WO2021114283A1 - 通信方法、装置及系统 - Google Patents

通信方法、装置及系统 Download PDF

Info

Publication number
WO2021114283A1
WO2021114283A1 PCT/CN2019/125373 CN2019125373W WO2021114283A1 WO 2021114283 A1 WO2021114283 A1 WO 2021114283A1 CN 2019125373 W CN2019125373 W CN 2019125373W WO 2021114283 A1 WO2021114283 A1 WO 2021114283A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
iab
message
indication information
key
Prior art date
Application number
PCT/CN2019/125373
Other languages
English (en)
French (fr)
Inventor
郭龙华
李�赫
吴�荣
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP19955938.6A priority Critical patent/EP4064748A4/en
Priority to CN201980102740.7A priority patent/CN114762372A/zh
Priority to PCT/CN2019/125373 priority patent/WO2021114283A1/zh
Publication of WO2021114283A1 publication Critical patent/WO2021114283A1/zh
Priority to US17/837,476 priority patent/US20220303763A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/02Communication route or path selection, e.g. power-based or shortest path routing
    • H04W40/22Communication route or path selection, e.g. power-based or shortest path routing using selective relaying for reaching a BTS [Base Transceiver Station] or an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • H04W84/047Public Land Mobile systems, e.g. cellular systems using dedicated repeater stations
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • This application relates to the field of communication technology, and in particular to communication methods, devices and systems.
  • the fifth generation (5G) new radio proposes the integration of access and backhaul ( integrated access backhaul, IAB) technology.
  • IAB-donor nodes There are two types of nodes in the IAB architecture: IAB-donor nodes and IAB-nodes.
  • the role and function of the IAB host node is similar to that of a traditional base station. It provides a terminal device interface to the core network (core net, CN) and supports the wireless backhaul (wireless backhaul) function of the IAB node.
  • the IAB node supports wireless access of terminal equipment and wireless backhaul of data.
  • This application provides a communication method, device, and system to ensure the security of data transmission between IAB nodes, thereby improving communication quality.
  • the present application provides a communication method, including: a first node receives a first message from a second node, the first message includes first indication information, the first message is not protected by security, and the first message
  • the first node and the second node are both access backhaul integrated IAB nodes; the first node sends a second message to the IAB host node, and the second message is used to indicate that the first node has received the First indication information, the second message is under security protection; the first node receives a third message from the IAB host node, the third message includes second indication information, and the second indication information is used to indicate Whether the first indication information is credible, and the third message is protected by security.
  • the first node can verify to the IAB host node whether the first indication information is credible, so that the first node can follow the IAB
  • the verification result of the host node is used to perform subsequent operations. For example, when the first node confirms that the first indication information is credible, it performs a corresponding operation according to the first indication information, otherwise it does not perform a corresponding operation, thereby eliminating security risks in the communication process and helping to improve communication quality.
  • the first message further includes an identifier of a third node, the first indication information is used to indicate that a signal transmission abnormality occurs in the third node, and the third node is an IAB node;
  • the second message further includes the identifier of the third node; the second message is used to indicate that the first node has received the first indication information, and includes: the second message is used to indicate the first A node receives the first indication information from the third node.
  • the identifier of the third node is the address of the third node or the identifier of the first path corresponding to the third node, and the first path is an abnormal signal transmission Path, the first path includes the third node.
  • the second message is used to indicate that the first node has received the first indication information, including: the second message includes third indication information, and the third indication information It is used to indicate that the first node has received the first indication information.
  • the first message is an Internet Protocol IP layer message, an Adapt layer message, a radio link control RLC message, a medium access control MAC message, or a physical PHY layer message.
  • the second message is an F1 Application Protocol F1AP layer message, a Stream Control Transmission Protocol SCTP layer message, or an Internet Security Protocol IPsec layer message
  • the third message is an F1AP layer message, an SCTP layer message, or an IPsec layer message.
  • the present application provides a communication method, including: an IAB host node receives a second message from a first node, the second message is used to indicate that the first node has received the first indication information, and the second The message is protected by security, the first node is an IAB node; the IAB host node determines whether the first indication information is credible; the IAB host node sends a third message to the first node, and the third The message includes second indication information, the second indication information is used to indicate whether the first indication information is credible, and the third message is protected by security.
  • the first node can verify to the IAB host node whether the first indication information is credible, so that the first node can follow the IAB
  • the verification result of the host node is used to perform subsequent operations. For example, when the first node confirms that the first indication information is credible, it performs a corresponding operation according to the first indication information, otherwise it does not perform a corresponding operation, which can eliminate security risks in the communication process and help improve communication quality.
  • the second message further includes an identifier of a third node, and the identifier of the third node is the address of the third node or the path of the first path corresponding to the third node.
  • Identification the first path is a path where abnormal signal transmission occurs, and the first path includes the third node; the second message is used to indicate that the first node has received the first indication information, including: The second message is used to indicate that the first node has received the first indication information from the third node.
  • judging by the IAB host node whether the first indication information is credible includes:
  • the IAB host node determines that a signal transmission abnormality occurs on the first path, and determines that the first indication information is credible.
  • the IAB host node receives fourth indication information from the third node, where the fourth indication information is used to indicate that a signal transmission abnormality occurs on the first path.
  • the second message is used to indicate that the first node has received the first indication information, including: the second message includes third indication information, and the third indication information It is used to indicate that the first node has received the first indication information.
  • the present application provides a communication method, including: an IAB host node receives a first message from a first node, the first message includes first indication information, the first message is protected by security, and the first message The node is an IAB node; the IAB host node determines a second node according to the first indication information, and the second node is an IAB node; the IAB host node sends a second message to the second node, the The second message includes second indication information, the second message is protected by security, and the second indication information corresponds to the first indication information.
  • the IAB node sends the first indication information to the IAB host node through the first message protected by security, and then the IAB host node obtains the second indication information according to the first indication information, