entity and one or more RLC entities belong to the same radio bearer, or the configuration of the first PDCP entity and the configuration of one or more RLC entities include The identifiers (identify, ID) are the same, and the identifier may be a radio bearer identifier. Among them, one RLC entity corresponds to one logical channel. In the description of the embodiments of this application, "RLC entity" and "logical channel" can be regarded as equivalent concepts and can be replaced with each other. For example, it can also be described as a PDCP entity associated with one or more logical channels, or the first PDCP The configuration of the entity is the same as the ID contained in the configuration of the one or more logical channels. Other descriptions used for RLC entities are also applicable to the concept of logical channels; in addition, the concept of logical channels can also be considered as including the concept of RLC entities, or logical channels can be considered as interfaces or channels connecting RLC entities to MAC entities. The transmission mode of an RLC entity is unicast transmission or multicast transmission.

For the convenience of description, in this embodiment of the present application, the multiple RLC entities associated with the first PDCP in the first device may include a first RLC entity and a second RLC entity. Among them, the first RLC entity corresponds to a unicast transmission mode, and the second RLC entity corresponds to a multicast transmission mode. The unicast transmission mode corresponding to the first RLC entity can be understood as the data in the first RLC entity will be sent using the unicast transmission mode. The second RLC entity corresponding to the multicast transmission mode can be understood as the data in the second RLC entity will be sent using the multicast transmission mode. The unicast transmission mode corresponding to the first RLC entity may also be referred to as the type of the first RLC entity being the unicast type, or the type of the logical channel corresponding to the first RLC entity is the unicast logical channel type. Wherein, the unicast type of RLC entity can be understood as the data in the first RLC entity is sent in unicast mode, and the unicast logical channel type can be understood as the data in the logical channel corresponding to the first RLC entity is sent in unicast mode. FIG. 5 is a schematic diagram of an example of the protocol stack architecture of the first device according to an embodiment of the present application. As shown in FIG. 5, the first PDCP entity of the first device is associated with three RLC entities, where the first RLC entity and the third RLC entity are of unicast type, and the second RLC entity is of multicast type. The arrow direction in FIG. 5 is the direction of data transmission when the first device sends data.

For the convenience of description, in this embodiment of the present application, an RLC entity associated with the first PDCP in the first device may be referred to as a third RLC entity. Among them, the third RLC entity corresponds to a unicast transmission mode, or the third RLC entity corresponds to a multicast transmission mode. That is, the third RLC entity uses a time division method for data transmission, adopts a unicast transmission method at some times, and uses a multicast transmission method at other times. That is, for the third RLC entity, only a unicast transmission mode or a multicast transmission mode can be used at a certain moment. FIG. 6 is a schematic diagram of an example of the protocol stack architecture of the first device according to an embodiment of the present application. As shown in FIG. 6, the first PDCP entity of the first device is associated with one RLC entity (third RLC entity). The direction of the arrow in FIG. 6 is the direction of data transmission when the first device sends data.

Similar to the first device, one PDCP entity in the protocol stack of the second device (referred to as "second PDCP entity" hereinafter) is associated with one or more RLC entities. For the convenience of description, in this embodiment of the present application, multiple RLC entities associated with the second PDCP in the second device include a fourth RLC entity and a fifth RLC entity. Among them, the fourth RLC entity corresponds to a unicast transmission mode, and the fifth RLC entity corresponds to a multicast transmission mode. The unicast transmission mode corresponding to the fourth RLC entity can be understood as the data received in the fourth RLC entity is received in unicast mode, or the data received in the logical channel corresponding to the fourth RLC entity is received in unicast mode That is, the physical layer entity and the MAC layer entity in the second device need to deliver the data received in the unicast transmission mode to the fourth RLC entity. The fifth RLC entity corresponding to the multicast transmission mode can be understood as the data received in the fifth RLC entity is received in the multicast mode, or the data received in the logical channel corresponding to the fifth RLC entity is received in the multicast mode That is, the physical layer entity and the MAC layer entity in the second device need to deliver the data received in the multicast transmission mode to the fifth RLC entity. FIG. 7 is a schematic diagram of an example of the protocol stack architecture of a second device provided by an embodiment of the present application. As shown in FIG. 7, the second PDCP entity of the second device is associated with three RLC entities, where the first RLC entity and the third RLC entity are of unicast type, and the second RLC entity is of multicast type. The direction of the arrow in FIG. 7 is the direction of data transmission when the second device receives data.

For the convenience of description, in this embodiment of the present application, an RLC entity associated with the second PDCP in the second device may be referred to as a sixth RLC entity. The sixth RLC entity corresponds to a unicast transmission mode, or the sixth RLC entity corresponds to a multicast transmission mode. That is, the sixth RLC entity adopts a time division method, adopts a unicast transmission method at some times, and adopts a multicast transmission method at other times. FIG. 8 is a schematic diagram of an example of the protocol stack architecture of a second device provided by an embodiment of the present application. As shown in FIG. 8, the second PDCP entity of the second device is associated with one RLC entity (sixth RLC entity). The sixth RLC entity corresponds to a unicast transmission mode, or the sixth RLC entity corresponds to a multicast transmission mode. The direction of the arrow in FIG. 8 is the direction of data transmission when the second device receives data.

It should be understood that there may be only one first RLC entity, or there may be multiple first RLC entities. Similarly, the number of the second RLC entity, the fourth RLC entity, and the fifth RLC entity may also be one or more.

It should also be understood that FIG. 5 to FIG. 8 are only exemplary, and should not limit the number of RLC entities and the number of unicast RLC entities in the embodiments of the present application, nor should it impose restrictions on the number of RLC entities in the first device and the second device. The protocol stack structure imposes any restrictions.

In S210, when the first device has data (take the first data as an example) to send to the second device, the first device can determine the first transmission mode of the first data, the first transmission mode is unicast transmission, A multicast transmission method, or at least one of unicast and multicast transmission methods. Optionally, if the access network equipment adopts the CU and DU separate setting mode, the first device in the method 200 may be the CU. It is assumed that which transmission mode is adopted is determined by the PDCP layer (or CU) of the first device. For example, the PDCP layer of the first device may determine or determine the first transmission mode of the first data. That is, the PDCP layer (CU) determines the first transmission mode of the first data in unicast transmission mode, multicast transmission mode, unicast and multicast transmission mode.

The three data transmission methods are described below.

The first type: unicast transmission mode (or can be called only unicast transmission mode). In the case where the first PDCP and the second PDCP are associated with multiple RLC entities, that is, the data of the first PDCP entity is only delivered to the first RLC entity, and the data in the logical channel corresponding to the first RLC entity is sent to The second device receives. Specifically, after the data is packaged at the MAC layer, it is delivered to the physical layer, and the radio network temporary identity (RNTI) corresponding to the first RLC entity, such as C-RNTI, is scrambled and sent to the physical layer at the physical layer. The second device. The second device receives according to the allocated or predefined RNTI corresponding to the first RLC entity or used to receive unicast data, and delivers the received unicast transmission mode data to the fourth RLC entity.

In the case where the first PDCP and the second PDCP are respectively associated with only one RLC entity, that is, the data of the first PDCP entity is delivered to the third RLC entity, and the data in the logical channel corresponding to the third RLC entity is sent to the third RLC entity in unicast mode. Two devices receive. The second device receives according to the allocated or predefined C-RNTI corresponding to the third RLC entity or used to receive unicast data, and delivers the received unicast transmission mode data to the sixth RLC entity.

The second type: multicast transmission mode (or it can be called only using multicast transmission mode). In the case where both the first PDCP and the second PDCP are associated with multiple RLC entities, that is, the data of the first PDCP entity is only delivered to the second RLC entity. The data in the logical channel corresponding to the second RLC entity is sent to multiple devices for reception in a multicast manner, and the multiple devices include the second device. Specifically, after the data is packaged at the MAC layer, it is delivered to the physical layer, and the physical layer is scrambled by the RNTI corresponding to the second RLC entity, such as G-RNTI, and sent to multiple devices for reception. The second device receives according to the allocated or predefined RNTI corresponding to the second RLC entity or used to receive the multicast data, and delivers the received data in the multicast transmission mode to the fifth RLC entity.

In the case where the first PDCP and the second PDCP are respectively associated with only one RLC entity, that is, the data of the first PDCP entity is submitted to the third RLC entity and the data in the logical channel corresponding to the third RLC entity is sent to multiple devices to receive by multicast, the The plurality of devices includes the second device. Specifically, after the data is packaged at the MAC layer, it is delivered to the physical layer, and the physical layer is scrambled by the RNTI corresponding to the third RLC entity and sent to multiple devices for reception. The second device receives according to the allocated or predefined RNTI corresponding to the third RLC entity or used to receive the multicast data, and delivers the received data in the multicast transmission mode to the sixth RLC entity.

The third type: unicast and multicast transmission methods (or called unicast and multicast simultaneous transmission methods). Unicast and multicast transmission methods are transmission methods that use unicast and multicast for transmission. Unicast and multicast transmission modes exist in scenarios where both the first PDCP and the second PDCP are associated with multiple RLC entities. That is, the data of the first PDCP entity is delivered to the first RLC entity and the second RLC entity. The data in the logical channel corresponding to the first RLC entity is sent to the second device in unicast mode, and the data in the logical channel corresponding to the second RLC entity is sent to multiple devices in multicast mode, and the multiple devices include the first RLC entity. Two devices. Specifically, when the data in the logical channels corresponding to the first RLC entity and the second RLC entity are packaged in the MAC layer, they will not be multiplexed into the same data packet, because different processing needs to be done subsequently. After the data in the unicast logical channel is processed by the MAC layer and delivered to the physical layer, the data in the physical layer is scrambled and sent through the RNTI corresponding to the first RLC entity. After the data in the multicast logical channel is processed by the MAC layer and delivered to the physical layer, the physical layer is scrambled and sent through the RNTI corresponding to the second RLC entity. The second device may respectively receive according to the allocated or predefined RNTI corresponding to the first RLC entity and the second RLC entity, and deliver the received multicast transmission data to the fifth RLC entity, and transfer the received data to the fifth RLC entity. The data in the unicast transmission mode is delivered to the fourth RLC entity.

It should be understood that in the embodiments of the present application, the above three transmission modes are all for the same radio bearer, which can be understood as one radio bearer supporting different transmission modes and can be switched between different transmission modes. This radio bearer can be an existing radio bearer or a new type of radio bearer, that is, the first PDCP entity and one or more RLC entities associated with the first PDCP entity belong to the same radio bearer (assumed to be The first radio bearer), or the second PDCP entity, one or more RLC entities associated with the second PDCP entity belong to the same radio bearer (assumed to be the first radio bearer) or the first PDCP entity is associated with the first PDCP entity One or more RLC entities belonging to the same radio bearer, and the second PDCP entity and one or more RLC entities associated with the second PDCP entity belong to the same radio bearer (assumed to be the first radio bearer). Alternatively, the configuration information of the first radio bearer includes or is associated with the configuration information of the first PDCP entity and the configuration information of the RLC entity associated with the first PDCP entity, and the configuration information of the first radio bearer is associated with the configuration information of the second PDCP entity And the configuration information of the RLC entity associated with the second PDCP entity is also associated. The association may be that the configuration information includes the same identification information, and the identification information may be a radio bearer identification.

In S220, after determining the first transmission mode of the first data, the first device determines a secure processing mode for the first data according to the first transmission mode. Among them, the security processing methods corresponding to different data transmission methods are different or the same. That is to say, there is a corresponding relationship between the data transmission method and the safe processing method. The corresponding relationship may be pre-configured or predetermined by agreement. Wherein, the security processing method for the first data by the first device includes: a first security processing corresponding to a unicast transmission mode, and a second security processing corresponding to a multicast transmission mode. The first security processing may include using the first parameter and/or the first algorithm to encrypt and/or integrity protection of the first data, or the first security processing may also be no security processing. The second security processing may include using the second parameter and/or the second algorithm to encrypt and/or integrity protection of the first data, or the second security processing may also be no security processing. It should be understood that the security processing method may also include other methods. This application is not restricted here.

It should be understood that in the embodiments of the present application, not performing security processing may mean not performing encryption and/or integrity protection on the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

The first device determines the first transmission mode of the first data, and performs corresponding security processing on the first data in the PDCP layer entity.

If the first transmission mode is unicast and multicast transmission, the first device will copy the first data to obtain the second data at the PDCP layer entity. The PDCP layer entity performs first security processing on the first data, and performs second security processing on the second data.

In S230, the first device sends the first data after corresponding security processing to the second device according to the first transmission mode of the first data. Correspondingly, the second device receives the data sent by the first device after corresponding security processing.

Specifically, after performing corresponding security processing on the first data in the first PDCP entity, the first device submits the securely processed first data to the corresponding RLC entity according to the first transmission mode of the first data. The entity is sent to the second device.

If the first transmission mode is a unicast transmission mode, the first device delivers the first data after the first security processing to the first RLC entity or the third RLC entity. The first device sends the first data after the first security processing to the second device through the first RLC entity or the third RLC entity.

If the first transmission mode is a multicast transmission mode, the first device delivers the first data after the second security processing to the second RLC entity or the third RLC entity. The first device sends the first data after the second security processing to the second device through the second RLC entity or the third RLC entity.

If the first transmission mode is unicast or multicast transmission, the first device delivers the first data after the first security processing to the first RLC entity, and delivers the second data after the second security processing to the second RLC entity . The first device sends the first data after the first security processing to the second device through the first RLC entity. At the same time, the second data after the corresponding security processing is sent to the second device through the second RLC entity.

In S240, the second device determines the first transmission mode of the received data according to the received data after corresponding security processing. For example, if the second device receives data from the fourth RLC entity or the sixth RLC entity, it determines that the first transmission mode corresponding to the data is a unicast transmission mode. If the second device receives data from the fifth RLC entity or the sixth RLC entity, it determines that the first transmission mode corresponding to the data is the multicast transmission mode. If the second device receives data from the fifth RLC entity and the sixth RLC entity, it determines that the first transmission mode corresponding to the data is unicast and multicast transmission.

FIG. 9 shows an example of a schematic diagram of a first device sending first data to a second device. As shown in FIG. 9, the first device sends the security-processed first data to the second device through the first RLC entity and/or the second RLC entity. The second device receives the data sent by the first device from the fourth RLC entity and/or the fifth RLC entity.

FIG. 10 shows another example of a schematic diagram of a first device sending first data to a second device. As shown in FIG. 10, the first device sends the security-processed first data to the second device through the third RLC entity. The second device receives the data sent by the first device from the sixth RLC entity.

In S250, the second device determines a safe processing method for the received data according to the first transmission method. Specifically, the PDCP entity (second PDCP entity) of the second device can determine the first transmission mode of the data according to the data received from the different RLC entities associated with it, and determine the corresponding security processing according to the first transmission mode of the data Method, the safe processing method of the data can also be determined directly according to the RLC entity or logical channel that submitted the data.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs third security processing on the received first data after the first security processing. The third security processing may include decrypting and/or integrity verification of the received data using a third parameter and/or a third algorithm. Alternatively, the third security processing may also be not performing security processing, or not performing decryption and/or integrity verification on the data. That is to say, there is a correspondence between the data transmission method or the RLC entity that submits the data and the security processing method. The corresponding relationship may be pre-configured or predetermined by agreement.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity performs fourth security processing on the received first data after the second security processing. Wherein, the fourth security processing may include using a fourth parameter and/or a fourth algorithm to decrypt and/or verify the integrity of the received data. Or, the fourth security process may also be no security process. Among them, not performing security processing can be understood as not performing decryption and/or integrity verification on the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

When the first transmission mode is unicast and multicast transmission, the second PDCP entity performs third security processing on the received first data after the first security processing, and performs the third security processing on the received data after the second security processing. The second data undergoes the fourth security processing.

Among them, the third security process may be a process corresponding to the first security process, such as encryption and decryption, integrity verification, and integrity protection. The fourth security process may be a process corresponding to the second security process, such as encryption and decryption, integrity verification, and integrity protection.

The data security method provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. And, according to the unused transmission method, the data is processed safely. On the one hand, the security of data transmission is improved. On the other hand, different security processing procedures within the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In some possible implementation manners of the present application: when the first transmission mode is a unicast transmission mode, the security processing mode of the first data is the first security processing. When the first data transmission mode is a multicast transmission mode, the security processing mode of the first data is the second security processing. When the first data transmission mode is unicast or multicast transmission, the secure processing mode of the first data is the first secure processing, the secure processing mode of the second data is the second secure processing, and the second data is the same as the first secure processing. The data is the same. For example, the second data may be obtained by copying the first data.

When the first data transmission mode is unicast and multicast transmission, the first device may first copy the first data to obtain the second data, and then perform the first security processing on the first data respectively, and perform the first security processing on the first data respectively. Second, the data is processed for the second security. Then, the first data and the second data after the security processing are sent to the second device through the corresponding RLC entity. When the first data transmission mode is unicast transmission or multicast transmission, the first device only needs to perform corresponding security processing on the first data, and then pass the security processed first data through the corresponding RLC The entity is sent to the second device.

In some possible implementation manners of the present application: the first security processing includes using the first parameter and/or the first algorithm to encrypt data and/or integrity protection. For example, the first security processing may be using the first parameter and/or the first algorithm to encrypt data, or the first security processing may be using the first parameter and/or the first algorithm to protect the integrity of the data, or, The first security processing may be to encrypt the data using the first algorithm and to protect the integrity of the data using the first parameter.

The second security processing means not performing secure processing on the first data, that is, not performing secure processing on the first data can be regarded as a secure processing method, where not performing secure processing on the first data can be understood as not encrypting and unencrypting the first data. / Or integrity protection, but the first data is processed in other ways. Or, not performing security processing on the first data may mean not performing any security processing on the first data.

In some other possible implementation manners of this application: the first security processing is not performing security processing on the data. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data. For example, the second security processing may be using the second parameter and/or the second algorithm to encrypt data, or the second security processing may be using the second parameter and/or the second algorithm to protect the data integrity, or, The second security processing may be using the second algorithm to encrypt the data and using the second parameter to protect the integrity of the data.

In some other possible implementations of the present application: the first security processing includes using a first parameter and/or a first algorithm to encrypt and/or integrity protection of data, and the second security processing includes using a second parameter and/or Or the second algorithm performs encryption and/or integrity protection on the data. Wherein, the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different. That is, the first security process and the second security process can be the same or different.

The first device may use the aforementioned first security processing and/or second security processing mode to perform corresponding security processing on the first data in the first PDCP entity.

Optionally, in this embodiment of the present application, the first parameter includes a first secret key, and the second parameter includes a second secret key. The first secret key may be an encryption secret key, and the second secret key may also be an encryption secret key. The first secret key and the second secret key may be the same or different.

For example, for the first data transmission mode to be the unicast transmission mode, the first device encrypts the first data in the first PDCP entity with the first secret key, and then sends the first data encrypted with the first secret key to The second device. Or, use the first algorithm and the first secret key to calculate a parameter A, and send this parameter A to the second device. The second device uses the third algorithm and the third secret key to calculate a parameter B. If the parameters A and B are consistent, the integrity verification is passed.

For another example, if the first data transmission mode is a multicast transmission mode, the first device encrypts the first data in the first PDCP entity with a second secret key, and then sends the first data encrypted with the second secret key Give the second device. Or, use the second algorithm and the second secret key to calculate a parameter C, and send this parameter C to the second device. The second device uses the fourth algorithm and the fourth secret key to calculate a parameter D. If the parameters C and D are consistent, the integrity verification is passed.

It should also be understood that, in the embodiment of the present application, the first parameter may also include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number (Sequence Number) of the data packet in addition to the first secret key. SN), random numbers, etc. This application does not limit the specific content of the first parameter. Similarly, in addition to the second secret key, the second parameter may also include the radio bearer identification, count value, SN, random number, etc. of the data. further. The radio bearer identifier, count value, SN, random number, etc. included in the first parameter may be the same or different from the radio bearer identifier, count value, SN, and random number included in the second parameter, respectively.

For S250, the second PDCP entity of the second device may determine the first transmission mode of the data according to the data received from the different RLC entities associated with it, and determine the corresponding security processing mode according to the first transmission mode of the data.

For example, when the first transmission mode of the received data is the unicast transmission mode, the second PDCP entity performs the third security processing on the received first data after the first security processing.

When the first transmission mode of the received data is the multicast transmission mode, the second PDCP entity performs fourth security processing on the received first data after the second security processing.

When the first transmission mode of the received data is the unicast-multicast transmission mode, the second PDCP entity performs the third security process on the received first data after the first security process, and performs the third security process on the received data after the second security process. The second data after the security processing undergoes the fourth security processing.

In some possible implementation manners of this application: the third security processing includes using a third parameter and/or a third algorithm to decrypt and/or verify the integrity of the data. For example, the third security process may be to use the third parameter and/or the third algorithm to decrypt the data, or the first security process may be to use the third parameter and/or the third algorithm to verify the integrity of the data, or, The third security processing may be to decrypt the data using the third algorithm and to verify the integrity of the data using the third parameter.

Optional. The third security processing may also be not performing security processing on the data, wherein, not performing security processing on the data can be understood as not performing decryption and/or integrity verification on the data, or not performing any security processing on the data.

In some possible implementation manners of this application: the fourth security processing includes using a fourth parameter and/or a fourth algorithm to decrypt and/or verify the integrity of the data. For example, the fourth security processing may be using the fourth parameter and/or the fourth algorithm to decrypt the data, or the fourth security processing may be using the fourth parameter and/or the fourth algorithm to verify the integrity of the data, or, The fourth security processing may be decrypting the data using the fourth algorithm and verifying the integrity of the data using the fourth parameter.

Optionally, the fourth security processing may also be not performing security processing on the data.

For example: when the first security process is to use the first parameter and the first algorithm to encrypt data, the third security process is to use the third parameter and the third algorithm to decrypt the data.

For another example: when the second security process is to use the second parameter and the second algorithm to encrypt data, the fourth security process is to use the fourth parameter and the fourth algorithm to decrypt the data.

For another example: when the second security processing is not performing security processing, the fourth security processing is also not performing security processing.

Wherein, the third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different. That is, the third security process and the fourth security process may be the same or different.

Optionally, in this embodiment of the present application, the third parameter includes a third secret key, and the fourth parameter includes a fourth secret key. The third secret key may be a decryption secret key corresponding to the first secret key, and the fourth secret key may be a decryption secret key corresponding to the second secret key. The third secret key and the fourth secret key may be the same or different.

For example, for the first data transmission mode to be the unicast transmission mode, the first device encrypts the first data in the first PDCP entity with the first secret key, and then sends the first data encrypted with the first secret key to The second device. Or, use the first algorithm and the first secret key to calculate a parameter, and send this parameter A to the second device. The second device uses the third key to decrypt the first data encrypted by the first key in the second PDCP entity. Or, the second device uses the third algorithm and the third secret key to calculate a parameter B. If the parameter A and the parameter B are the same, the integrity verification is passed.

It should also be understood that, in the embodiment of the present application, the third parameter and the fourth parameter may include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number of the data packet in addition to the secret key. Number, SN), random number, etc.

FIG. 11 is a schematic flowchart of a method 300 for data security processing according to an embodiment of the present application. The method 300 can be applied in the scenario shown in FIG. 3, for example, using multicast transmission and/or using unicast transmission. Way to transfer the scene. The embodiments of the application are not limited here.

As shown in FIG. 11, the method 300 shown in FIG. 11 may include step S310 to step S350. The steps in the method 300 are described in detail below with reference to FIG. 10. The method 300 includes:

S310: The first device performs first security processing on the first data.

S320: The first device performs second security processing on the second data, and the second data is obtained by copying the first data.

S330. The first device sends the first data after the first security processing to the second device according to the first data transmission mode, and/or sends the second data after the second security processing, the first The transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast and a multicast transmission mode, and the unicast and multicast transmission modes are transmission modes that use unicast transmission and multicast transmission. Correspondingly, the second device receives the data sent by the first device.

S340. The second device determines a first transmission mode of the received data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast transmission and a multicast transmission mode.

S350: The second device determines a safe processing mode for the first data according to the first transmission mode.

Specifically, the first PDCP entity in the protocol stack of the first device is associated with one or more RLC entities, and the transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. The second PDCP entity in the protocol stack of the second device is associated with one or more RLC entities, and the transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. For specific descriptions of the protocol stacks of the first device and the second device, reference may be made to the description of the protocol stack of the first device in the above method 200. For brevity, details are not repeated here. For the structure of the protocol stack of the first device and the second device, reference may be made to the description of the structure of the protocol stack of the first device and the second device in the above method 200. I won't repeat it here.

When the first device has data (take the first data as an example) to send to the second device, it is assumed that the transmission mode used is determined by the RLC layer, MAC layer, or physical layer of the first device. If the access network equipment adopts the CU and DU separate setting mode, it can also be understood that the transmission mode used is determined by the DU of the first device. Since the data transmission mode is determined by other layers or DUs, the first PDCP entity does not know which transmission mode is currently used, so when the first device transmits the first data, the first data is copied in the first PDCP entity. Get the second data. That is, the first data and the second data are the same. Among them, the first transmission mode is: a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode. For related descriptions of unicast transmission mode, multicast transmission mode, unicast and multicast transmission mode, reference may be made to the related description in the foregoing method 200, and for brevity, details are not repeated here.

In S310, the first device performs first security processing on the first data, that is, the security processing mode corresponding to the first data is the first security processing. Specifically, the first device or the CU performs the first security processing on the first data in the first PDCP entity. Among them, the first security processing corresponding to the unicast transmission mode.

In S320, the first device performs the second security processing on the second data, that is, the security processing mode corresponding to the second data is the second security processing. Specifically, the first device or the CU performs the second security processing on the second data in the first PDCP entity. Among them, the second security processing corresponding to the multicast transmission mode. Here, the second data is obtained by copying the first data. Specifically, after the first device or CU receives the first data in the first PDCP entity, the first data is copied to obtain the second data, and then the second data is obtained respectively. The first data and the second data undergo corresponding security processing.

In S330, the first device or CU separately performs security processing on the first data and the second data in the first PDCP entity. The first data that has undergone the first security processing is delivered to one or RLC entity associated with the first PDCP, and the second data that has undergone the second security processing is also delivered to the one or RLC entity associated with the first PDCP. Specifically, due to one or RLC entity associated with the first PDCP, one RLC entity corresponds to a unicast transmission mode or a multicast transmission mode. The first device or CU delivers the first data after the first security processing to the RLC entity corresponding to the unicast transmission mode, and delivers the second data after the second security processing to the RLC entity corresponding to the multicast transmission method. In other words, there is a correspondence between the data transmission method or the RLC entity that submits the data and the security processing method. The corresponding relationship may be pre-configured or predetermined by agreement.

For example, in conjunction with the example shown in FIG. 9, the first PDCP layer entity submits the first data after the first security processing to the first RLC entity, and submits the second data after the second security processing to the second RLC entity. RLC entity. For another example, in conjunction with the example shown in FIG. 10, the first PDCP layer entity submits the first data after the first security processing to the third RLC entity, and submits the second data after the second security processing to the third RLC entity. Three RLC entities.

The first device or the DU sends the first data after the first security processing to the second device according to the first transmission mode of the data, and/or sends the second data after the second security processing. That is, the RLC layer entity of the DU or the first device determines the first transmission mode among unicast transmission modes, multicast transmission modes, unicast and multicast transmission modes. Wherein, the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, a unicast transmission mode, and a multicast transmission mode. The first device uses the first transmission mode to send data to the second device in the corresponding RLC entity. Correspondingly, the second device receives the data sent by the first device.

In S340, the second device determines the first transmission mode of the data according to the received data after corresponding security processing. For example, if the second device receives data from the fourth RLC entity or the sixth RLC entity, it is determined that the first transmission mode corresponding to the data is a unicast transmission mode. If the second device receives data from the fifth RLC entity or the sixth RLC entity, it determines that the first transmission mode corresponding to the data is a multicast transmission mode. If the second device receives data from the fourth RLC entity and the fifth RLC entity, it determines that the first transmission mode corresponding to the data is unicast and multicast transmission.

In S350, the second device determines a safe processing mode for the first data according to the first transmission mode. Specifically, the PDCP entity (the second PDCP entity) of the second device can determine the different transmission modes of the first data according to the data received from the different RLC entities associated with it, and determine the corresponding transmission modes according to the different transmission modes of the first data. Safe handling. In other words, there is a correspondence between the data transmission method or the RLC entity that submits the data and the security processing method. The corresponding relationship may be pre-configured or predetermined by agreement.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs third security processing on the received first data after the first security processing.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity performs fourth security processing on the received second data after the second security processing.

When the first transmission mode is unicast and multicast transmission, the second PDCP entity performs third security processing on the received first data after the first security processing, and performs the third security processing on the received data after the second security processing. The second data undergoes the fourth security processing.

Among them, the third security process may be a process corresponding to the first security process, such as encryption and decryption, integrity verification, and integrity protection. The fourth security process may be a process corresponding to the second security process, such as encryption and decryption, integrity verification, and integrity protection.

The data security method provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. When performing data transmission, all possible transmission methods of the data are respectively subjected to corresponding security processing procedures, and multiple copies of the data after the security processing are respectively submitted to the RLC entity of the corresponding transmission method, and finally the RLC entity determines the transmission method used for the data. Use a certain transmission method to send data. Improve the security of data transmission. In addition, different security processing procedures in the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

In some possible implementation manners of this application: in the foregoing S330, the first device or the CU sends data to the second device according to the first transmission mode in the following situations:

When the first transmission mode is a unicast transmission mode, the first device (or CU) sends the first data after the first security processing to the second device through the first RLC entity or the third RLC entity. Optionally, delete the second data after the second security processing in the second RLC entity, or delete the second data after the second security processing in the third RLC entity.

When the first transmission mode is a multicast transmission mode, the first device (or CU) sends the second data after the second security processing to the second device through the second RLC entity or the third RLC entity. Optionally, delete the first data after the first security processing in the first RLC entity, or delete the first data after the first security processing in the third RLC entity.

When the first transmission mode is unicast and multicast transmission, the first device (or CU) sends the first data after the first security processing to the second device through the first RLC entity, and the second The RLC entity sends the second data after the second security processing to the second device.

In some possible implementation manners of this application: the first security processing includes using the first parameter and/or the first algorithm to encrypt data and/or integrity protection, and the second security processing is not performing security processing. That is, not performing the secure processing of the second data can be regarded as a secure processing method.

In some other possible implementation manners of this application: the first security processing is no security processing. The second security processing includes using the second parameter and/or the second algorithm to perform encryption and/or integrity protection on the second data.

In some other possible implementations of the present application: the first security processing includes using a first parameter and/or a first algorithm to encrypt and/or integrity protection of the first data, and the second security processing includes using a second parameter And/or the second algorithm performs encryption and/or integrity protection on the second data. Wherein, the first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different. That is, the first security process and the second security process can be the same or different.

The first device may use the foregoing first security processing and second security processing methods to perform corresponding security processing on the first data and the second data in the first PDCP entity, respectively.

Optionally, in this embodiment of the present application, the first parameter includes a first secret key, and the second parameter includes a second secret key. The first secret key may be an encryption secret key, and the second secret key may also be an encryption secret key. The first secret key and the second secret key may be the same or different.

It should also be understood that, in the embodiment of the present application, the first parameter and the second parameter may also include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number of the data packet (Sequence Number) in addition to the secret key. Number, SN), random number, etc. This application does not limit the specific content of the first parameter. further. The radio bearer identifier, count value, SN, random number, etc. included in the first parameter may be the same or different from the radio bearer identifier, count value, SN, and random number included in the second parameter, respectively.

For the description of S340 and S350, please refer to the description of S240 and S250 in the method 200. For brevity, details are not repeated here.

In some possible implementation manners of this application: the third security processing includes using a third parameter and/or a third algorithm to decrypt and/or integrity verification of the data, or the third security processing is no security processing. Among them, not performing security processing can be understood as not performing decryption and/or integrity verification on the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

In some possible implementation manners of the present application: the fourth security processing includes using the fourth parameter and/or the fourth algorithm to decrypt and/or verify the integrity of the data, or the fourth security processing is no security processing.

It should be understood that, for the description of the first security processing to the fourth security processing, reference may be made to the description of the first security processing to the fourth security processing in the above method 200. For the sake of brevity, I won't repeat them here.

It should also be understood that, in the embodiment of the present application, the third parameter and the fourth parameter may include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number of the data packet in addition to the secret key. Number, SN), random number, etc.

It should also be understood that the above-mentioned first parameter, second parameter, third parameter, and fourth parameter, and the first to fourth algorithms may be pre-configured, or may also be defined by the protocol. FIG. 12 is a schematic flowchart of a method 400 for data security processing according to an embodiment of the present application. The method 400 may be applied in the scenario shown in FIG. 3, for example, using multicast transmission and/or using unicast transmission. Way to transfer the scene. The embodiments of the application are not limited here.

As shown in FIG. 12, the method 400 shown in FIG. 12 may include step S410 to step S450. The steps in the method 400 are described in detail below with reference to FIG. 11. The method 400 includes:

S410: The first device performs first security processing on the first data.

S420. The first device determines a first transmission mode of the first data after the first security processing, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or at least one of a unicast transmission mode and a multicast transmission mode. One, the unicast and multicast transmission methods are transmission methods that use unicast and multicast for transmission.

S430: When the first transmission mode is a unicast transmission mode, the first device uses the unicast transmission mode to send the first data after the first security processing to the second device;

When the first transmission mode is a multicast transmission mode, the first device uses the multicast transmission mode to send the first data after the first security processing to the second device;

When the first transmission method is unicast and multicast transmission, the first device uses the unicast transmission method to send the first data after the first security processing to the second device, and uses the multicast transmission method to send the first data to the second device. The device sends third data, which is obtained by copying the first data after the first security processing.

Correspondingly, the second device receives the data sent by the first device.

S440: The second device determines a first transmission mode of the received data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast transmission mode and a multicast transmission mode.

S450: The second device determines a safe processing mode for the received data according to the first transmission mode.

In S410, when the first device has data (taking the first data as an example) to send to the second device, the first device first performs the first security processing on the first data at the PDCP layer. That is, the security processing method corresponding to the first data is the first security processing. The first PDCP entity in the protocol stack of the first device is associated with one or more RLC entities, and the transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. The second PDCP entity in the protocol stack of the second device is associated with one or more RLC entities, and the transmission mode of one RLC entity is a unicast transmission mode or a multicast transmission mode. For specific descriptions of the protocol stacks of the first device and the second device, reference may be made to the description of the protocol stack of the first device in the above method 200. For brevity, details are not repeated here.

In S420, after performing security processing on the first data, the first device determines a first transmission mode of the first data after the first security processing. Optionally, if the access network equipment adopts the CU and DU separate setting mode, the first device may be a CU. It is assumed that which transmission mode is used is determined by the PDCP layer (or CU) of the first device. For example, the PDCP layer of the first device may determine or determine the first transmission mode. That is, the PDCP layer (CU) determines the first transmission mode among unicast transmission modes, multicast transmission modes, unicast and multicast transmission modes. For related descriptions of unicast transmission mode, multicast transmission mode, unicast and multicast transmission mode, reference may be made to the related description in the foregoing method 200, and for brevity, details are not repeated here.

In S430, when the first transmission mode is a unicast transmission mode, the first device uses the unicast transmission mode to send the first data after the first security processing to the second device. Specifically, when the first PDCP entity of the first device determines that the first transmission mode is the unicast transmission mode, it delivers the first data after the first security processing to the unicast type RLC entity associated with the first PDCP entity. And send the first data after the first security processing to the second device through the unicast type RLC entity associated with the first PDCP entity. For example, the first device may send the first data after the first security processing to the second device through the first RLC entity or the third RLC entity. The first RLC entity corresponds to unicast transmission, and the third RLC entity corresponds to unicast transmission. the way. Correspondingly, the second device receives the first data sent by the first device after the first security processing, and delivers the received data to the corresponding RLC entity of the second device. For example, the second device receives according to the allocated or predefined RNTI corresponding to the first RLC entity or the third RLC entity, and delivers the received unicast transmission mode data to the fourth RLC entity or the sixth RLC entity.

When the first transmission mode is a multicast transmission mode, the first device uses the multicast transmission mode to send the first data after the first security processing to the second device. Specifically, when the first PDCP entity of the first device determines that the first transmission mode is the multicast transmission mode, it delivers the first data after the first security processing to the RLC entity of the multicast type associated with the first PDCP entity. And send data to the second device through a multicast type RLC entity associated with the first PDCP entity. For example, the first device may send the first data after the first security processing to the second device through the second RLC entity or the third RLC entity. The second RLC entity corresponds to the multicast transmission mode, and the third RLC entity corresponds to the multicast transmission mode. Correspondingly, the second device receives the first data sent by the first device after the first security processing. And submit the received data to the corresponding RLC entity of the second device. For example, the second device receives according to the allocated or predefined RNTI corresponding to the second RLC entity or the third RLC entity, and delivers the received unicast transmission mode data to the fifth RLC entity or the sixth RLC entity.

When the first transmission method is unicast or multicast transmission, the first device uses the unicast transmission method to send the first data after the first security processing to the second device, and uses the multicast transmission method to send the first data to the second device. The second device sends third data, and the third data is the same as the first data after the first security processing. The third data may be obtained by copying the first data after the first security processing, or may be obtained by copying the first data first, and then performing the first security processing on the copied data to obtain the third data. That is, the security processing mode corresponding to the multicast transmission mode and the security processing mode corresponding to the single transmission mode are the same.

Specifically, when the first PDCP entity of the first device determines that the first transmission mode is unicast or multicast transmission, it submits the first security process to the RLC entity of the unicast type associated with the first PDCP entity. One data, the third data is delivered to the RLC entity of the multicast type. Wherein, the third data is the same as the first data after the first security processing. The first device sends the first data number after the first security processing to the second device through the unicast type RLC entity associated with the first PDCP entity, and sends the third data to the second device through the multicast type RLC entity . For example, the first device may send the first data after the first security processing to the second device through the first RLC entity, and send the third data to the second device through the second RLC entity. The first RLC entity corresponds to a unicast transmission mode, and the second RLC entity corresponds to a multicast transmission mode. Correspondingly, the second device receives the data sent by the first device. And submit the received data to the corresponding RLC entity of the second device. For example, the second device receives the allocated or predefined RNTI corresponding to the first RLC entity and the second RLC entity, delivers the received unicast transmission mode data to the fourth RLC entity, and transfers the received data to the fourth RLC entity. The data in the broadcast transmission mode is delivered to the fifth RLC entity.

In S440, the second device determines the first transmission mode of the received data according to the received data after the first security processing. Wherein, the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast transmission and a multicast transmission mode. For example, if the second device receives data from the fourth RLC entity or the sixth RLC entity, it determines that the first transmission mode corresponding to the data is a unicast transmission mode. If the second device receives data from the fifth RLC entity or the sixth RLC entity, it determines that the first transmission mode corresponding to the data is the multicast transmission mode. If the second device receives data from the fourth RLC entity and the fifth RLC entity, it determines that the first transmission mode corresponding to the data is unicast and multicast transmission.

In S450, the second device determines a safe processing method for the received data according to the first transmission method. Specifically, the PDCP entity (second PDCP entity) of the second device may determine the first transmission mode of the data according to the data received from the different RLC entities associated with it, and determine the corresponding security processing mode according to the first transmission mode.

For example, when the first transmission mode is a unicast transmission mode, the second PDCP entity performs third security processing on the received first data after the first security processing. That is to say, there is a correspondence between the data transmission method or the RLC entity that submits the data and the security processing method. The corresponding relationship may be pre-configured or predetermined by agreement.

For example, when the first transmission mode is a multicast transmission mode, the second PDCP entity also performs third security processing on the received first data after the first security processing. That is, the security processing mode corresponding to the multicast transmission mode and the security processing mode corresponding to the single transmission mode are the same.

When the first transmission mode is unicast and multicast transmission, the second PDCP entity performs third security processing on the received first data through the unicast transmission mode, and performs third security processing on the received third data through the multicast transmission mode. The data is also processed for third security.

Among them, the third security process may be a process corresponding to the first security process, such as encryption and decryption, integrity verification, and integrity protection.

For the description of S440 and S450, reference may be made to the description of S240 and S250 in the method 200. For brevity, details are not repeated here.

The data security method provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. In addition, the security processing methods corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device first processes the data securely, and then sends the securely processed data according to the unused transmission mode of the data. Improve the security of data transmission. It can realize the data security processing process in the same bearer, meet the security requirements of data under different transmission modes, and improve communication efficiency.

In some possible implementation manners of this application: the first security processing includes using the first parameter and/or the first algorithm to encrypt data and/or integrity protection, or the first security processing is no security processing, Among them, not performing security processing can be understood as not performing encryption and/or integrity protection on the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

Optionally, in this embodiment of the present application, the first parameter includes the first secret key.

In some possible implementations of this application: the third security processing includes decrypting and/or integrity verification of data using a third parameter and/or a third algorithm, or the third security processing is no security processing, where, Failure to perform security processing can be understood as not decrypting and/or integrity verification of the data, but using other methods to process the data. Or, not performing security processing can mean not performing any security processing on the data.

For example, for the first data transmission mode to be the unicast transmission mode, the first device encrypts the first data in the first PDCP entity with the first secret key, and then sends the first data encrypted with the first secret key to The second device. Or, use the first algorithm and the first secret key to calculate a parameter, and send this parameter to the second device. The second device uses the third key to decrypt the first data encrypted by the first key in the second PDCP entity. Or, the second device uses the third algorithm and the third secret key to calculate a parameter B. If the parameter A and the parameter B are the same, the integrity verification is passed.

It should be understood that, for the description of the first security processing to the fourth security processing, reference may be made to the description of the first security processing to the fourth security processing in the above method 200. For the sake of brevity, I won't repeat them here.

It should also be understood that, in the embodiment of the present application, the first parameter may also include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number (Sequence Number) of the data packet in addition to the first secret key. SN), random numbers, etc. The count value (count value) may include SN and Hyper Frame Number (Hyper Frame Number, HFN). This application does not limit the specific content included in the first parameter.

It should also be understood that, in the embodiment of the present application, the third parameter may also include the radio bearer identification of the data, the count value (count value) of the data packet, and the sequence number (Sequence Number) of the data packet in addition to the first secret key. SN), random numbers, etc. The count value (count value) can include SN and Hyper Frame Number (Hyper Frame Number, HFN)

In the embodiment of the present application, the first device may send configuration information such as the aforementioned secret key (key) to the second device. In addition, corresponding keys and/or encryption security algorithms can be maintained for different types of radio bearers. Specifically, when using the traditional unicast radio bearer to transmit data, the security processing of the data uses the existing key and/or the encryption integrity protection algorithm (encryption algorithm and integrity protection algorithm), and all orders of the same terminal device The broadcast radio bearer uses the same key and/or encryption guarantee algorithm, and the unicast radio bearers of different terminal devices use different keys and/or encryption guarantee algorithms; in this application, the wireless support for multiple transmission methods is used. When the bearer (the first type of radio bearer) performs data transmission, the network device may configure a public key and/or encryption security algorithm for at least one terminal device for secure processing of the data in the first type of radio bearer, In this case, in different terminal devices, the first type radio bearers used to receive the same service can use the same key and/or encryption encryption algorithm to process the data, and for the same terminal device, Different types of radio bearers (unicast radio bearers, multicast radio bearers, and first type radio bearers) need to maintain different keys and/or encryption security algorithms for safe processing of corresponding data. Further, for the same terminal device, for the same type of radio bearer (unicast radio bearer, multicast radio bearer, and first type radio bearer), if the same type of bearer is used to transmit different services, the terminal device It is also possible to maintain different keys and/or encryption security algorithms for safe processing of corresponding data, which is not limited in this application.

For example, the first device (taking the network device as an example) sends security configuration information to the second device (taking the terminal device as an example). The security configuration information may include one or more sets of key configuration, algorithm configuration, etc. The key can be a public key that can be used by multiple terminal devices. The security configuration information may be sent to the terminal device when the bearer is established, or may be sent to the terminal device in advance, or may be sent to the terminal device based on the request of the terminal device. For example, the security configuration information may be carried in radio bearer configuration information, PDCP configuration information or other configuration information. The terminal device maintains multiple sets of key information for unsuitable types of bearers. For example, one set of key information is used for ordinary bearers that only support unicast, and one set is used for bearers that support unicast and/or multicast. For terminal devices, the security configuration information can also be preset in the terminal device or derived from the information preset by the terminal device; for network devices, the security configuration information can be sent by the core network to the network device or the terminal device. For network equipment or pre-installed in network equipment or derived from network equipment based on preset information.

For different types of bearers, the PDCP layer of the terminal device uses corresponding types of keys and/or encryption security algorithms for security processing. For example, for bearers that support unicast and/or multicast. The PDCP layer of the network device uses a public key shared by multiple terminal devices to securely process the data and then send it to one or more terminal devices. After the terminal device receives the security configuration information, the PDCP layer of the terminal device uses the corresponding public key to perform corresponding security processing for the bearer that supports unicast and/or multicast.

In some other embodiments of the present application, the network device (first device) side maintains multiple radio bearers for different terminal devices, including unicast radio bearers, multicast radio bearers, and first type bearers, where the first type The bearer may also be a type of multicast radio bearer. For the unicast radio bearer, it is point-to-point transmission, that is, the unicast radio bearer is only for one terminal device; for the multicast radio bearer and the first type of bearer, it is point-to-multipoint transmission, that is, for multiple Terminal Equipment.

For unicast radio bearers, on the network device side, the PDCP layer and the RLC layer are included to perform the functions of each layer, and on a corresponding terminal device side, the corresponding PDCP and RLC layers are included to perform the corresponding functions. The execution of these functions is as good as The processing is different for different terminal devices. For example, the security processing of data in the unicast radio bearer in the same terminal device is the same, and the security processing of data in the unicast radio bearer in different terminal devices is different. In other words, this kind of function can be called terminal equipment level function;

The opposite is the network device-level function. This kind of function corresponds to the multicast radio bearer or the first type of radio bearer. The execution and processing of this function for different terminal devices can be the same, such as security processing, assuming multiple terminals The device receives data in a multicast manner, that is, in point-to-multipoint transmission, the network device and the multiple terminal devices have the same security processing method for the data. The security processing method is the same as that described in the previous embodiment in the specification, and will not be repeated here.

For terminal device-level functions and network device-level functions, there are three protocol stack architectures to implement. Figure 13 shows the first protocol stack structure. As shown in Figure 13, on the network equipment side, the radio bearers (first type radio bearers) that receive the same MBMS service for all terminal equipment share one PDCP entity for processing, and there is one PDCP entity for each unicast radio bearer of each terminal equipment. The entity is processed.

Figure 14 shows the second protocol stack structure. As shown in Figure 14. On the network device side, the first-type radio bearers that receive the same MBMS service on the same terminal device share a PDCP entity for processing, and the first-type radio bearers that receive the same MBMS service on different terminal devices use different PDCP entities for processing. When the network device decides to use the multicast transmission mode to transmit data to multiple terminal devices, the data can be processed through any one or more PDCPs, and after the processing is completed, it is handed over to the multicast type RLC entity to continue transmission. When a network device decides to use unicast transmission to transmit data to a certain terminal device, the data can be processed through the corresponding PDCP, and after the processing is completed, it is handed over to the corresponding unicast type RLC entity to continue transmission.

Figure 15 shows the third protocol stack structure. As shown in Figure 15, the multicast radio bearer of all terminal devices shares a PDCP entity or sub-PDCP function module for processing on the network device side. Unicast radio bearers are processed respectively corresponding to different PDCP entities or sub-PDCP functional modules. In other words, for the first type of radio bearers that receive the same MBMS service from the same terminal device, there are differences between the multicast processing and the unicast processing PDCP entity for processing. The PDCP entity mentioned here can be a complete PDCP entity, or a part of a complete PDCP, that is, a collection of some functional modules. For example, a public PDCP entity contains the same set of functions for multiple terminal devices, such as multicast Security handling during transmission. When the network device decides to use the multicast transmission method to transmit data to multiple terminal devices, the data can be processed through the public PDCP entity, and after the processing is completed, it is handed over to the multicast type RLC entity to continue transmission. When a network device decides to use unicast transmission to transmit data to a terminal device, the data can be processed through a separate PDCP, and after the processing is completed, it is handed over to the corresponding unicast type RLC entity to continue transmission. When a network device decides to use unicast and multicast transmission methods to transmit data to a terminal device, the data can be copied in a separate PDCP or a public PDCP, and then in a separate PDCP entity and a public PDCP entity, respectively The data is processed, and after the processing is completed, it is delivered to the unicast type RLC and multicast type RLC entities to continue transmission. Data can also be replicated at a higher layer, and then handed over to a separate PDCP entity and a public PDCP entity for processing.

It should be understood that, in the various embodiments of the present application, the first, the second, etc. are only for ease of description. For example, the first RLC entity and the second RLC entity are only used to indicate different RLC entities. Instead of having any influence on the RLC entity itself and the number, the above-mentioned first, second, etc. should not cause any limitation to the embodiments of the present application.

It should also be understood that the foregoing is only to help those skilled in the art to better understand the embodiments of the present application, and is not intended to limit the scope of the embodiments of the present application. Those skilled in the art can obviously make various equivalent modifications or changes based on the above-mentioned examples. For example, some steps in the various embodiments of the above-mentioned method 200 to method 400 may be unnecessary, or may be new. Add some steps and so on. Or a combination of any two or any of the above embodiments. Such a modified, changed or combined solution also falls within the scope of the embodiments of the present application.

It should also be understood that the above description of the embodiments of the present application focuses on emphasizing the differences between the various embodiments, and the same or similarities that are not mentioned can be referred to each other. For the sake of brevity, they will not be repeated here.

It should also be understood that the size of the sequence numbers of the foregoing processes does not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.

It should also be understood that in the embodiments of the present application, "pre-set" and "pre-defined" can be achieved by pre-saving corresponding codes, tables, or other methods that can be used to indicate related information in devices (for example, including terminals and network devices). To achieve, this application does not limit its specific implementation.

It should also be understood that the methods, situations, categories, and embodiments in the embodiments of the present application are only for convenience of description and should not constitute special limitations. The various methods, categories, situations, and features in the embodiments are not contradictory. Circumstances can be combined.

It should also be understood that, in the various embodiments of the present application, if there are no special instructions and logical conflicts, the terms and/or descriptions between the different embodiments are consistent and can be mutually cited. The technical features in the different embodiments According to its inherent logical relationship, it can be combined to form a new embodiment.

The data security processing method of the embodiment of the present application has been described in detail above in conjunction with FIG. 1 to FIG. 15. Hereinafter, the communication device according to the embodiment of the present application will be described in detail with reference to FIGS. 16 to 24.

FIG. 16 shows a schematic block diagram of a communication device 500 according to an embodiment of the present application. The device 500 may correspond to the first device or the second device described in the above method 200, or may be applied to the first device or the second device. Chips or components, and each module or unit in the device 500 is respectively used to execute each action or process performed by the first device and the second device in the method 200 described above.

As shown in FIG. 16, the device 500 may include a processing unit 510 and a transceiving unit 520. The transceiving unit 520 is configured to perform specific signal transceiving under the driving of the processing unit 510.

The processing unit 510 is configured to determine a first transmission mode of the first data. The first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode. The broadcast transmission method is a transmission method that uses unicast and multicast for transmission.

The processing unit 510 is further configured to determine a safe processing mode for the first data according to the first transmission mode.

The transceiver unit 520 is used to send the first data after security processing.

The communication device provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. And, according to the unused transmission method, the data is processed safely. On the one hand, the security of data transmission is improved. On the other hand, different security processing procedures within the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

Optionally, in some embodiments of the present application, when the first transmission mode is a unicast transmission mode, the processing unit 510 determines that the secure processing mode of the first data is the first secure processing.

Optionally, in some embodiments of the present application, when the first transmission mode is a multicast transmission mode, the processing unit 510 determines that the secure processing mode of the first data is the second secure processing.

Optionally, in some embodiments of the present application, when the first transmission mode is unicast or multicast transmission, the processing unit 510 determines that the secure processing mode of the first data is the first secure processing, and the second secure processing The data security processing method is the second security processing, and the second data is obtained by copying the first data.

Optionally, in some embodiments of the present application, the first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection. The second security process is no security process.

Optionally, in some embodiments of the present application, the first security processing includes using a third parameter and/or a third algorithm to encrypt data and/or integrity protection. The second security process is no security process.

Optionally, in some embodiments of the present application, the first security processing is no security processing. The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protect the data.

Optionally, in some embodiments of the present application, the first security processing is no security processing. The second security processing includes using a fourth parameter and/or a fourth algorithm to encrypt data and/or integrity protection.

Optionally, in some embodiments of the present application, the first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection, or the first security processing includes using a first parameter and/or a first algorithm. The three parameters and/or the third algorithm perform decryption and/or integrity verification on the data.

The second security processing includes using the second parameter and/or the second algorithm to encrypt and/or integrity protection of the data, or the second security processing includes using the fourth parameter and/or the fourth algorithm to decrypt the data and / Or integrity verification.

The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or the third parameter and the fourth parameter are the same or different, the third algorithm and the fourth algorithm Same or different.

Optionally, in some embodiments of the present application, the first parameter includes a first secret key, and/or the second parameter includes a second secret key; or, the third parameter includes a third secret key, and/ Or, the fourth parameter includes a fourth secret key.

Further, the device 500 may also be the storage unit, and the transceiving unit 520 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used to store instructions executed by the transceiver unit 520 and the processing unit 510. The transceiving unit 520, the processing unit 510, and the storage unit are coupled to each other, the storage unit stores instructions, the processing unit 510 is used to execute the instructions stored in the storage unit, and the transceiving unit 520 is used to perform specific signal transceiving under the driving of the processing unit 510.

It should be understood that, for the specific process of each unit in the device 300 performing the above-mentioned corresponding steps, please refer to the foregoing description of the first device or the second device in combination with the method 200 and the related embodiment in FIG. 4. For the sake of brevity, details are not repeated here.

Optionally, the transceiving unit 520 may include a receiving unit (module) and a sending unit (module), which are used to execute each embodiment of the aforementioned method 200 and the first device or the second device in the embodiment shown in FIG. 4 to receive information and Steps to send information.

It should be understood that the transceiving unit 520 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 510 may be implemented by a processor. As shown in FIG. 17, the communication device 600 may include a processor 610, a memory 620, a transceiver 630, and a bus system 660. The components of the communication device 600 are coupled together through a bus system 660, where the bus system 660 may include a power bus, a control bus, a status signal bus, etc., in addition to a data bus. However, for the sake of clear description, various buses are marked as the bus system 640 in FIG. 16. For ease of illustration, FIG. 16 is only schematically drawn.

The communication device 500 shown in FIG. 16 or the communication device 600 shown in FIG. 17 can implement the various embodiments of the foregoing method 200 and the steps performed by the first device or the second device in the embodiment shown in FIG. 4. For similar descriptions, reference can be made to the descriptions in the aforementioned corresponding methods. To avoid repetition, I won’t repeat them here.

It should also be understood that the communication device 500 shown in FIG. 16 or the communication device 600 shown in FIG. 17 may be a terminal device or a network device.

FIG. 18 shows a schematic block diagram of a communication device 700 according to an embodiment of the present application. The device 700 may correspond to the first device described in the above method 300, or may be a chip or component applied to the first device, and the device Each module or unit in 700 is respectively used to execute each action or processing procedure executed by the first device in the above method 300.

As shown in FIG. 18, the apparatus 700 may include a processing unit 710 and a transceiver unit 720. The transceiving unit 720 is configured to perform specific signal transceiving under the driving of the processing unit 710.

The processing unit 710 is configured to perform first security processing on the first data;

The processing unit 710 is further configured to perform second security processing on second data, where the second data is obtained by copying the first data;

The transceiver unit 720 is configured to send the first data after the first security processing and/or send the second data after the second security processing according to the first transmission mode of the data, and the first transmission The method is a unicast transmission method, a multicast transmission method, or at least one of a unicast and a multicast transmission method, and the unicast and multicast transmission methods are transmission methods that use unicast and multicast for transmission.

The communication device provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. When performing data transmission, all possible transmission methods of the data are respectively subjected to corresponding security processing procedures, and multiple copies of the data after the security processing are respectively submitted to the RLC entity of the corresponding transmission method, and finally the RLC entity determines the transmission method used for the data. Use a certain transmission method to send data. Improve the security of data transmission. In addition, different security processing procedures in the same bearer can be realized, meeting the security requirements of data in different transmission modes, and improving communication efficiency.

Optionally, in some embodiments of the present application, the transceiver unit 720 is also used for:

When the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

When the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

When the first data transmission mode is a unicast or a multicast transmission mode, the first data after the first security processing and the second data after the second security processing are sent.

Optionally, in some embodiments of the present application, the first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection; the second security processing is no security processing .

Optionally, in some embodiments of the present application, the first security processing is no security processing; the second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection .

Optionally, in some embodiments of the present application, the first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection; the second security processing includes using a second parameter And/or the second algorithm performs encryption and/or integrity protection on the data.

The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.

Optionally, in some embodiments of the present application, the first parameter includes a first secret key, and/or, the second parameter includes a second secret key.

It should be understood that, for the specific process of each unit in the device 700 performing the above corresponding steps, please refer to the previous description in conjunction with the method 300 and the related embodiment of the first device in FIG. 11. For the sake of brevity, details are not repeated here.

Optionally, the transceiving unit 720 may include a receiving unit (module) and a sending unit (module), which are used to execute each embodiment of the aforementioned method 300 and the steps of receiving and sending information by the second device in the embodiment shown in FIG. 11 .

Further, the device 700 may also be the storage unit, and the transceiving unit 720 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used to store instructions executed by the transceiver unit 720 and the processing unit 710. The transceiving unit 720, the processing unit 710, and the storage unit are coupled with each other. The storage unit stores instructions. The processing unit 710 is used to execute the instructions stored in the storage unit. The transceiving unit 720 is driven by the processing unit 710 to perform specific signal transceiving.

It should be understood that the transceiving unit 720 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 710 may be implemented by a processor. As shown in FIG. 19, the communication device 800 may include a processor 810, a memory 820, and a transceiver 830.

The communication device 700 shown in FIG. 18 or the communication device 800 shown in FIG. 19 can implement the embodiment in the aforementioned method 300 and the steps performed by the first device in the embodiment shown in FIG. 11. For similar descriptions, reference can be made to the descriptions in the aforementioned corresponding methods. To avoid repetition, I won’t repeat them here.

It should also be understood that the communication device 700 shown in FIG. 18 or the communication device 800 shown in FIG. 19 may be a network device.

FIG. 20 shows a schematic block diagram of a communication device 900 according to an embodiment of the present application. The device 900 may correspond to the first device described in the above method 400, or may be a chip or component applied to the first device, and the device Each module or unit in 900 is respectively used to execute each action or processing procedure executed by the first device in the above method 400.

As shown in FIG. 20, the device 900 may include a processing unit 910 and a transceiving unit 920. The transceiving unit 920 is configured to perform specific signal transceiving under the driving of the processing unit 910.

The processing unit 910 is configured to perform first security processing on the first data.

The processing unit 910 is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or unicast and multicast transmission At least one of the methods, the unicast and multicast transmission methods are transmission methods that use unicast and multicast for transmission;

The transceiver unit 920 is configured to use the unicast transmission mode to send the first data after the first security processing when the first transmission mode is a unicast transmission mode.

The transceiver unit 920 is further configured to use the multicast transmission mode to send the first data after the first security processing when the first transmission mode is a multicast transmission mode.

The transceiving unit 920 is further configured to use the unicast transmission mode to send the first data after the first security processing when the first transmission mode is unicast and multicast transmission mode, and use the multicast transmission mode to send The third data is obtained by copying the first data after the first security processing.

The communication device provided in this application associates one or more RLC entities by configuring a PDCP. The transmission mode corresponding to an RLC entity is a unicast transmission mode or a multicast transmission mode. The multiple RLC entities include an RLC entity corresponding to a unicast transmission mode and an RLC entity corresponding to a multicast transmission mode. During data transmission, unicast transmission, multicast transmission, or unicast and multicast transmission can be used for data transmission. In addition, the security processing methods corresponding to the unicast transmission mode and the multicast transmission mode are the same. The first device first processes the data securely, and then sends the securely processed data according to the unused transmission mode of the data. Improve the security of data transmission. It can realize the data security processing process in the same bearer, meet the security requirements of data under different transmission modes, and improve communication efficiency.

Optionally, in some embodiments of the present application, the first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection; or, the first security processing is not performed Safe handling.

Optionally, in some embodiments of the present application, the first parameter includes a first secret key.

It should be understood that, for the specific process of each unit in the device 900 performing the above corresponding steps, please refer to the previous description in conjunction with the method 400 and the related embodiment of the first device in FIG. 12. For brevity, details are not repeated here.

Optionally, the transceiving unit 920 may include a receiving unit (module) and a sending unit (module), which are used to execute each embodiment of the aforementioned method 300 and the steps of receiving and sending information by the second device in the embodiment shown in FIG. 11 .

Further, the device 900 may also be the storage unit, and the transceiving unit 920 may be a transceiver, an input/output interface, or an interface circuit. The storage unit is used to store instructions executed by the transceiver unit 920 and the processing unit 910. The transceiving unit 920, the processing unit 910, and the storage unit are coupled to each other, the storage unit stores instructions, the processing unit 910 is used to execute the instructions stored in the storage unit, and the transceiving unit 920 is used to perform specific signal transceiving under the driving of the processing unit 910.

It should be understood that the transceiving unit 920 may be a transceiver, an input/output interface, or an interface circuit. The storage unit may be a memory. The processing unit 910 may be implemented by a processor. As shown in FIG. 21, the communication device 1000 may include a processor 1010, a memory 1020, and a transceiver 1030.

The communication device 900 shown in FIG. 20 or the communication device 1000 shown in FIG. 21 can implement the embodiment in the foregoing method 400 and the steps performed by the first device in the embodiment shown in FIG. 12. For similar descriptions, reference can be made to the descriptions in the aforementioned corresponding methods. To avoid repetition, I won’t repeat them here.

It should also be understood that the communication device 900 shown in FIG. 20 or the communication device 1000 shown in FIG. 21 may be a network device.

It should also be understood that the division of units in the above device is only a division of logical functions, and may be fully or partially integrated into one physical entity in actual implementation, or may be physically separated. In addition, the units in the device can be all implemented in the form of software called by processing elements; they can also be all implemented in the form of hardware; part of the units can also be implemented in the form of software called by the processing elements, and some of the units can be implemented in the form of hardware. For example, each unit can be a separate processing element, or it can be integrated in a certain chip of the device for implementation. In addition, it can also be stored in the memory in the form of a program, which is called and executed by a certain processing element of the device. Features. Here, the processing element may also be called a processor, and may be an integrated circuit with signal processing capability. In the implementation process, each step of the above method or each of the above units may be implemented by an integrated logic circuit of hardware in a processor element or implemented in a form of being called by software through a processing element.

In an example, the unit in any of the above devices may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (ASIC), or, one or Multiple digital signal processors (digital signal processors, DSP), or, one or more field programmable gate arrays (FPGA), or a combination of at least two of these integrated circuits. For another example, when the unit in the device can be implemented in the form of a processing element scheduler, the processing element can be a general-purpose processor, such as a central processing unit (CPU) or other processors that can call programs. For another example, these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).

FIG. 22 is a schematic structural diagram of a terminal device 1100 provided by this application. The foregoing apparatuses 500 to 600 may be configured in the terminal device 1100. Alternatively, the apparatuses 500 to 600 themselves may be the terminal equipment 1100. In other words, the terminal device 1100 may execute the actions performed by the second device in the foregoing method 200 to method 400.

For ease of description, FIG. 22 only shows the main components of the terminal device. As shown in FIG. 22, the terminal device 1100 includes a processor, a memory, a control circuit, an antenna, and an input and output device.

The processor is mainly used to process the communication protocol and communication data, and to control the entire terminal device, execute the software program, and process the data of the software program. For example, it is used to support the terminal device to execute the above-mentioned transmission precoding matrix instruction method embodiment. The described action. The memory is mainly used to store software programs and data, for example, to store the codebook described in the above embodiments. The control circuit is mainly used for the conversion of baseband signals and radio frequency signals and the processing of radio frequency signals. The control circuit and the antenna together can also be called a transceiver, which is mainly used to send and receive radio frequency signals in the form of electromagnetic waves. Input and output devices, such as touch screens, display screens, and keyboards, are mainly used to receive data input by users and output data to users.

When the terminal device is turned on, the processor can read the software program in the storage unit, interpret and execute the instructions of the software program, and process the data of the software program. When data needs to be sent wirelessly, the processor performs baseband processing on the data to be sent, and outputs the baseband signal to the radio frequency circuit. The radio frequency circuit performs radio frequency processing on the baseband signal and sends the radio frequency signal to the outside in the form of electromagnetic waves through the antenna. When data is sent to the terminal device, the radio frequency circuit receives the radio frequency signal through the antenna, converts the radio frequency signal into a baseband signal, and outputs the baseband signal to the processor, and the processor converts the baseband signal into data and processes the data.

Those skilled in the art can understand that, for ease of description, FIG. 22 only shows a memory and a processor. In an actual terminal device, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, etc., which is not limited in the embodiment of the present application.

For example, the processor may include a baseband processor and a central processing unit. The baseband processor is mainly used to process communication protocols and communication data. The central processing unit is mainly used to control the entire terminal device, execute software programs, and process software programs. data. The processor in FIG. 22 integrates the functions of the baseband processor and the central processing unit. Those skilled in the art can understand that the baseband processor and the central processing unit may also be independent processors and are interconnected by technologies such as a bus. Those skilled in the art can understand that the terminal device may include multiple baseband processors to adapt to different network standards, the terminal device may include multiple central processors to enhance its processing capabilities, and the various components of the terminal device may be connected through various buses. The baseband processor can also be expressed as a baseband processing circuit or a baseband processing chip. The central processing unit can also be expressed as a central processing circuit or a central processing chip. The function of processing the communication protocol and the communication data may be built in the processor, or stored in the storage unit in the form of a software program, and the processor executes the software program to realize the baseband processing function.

Exemplarily, in the embodiment of the present application, the antenna and the control circuit with the transceiving function can be regarded as the transceiving unit 1101 of the terminal device 1100, and the processor with the processing function can be regarded as the processing unit 1102 of the terminal device 1100. As shown in FIG. 22, the terminal device 1100 includes a transceiver unit 1101 and a processing unit 1102. The transceiving unit may also be referred to as a transceiver, a transceiver, a transceiving device, and so on. Optionally, the device for implementing the receiving function in the transceiving unit 1101 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiving unit 1101 can be regarded as the sending unit, that is, the transceiving unit 1101 includes a receiving unit and a sending unit. Exemplarily, the receiving unit may also be called a receiver, a receiver, a receiving circuit, etc., and the sending unit may be called a transmitter, a transmitter, or a transmitting circuit, etc.

FIG. 23 is a schematic structural diagram of another terminal device 1200 provided by this application. In FIG. 23, the terminal device includes a processor 1210, a data sending processor 1220, and a data receiving processor 1230. The processing unit and the processing unit in the foregoing embodiment may be the processor 1210 in FIG. 13 and perform corresponding functions. The transceiving unit in the foregoing embodiment may be the sending data processor 1220 and/or the receiving data processor 1230 in FIG. 23. Although the channel encoder and the channel decoder are shown in FIG. 23, it can be understood that these modules do not constitute a restrictive description of this embodiment, and are only illustrative.

FIG. 24 is a schematic structural diagram of a network device 1300 provided by an embodiment of this application, which may be used to implement the functions of the network device in the foregoing method. The network equipment 1300 includes one or more radio frequency units, such as a remote radio unit (RRU) 1301 and one or more baseband units (BBU) (also referred to as digital units, digital units, DU) 1302. The RRU 1301 may be called a transceiver unit, a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 13011 and a radio frequency unit 13012. The RRU 1301 part is mainly used for sending and receiving of radio frequency signals and conversion of radio frequency signals and baseband signals, for example, for sending the signaling messages in the above-mentioned embodiments to terminal equipment. The 1302 part of the BBU is mainly used for baseband processing and control of the base station. The RRU 1301 and the BBU 1302 may be physically set together, or may be physically separated, that is, a distributed base station.

The BBU 1302 is the control center of the base station, which can also be called a processing unit, and is mainly used to complete baseband processing functions, such as channel coding, multiplexing, modulation, and spreading. For example, the BBU (processing unit) 1302 may be used to control the base station 130 to execute the operation flow of the network device in the foregoing method embodiment.

In an example, the BBU 1302 can be composed of one or more single boards, and multiple single boards can jointly support a radio access network of a single access standard (such as an LTE system or a 5G system), and can also support different connections. Enter the standard wireless access network. The BBU 1302 also includes a memory 13021 and a processor 13022. The memory 13021 is used to store necessary instructions and data. For example, the memory 13021 stores the codebook in the above-mentioned embodiment and the like. The processor 13022 is used to control the base station to perform necessary actions, for example, used to control the base station to execute the operation procedure of the network device in the foregoing method embodiment. The memory 13021 and the processor 13022 may serve one or more single boards. In other words, the memory and the processor can be set separately on each board. It can also be that multiple boards share the same memory and processor. In addition, necessary circuits can be provided on each board.

In a possible implementation manner, with the development of system-on-chip (SoC) technology, all or part of the functions of part 1302 and part 1301 can be realized by SoC technology, for example, a base station function chip Realization, the base station function chip integrates a processor, a memory, an antenna interface and other devices, the program of the base station related functions is stored in the memory, and the processor executes the program to realize the related functions of the base station. Optionally, the base station function chip can also read a memory external to the chip to implement related functions of the base station.

It should be understood that the structure of the network device illustrated in FIG. 24 is only a possible form, and should not constitute any limitation in the embodiment of the present application. This application does not exclude the possibility of other types of base station structures that may appear in the future.

In the new radio (NR) system, system information includes master information block (MIB), system information block 1 (system information block 1, SIB1), and other system information blocks except SIB1. Other system information blocks except SIB1 are also called other system information (OSI). When the MIB, SIB1 or OSI changes, the network device can notify the terminal device of the system information change through paging, and the terminal device then reads MIB and SIB1 again, and judges the specific OSI by the valueTag of each SIB of the OSI indicated in SIB1 Which of the SIBs is changed, and then get the corresponding SIB. However, the terminal device in the radio resource control (Radio resource control, RRC) connection state may work on the bandwidth part (Bandwidth part, BWP) that cannot receive paging, resulting in The network device cannot notify the terminal device of system information changes in time, and the terminal device cannot update the system information, which causes the system information stored by the terminal device to be out of date, which affects the normal operation of the terminal device. This application provides a method for obtaining system information, which can obtain updated system information when a terminal device cannot receive a page.

In order to make the objectives, technical solutions, and advantages of the embodiments of the present application clearer, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

Before introducing this application, first briefly explain some terms in the embodiments of this application, so as to facilitate the understanding of those skilled in the art.

1) System information includes master information block (MIB), system information block 1 (system information block 1, SIB1), and other system information blocks except SIB1. Other system information blocks except SIB1 are also called other system information (OSI). MIB and SIB1 are necessary system information, and OSI is non-essential system information. When OSI is transmitted, it is carried on a system information message, and one system information message can carry multiple OSIs.

2) SI message (SI message), used to carry SI. One SI message can include one SIB or multiple SIBs (not including SIB1). The mapping relationship between SIB and SI messages (that is, which SIBs are included in one SI message) may be included in SIB1 (for example, in scheduling information). The scheduling information may include the scheduling period (SI-periodicity) and the type of SIB carried (that is, the mapping relationship between SIB and SI messages, etc.). Generally, one SIB cannot be split and mapped into two different SI messages. For example, one SIB can be carried by one SI message, and the base station broadcasts the SI message, and the SIB can be notified to the terminal device.

3) The bandwidth part (BWP or BP). In the new radio (NR) system, considering factors such as different service types, bandwidth capabilities of terminal equipment, or power consumption of terminal equipment, BWP is introduced. concept. The base station can realize flexible scheduling of the terminal equipment by configuring a variety of BWPs with different bandwidths for the terminal equipment.

BWP can be a continuous resource in the frequency domain, it can also be called carrier bandwidth part, subband bandwidth, narrowband or narrowband bandwidth, or it can have other names. In this application In the embodiment, for the sake of simplicity, the name is BWP as an example. For example, a BWP includes continuous K (K>0) subcarriers; or, a BWP is a frequency domain resource where N non-overlapping continuous resource blocks (resource blocks, RB) are located, and the subcarrier interval of the RB may be 15KHz, 30KHz, 60KHz, 120KHz, 240KHz, 480KHz or other values; or, a BWP is a frequency domain resource where M non-overlapping contiguous resource block groups (RBG) are located, and an RBG includes P(P> 0) A continuous RB, and the subcarrier spacing (SCS) of the RB may be 15KHz, 30KHz, 60KHz, 120KHz, 240KHz, 480KHz or other values, for example, an integer multiple of 2. A BWP is related to a specific system parameter (numerology), and the system parameter includes a subcarrier interval, a cyclic prefix (CP), or a subcarrier interval and CP. Further, the BWP may also be a non-contiguous multi-segment resource in the frequency domain.

In carrier BW, only one BWP can be configured for a terminal device. The bandwidth of the BWP can be less than or equal to the bandwidth capability of the terminal device (UE bandwidth capability), and the bandwidth capability of the terminal device can be less than or equal to the carrier bandwidth (carrier bandwidth). BW). In the carrier bandwidth, two BWPs can also be configured for one terminal device, namely BWP1 and BWP2, and the bandwidths of BWP1 and BWP2 can overlap. In the carrier bandwidth, two BWPs can also be configured for one terminal device, namely BWP1 and BWP2, and BWP1 and BWP2 may not overlap. The system parameters of BWP1 and BWP2 may be the same system parameter, or may also be different system parameters. In practice, the configuration of the BWP (for example, the configuration of the number, location, and/or system parameters of the BWP) may also be other configurations, which are not limited in the embodiment of the present application.

As shown in Figure 25, BWP can be divided into two categories, namely Initial BWP and Active BWP. Initial BWP refers to the bandwidth of the location where SIB1 is indicated by the MIB broadcast in the cell-defined synchronization information block (synchronisation signal block, SSB). On the Initial BWP, the UE can obtain SIB1 and other system information (other system information, OSI), and can monitor paging, which is mainly used for terminal equipment to initiate random access. Active BWP is mainly used for data service transmission. Generally, when the UE has service arrival, the base station will schedule the terminal equipment from the Initial BWP to a BWP with a bandwidth matching its service. Active BWP is configured with Type 0A and Type 2 physical downlink control channels (physical downlink control channel, PDCCH) common search space (CSS). The terminal device can receive paging and OSI on the current Active BWP.

5) ValueTag, used to identify the content version (content tag) of other SIBs except SIB1, which can be understood as the version tag of SIB. SIB1 contains the value of "Value Tag" for each SIB except SIB1 to identify the content version of the SIB. Whenever the content of SIB changes, the value indicated by "ValueTag" will be incremented by 1. Currently, "ValueTag" occupies 5 bits and can indicate 0-31 or 32 values. When the value of "ValueTag" is 31, if the content of the SIB changes later, the value indicated by "ValueTag" will be incremented by 1 and then become 0. When the terminal device stores the SIB, it will also store the value of "ValueTag" in SIB1. When the network side notifies the system information that there is a change, the terminal device will receive SIB1 again, then obtain the SIB in SIB1, and compare the value of the newly received SIB1 Whether the value of "ValueTag" is consistent with the value of "ValueTag" of the previous SIB1 is used to determine whether the content of the stored SIB has changed. If the terminal device determines that the value of the "ValueTag" of the newly received SIB1 is the same as the value of the previous "ValueTag" of SIB1, it is determined that the content of the SIB in SIB1 has not changed, and the terminal device does not need to reacquire the SIB; On the contrary, if the terminal device determines that the value of the "ValueTag" of the newly received SIB1 is different from the value of the previous "ValueTag" of SIB1, it is determined that the content of the SIB in SIB1 has changed, and the terminal device needs to obtain the value again. SIB.

Some concepts related to the embodiments of the present application are introduced as above, and the technical features of the embodiments of the present application are introduced below.

In the current network, when the MIB, SIB1 or OSI changes, the network device informs the terminal device of the system information change through paging, and the terminal device then reads MIB and SIB1 again, using the valueTag of each SIB in the OSI indicated in SIB1 To determine which SIB has changed, and then to obtain the corresponding SIB, however, the terminal device in the radio resource control (Radio resource control, RRC) connection state may work in the bandwidth part (Bandwidth part, BWP) that cannot receive paging. As a result, the network device cannot notify the terminal device of system information changes in time, and the terminal device cannot update the system information, causing the system information stored by the terminal device to be out of date, which affects the normal operation of the terminal device. One possible method is that when SIB1 or OSI changes, the network device sends the updated SIB1 to all connected terminal devices through dedicated signaling. However, the content of SIB1 is very large and the number of OSIs is large. Each OSI All changes trigger the sending of SIB1, which will greatly waste communication resources.

In view of this, the present application provides an OSI update method, which can reduce resource consumption and improve network resource utilization.

For ease of introduction, in the following, the method is executed by a network device and a terminal device as an example, that is, the first communication device is a terminal device and the second communication device is a network device as an example. The terminal device is in the RRC connected state, and on the active BWP currently working on the terminal device, there is no public search space configured to receive paging and/or system information.

The process description of this method is shown in Figure 26.

S2601. The network device sends first indication information to the terminal device, where the first indication information is used to indicate OSI update of other system information, the OSI includes at least one system information block SIB; the first indication information includes at least one SIB The content version valueTag.

OSI includes other information blocks except SIB1, including system information blocks such as SIB2 and SIB3. Among them, different SIBs carry different content and support different functions. For example, SIB2-SIB5 in NR is used to provide information related to cell reselection, SIB6-SIB8 is used to provide public warning information, and SIB9 is used to provide timing information. The terminal device selects and stores the corresponding SIB according to the required function. It should be noted that at least one valueTag of the OSI refers to at least one valueTag of the SIB in the OSI. The description of OSI in this case can refer to all SIBs except SIB1, or one SIB or multiple SIBs except SIB1. Here, the OSI includes SIB2-SIB9 as an example, but this case does not limit the number of SIBs included in the OSI.

In a possible implementation, the first indication information includes the valueTags corresponding to all SIBs in OSI, that is, the valueTags corresponding to SIB2-SIB9. It should be noted that some SIBs in SIB2-SIB9 need to be updated or all SIBs need to be updated here. need to be updated.

In a possible implementation manner, the first indication information includes valueTags corresponding to some SIBs in the OSI, for example, includes valueTags corresponding to SIB5 and SIB6. Here is an explanation of some SIBs in OSI. Some SIBs may be changed and need to be updated by terminal equipment. For example, SIB5 and SIB6 need to be updated here, and other SIBs except SIB5 and SIB6 do not need to be updated; or some SIBs are targeted at Sent by the terminal device, that is, the terminal device only needs SIB5 and SIB6, and does not need other SIBs. In this implementation manner, the first indication information may further include identification information of the part of the SIB.

As for how the network device knows that the terminal device only needs SIB5 and SIB6, it is beyond the scope of this case.

It should be noted that the first indication information may also be a bitmap to indicate OSI change information. For example, the bitmap has 8 bits, and the information of each bit corresponds to the change information of SIB2-SIB9. For example, the first digit indicates whether SIB2 has changed, the second digit indicates whether SIB3 has changed, and so on. Here, the bitmap information can be represented by 0 or 1. For example, 0 indicates that the system information block at the corresponding position has not changed, and 1 indicates that the system information block at the corresponding position has changed. When the bitmap information is 01111000, it means that SIB3, SIB4, SIB5, and SIB6 need to be updated.

The network device may send the first indication information through RRC dedicated signaling, or may send the first indication information in a broadcast manner.

S2602: The terminal device determines the SIB that needs to be updated.

The terminal device updates the stored SIB1 according to the first indication information, specifically, the valueTag of the SIB in the stored SIB1 is updated to the valueTag corresponding to the SIB in the first indication information.

The terminal device determines whether the SIB needs to be updated according to the valueTag of the OSI carried in the first indication information.

In a possible implementation manner, the first indication information includes the corresponding valueTags of all SIBs in the OSI, and the terminal device determines whether the stored valueTag of a certain SIB is consistent with the valueTag corresponding to the SIB in the first indication information. If they are inconsistent, the SIB needs to be updated. For example, the terminal device has stored SIB2 and its valueTag before receiving the first indication information, and the value of valueTag is X. If the first indication information indicates that the valueTag of SIB2 is Y, it means that SIB2 needs to be updated, and If the first indication information indicates that the valueTag of SIB2 is still X, it means that the content of SIB2 does not need to be updated.

In a possible implementation manner, the first indication information includes the valueTag corresponding to a part of the SIB in the OSI, and the terminal device compares the stored valueTag of the SIB with the corresponding valueTag of the SIB in the first indication information. If they are different , It means that the SIB needs to be updated. For example, the first indication information includes the valueTags of SIB4 and SIB5, and the terminal device has stored SIB4 before receiving the first indication information, so the terminal device needs to update SIB4. If the terminal device does not store SIB4 and SIB5 before receiving the first indication information, the terminal device does not need to be updated.

S2603: Send a request message to the network device, where the request message is used to request the SIB that needs to be updated

After determining the SIB that needs to be updated, the terminal device may request the SIB from the network device, or obtain the updated SIB from other channels, and there is no limitation in this case.

After obtaining the updated SIB, the terminal device stores the updated SIB and the valueTag corresponding to the SIB in the first indication information together.

It should be noted that if the first indication information is a bitmap representing OSI change information, the terminal device determines whether the previously stored SIB needs to be updated according to the bitmap. For example, the bitmap is 8 bits, and the information of each bit is the same as SIB2. -SIB9 change information correspondence. For example, the first digit indicates whether SIB2 has changed, the second digit indicates whether SIB3 has changed, and so on. Here, the bitmap information can be represented by 0 or 1. For example, 0 indicates that the system information block at the corresponding position has not changed, and 1 indicates that the system information block at the corresponding position has changed. For example, the bitmap information is 01111000, and the terminal device stores SIB3 and SIB4 before receiving the first indication information. At this time, the terminal device needs to update SIB3 and SIB4. After determining the SIB that needs to be updated, the terminal device may request the network device for the SIB that needs to be updated.

It should be understood that, in this embodiment of the application, the processor may be a central processing unit (central processing unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processors, DSP), and dedicated integration Circuit (application specific integrated circuit, ASIC), ready-made programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.

It should also be understood that the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), and synchronous dynamic random access memory (DRAM). Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Take memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

The foregoing embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination. When implemented by software, the above-mentioned embodiments may be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on the computer, the processes or functions according to the embodiments of the present application are generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instruction may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instruction may be transmitted from a website, a computer, a server, or a data center through a cable (For example, infrared, wireless, microwave, etc.) to transmit to another website, computer, server or data center. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center that includes one or more sets of available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium. The semiconductor medium may be a solid state drive.

An embodiment of the present application also provides a communication system, which includes: the above-mentioned terminal device and the above-mentioned network device.

The embodiment of the present application also provides a computer-readable medium for storing computer program code, and the computer program includes instructions for executing the data security processing method of the foregoing method 200 to method 400 in the embodiment of the present application. The readable medium may be a read-only memory (ROM) or a random access memory (RAM), which is not limited in the embodiment of the present application.

This application also provides a computer program product. The computer program product includes instructions. When the instructions are executed, the terminal device and the network device respectively perform the operations of the first device and the second device corresponding to the foregoing method.

An embodiment of the present application also provides a system chip, which includes a processing unit and a communication unit. The processing unit may be, for example, a processor, and the communication unit may be, for example, an input/output interface, a pin, or a circuit. The processing unit can execute computer instructions so that the chip in the communication device executes any of the methods for data security processing provided in the foregoing embodiments of the present application.

Optionally, any communication device provided in the foregoing embodiments of the present application may include the system chip.

Optionally, the computer instructions are stored in a storage unit.

Optionally, the storage unit is a storage unit in the chip, such as a register, a cache, etc., and the storage unit can also be a storage unit in the terminal located outside the chip, such as a ROM or other storage units that can store static information and instructions. Types of static storage devices, RAM, etc. Wherein, the processor mentioned in any one of the above can be a CPU, a microprocessor, an ASIC, or one or more integrated circuits used to control the program execution of the above-mentioned data security processing method. The processing unit and the storage unit can be decoupled, respectively set on different physical devices, and connected in a wired or wireless manner to realize the respective functions of the processing unit and the storage unit, so as to support the system chip to implement the above-mentioned embodiments Various functions in. Alternatively, the processing unit and the memory may also be coupled to the same device.

It can be understood that the memory in the embodiments of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), and synchronous dynamic random access memory (DRAM). Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Take memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

The terms "system" and "network" in this article are often used interchangeably in this article. The term "and/or" in this article is only an association relationship describing the associated objects, which means that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, exist alone B these three situations. In addition, the character "/" in this text generally indicates that the associated objects before and after are in an "or" relationship.

The terms "uplink" and "downlink" appearing in this application are used to describe the direction of data/information transmission in a specific scenario. For example, the "uplink" direction generally refers to the direction or distribution of data/information from the terminal to the network side. The direction of transmission from the centralized unit to the centralized unit. The "downlink" direction generally refers to the direction in which data/information is transmitted from the network side to the terminal, or the direction in which the centralized unit transmits to the distributed unit. It can be understood that "uplink" and "downlink" "It is only used to describe the direction of data/information transmission, and the specific start and end equipment of the data/information transmission is not limited.

Various messages/information/equipment/network elements/systems/devices/actions/operations/processes/concepts and other objects that may appear in this application are given names. It is understandable that these specific names are not It constitutes a limitation on related objects. The assigned name can be changed according to factors such as the scene, context or usage habits. The understanding of the technical meaning of the technical terms in this application should mainly be based on the function embodied/performed in the technical solution And technical effects to determine.

A person of ordinary skill in the art may realize that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.

Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the system, device and unit described above can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the unit is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.

In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.

If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM), and random access.

The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (37)

1. A method for data security processing, which is characterized in that it includes:

   Determine a first transmission mode of the first data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission modes are Transmission methods using unicast and multicast;

   According to the first transmission mode, a secure processing mode for the first data is determined.
2. The method of claim 1, wherein:

   When the first transmission mode is a unicast transmission mode, the secure processing mode of the first data is the first secure processing; or

   When the first transmission mode is a multicast transmission mode, the secure processing mode of the first data is the second secure processing; or

   When the first transmission mode is unicast and multicast transmission, the secure processing mode of the first data is the first secure processing, the secure processing mode of the second data is the second secure processing, and the second data Is obtained by copying the first data.
3. The method of claim 2, wherein:

   The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

   The second security process is no security process.
4. The method of claim 2, wherein:

   The first security processing includes using a third parameter and/or a third algorithm to encrypt data and/or integrity protection;

   The second security process is no security process.
5. The method of claim 2, wherein:

   The first security process is no security process. The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection.
6. The method of claim 2, wherein:

   The first security process is no security process. The second security processing includes using a fourth parameter and/or a fourth algorithm to encrypt data and/or integrity protection.
7. The method of claim 2, wherein:

   The first security processing includes using a first parameter and/or a first algorithm to perform encryption and/or integrity protection on data, or the first security processing includes using a third parameter and/or a third algorithm to perform data encryption and/or integrity protection. Decryption and/or integrity verification;

   The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection, or the second security processing includes using a fourth parameter and/or a fourth algorithm to perform data encryption and/or integrity protection. Decryption and/or integrity verification;

   The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or,

   The third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.
8. The method according to any one of claims 3 to 7, wherein the first parameter includes a first secret key, and/or, the second parameter includes a second secret key; or,

   The third parameter includes a third secret key, and/or the fourth parameter includes a fourth secret key.
9. A method for data security processing, which is characterized in that it includes:

   Perform the first security processing on the first data;

   Performing second security processing on second data, where the second data is obtained by copying the first data;

   According to the first transmission mode of data, the first data after the first security process is sent, and/or the second data after the second security process is sent, the first transmission mode It is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode using unicast and multicast transmission.
10. The method according to claim 9, wherein the first data after the first security processing is sent according to the first data transmission mode, and/or the first data after the second security processing is sent The processed second data includes:

    When the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

    When the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

    When the first data transmission mode is unicast or multicast transmission, the first data after the first security processing and the second data after the second security processing are sent.
11. The method according to claim 9 or 10, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

    The second security process is no security process.
12. The method according to claim 9 or 10, wherein:

    The first safety processing is no safety processing;

    The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection.
13. The method according to claim 9 or 10, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

    The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection;

    The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.
14. The method according to any one of claims 9 to 13, characterized in that,

    The first parameter includes a first secret key, and/or the second parameter includes a second secret key.
15. A method for data security processing, which is characterized in that it includes:

    Perform the first security processing on the first data;

    Determine a first transmission mode of the first data after the first security processing, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast transmission mode and a multicast transmission mode , The unicast and multicast transmission modes are transmission modes that use unicast and multicast for transmission;

    When the first transmission mode is a unicast transmission mode, use the unicast transmission mode to send the first data after the first security processing;

    When the first transmission mode is a multicast transmission mode, use the multicast transmission mode to send the first data after the first security processing;

    When the first transmission mode is unicast and multicast transmission, the unicast transmission mode is used to send the first data after the first security processing, and the multicast transmission mode is used to send the third data The third data is obtained by copying the first data after the first security processing.
16. The method of claim 15, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection; or,

    The first security process is no security process.
17. The method of claim 16, wherein:

    The first parameter includes a first secret key.
18. A communication device, characterized in that it comprises:

    The processing unit is configured to determine a first transmission mode of the first data, where the first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and The multicast transmission method is a transmission method that uses unicast and multicast transmission;

    The processing unit is further configured to determine a safe processing method for the first data according to the first transmission method.
19. The device of claim 18, wherein:

    When the first transmission method is a unicast transmission method, the processing unit determines that the secure processing method of the first data is the first secure processing; or

    When the first transmission mode is a multicast transmission mode, the processing unit determines that the secure processing mode of the first data is the second secure processing; or

    When the first transmission mode is unicast or multicast transmission, the processing unit determines that the secure processing mode of the first data is the first secure processing, and the secure processing mode of the second data is the second secure processing, The second data is obtained by copying the first data.
20. The device of claim 19, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

    The second security process is no security process.
21. The device of claim 19, wherein:

    The first security processing includes using a third parameter and/or a third algorithm to encrypt data and/or integrity protection;

    The second security process is no security process.
22. The method of claim 19, wherein:

    The first security process is no security process. The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection.
23. The device of claim 19, wherein:

    The first security process is no security process. The second security processing includes using a fourth parameter and/or a fourth algorithm to encrypt data and/or integrity protection.
24. The device of claim 19, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to perform encryption and/or integrity protection on data, or the first security processing includes using a third parameter and/or a third algorithm to perform data encryption and/or integrity protection. Decryption and/or integrity verification;

    The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection, or the second security processing includes using a fourth parameter and/or a fourth algorithm to perform data encryption and/or integrity protection. Decryption and/or integrity verification;

    The first parameter and the second parameter are the same or different, the first algorithm and the second algorithm are the same or different, or,

    The third parameter and the fourth parameter are the same or different, and the third algorithm and the fourth algorithm are the same or different.
25. The device according to any one of claims 20 to 24, wherein the first parameter comprises a first secret key, and/or the second parameter comprises a second secret key; or,

    The third parameter includes a third secret key, and/or the fourth parameter includes a fourth secret key.
26. A communication device, characterized in that it comprises:

    The processing unit is configured to perform first security processing on the first data;

    The processing unit is further configured to perform second security processing on second data, where the second data is obtained by copying the first data;

    The transceiver unit is configured to send the first data after the first security processing according to the first data transmission mode, and/or send the second data after the second security processing, so The first transmission mode is at least one of a unicast transmission mode, a multicast transmission mode, or a unicast and multicast transmission mode, and the unicast and multicast transmission mode is a transmission mode using unicast and multicast transmission .
27. The device according to claim 26, wherein the transceiver unit is further configured to;

    When the first transmission mode is a unicast transmission mode, sending the first data after the first security processing;

    When the first transmission mode is a multicast transmission mode, sending the second data after the second security processing;

    When the first data transmission mode is unicast or multicast transmission, the first data after the first security processing and the second data after the second security processing are sent.
28. The device according to claim 26 or 27, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

    The second security process is no security process.
29. The device according to claim 26 or 27, wherein:

    The first safety processing is no safety processing;

    The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection.
30. The device according to claim 26 or 27, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection;

    The second security processing includes using a second parameter and/or a second algorithm to encrypt data and/or integrity protection;

    The first parameter and the second parameter are the same or different, and the first algorithm and the second algorithm are the same or different.
31. The device according to any one of claims 26 to 30, characterized in that:

    The first parameter includes a first secret key, and/or the second parameter includes a second secret key.
32. A communication device, characterized in that it comprises:

    The processing unit is configured to perform first security processing on the first data;

    The processing unit is further configured to determine a first transmission mode of the first data after the first security processing, where the first transmission mode is a unicast transmission mode, a multicast transmission mode, or unicast and At least one of the multicast transmission modes, where the unicast and multicast transmission modes are transmission modes that use unicast and multicast for transmission;

    A transceiving unit, configured to use the unicast transmission mode to send the first data after the first security processing when the first transmission mode is a unicast transmission mode;

    The transceiving unit is further configured to use the multicast transmission mode to send the first data after the first security processing when the first transmission mode is a multicast transmission mode;

    The transceiving unit is further configured to use the unicast transmission mode to send the first data after the first security processing when the first transmission mode is unicast and multicast transmission mode, and use the The third data is sent in a multicast transmission mode, and the third data is obtained by copying the first data after the first security processing.
33. The device of claim 32, wherein:

    The first security processing includes using a first parameter and/or a first algorithm to encrypt data and/or integrity protection; or,

    The first security process is no security process.
34. The device of claim 33, wherein:

    The first parameter includes a first secret key.
35. A communication device, characterized in that the device includes at least one processor, and the at least one processor is coupled with at least one memory:

    The at least one processor is configured to execute a computer program or instruction stored in the at least one memory, so that the device executes any one of claims 1-8, 9-14, or 15-17 method.
36. A computer-readable storage medium, characterized in that, a computer program or instruction is stored in the computer-readable storage medium, and when the computer reads and executes the computer program or instruction, the computer executes as claimed in claims 1-8. , The method of any one of 9-14 or 15-17.
37. A chip, characterized by comprising: a processor, used to call and run a computer program from a memory, so that a communication device installed with the chip can execute any one of claims 1-8, 9-14, or 15-17 The method described in one item.

Images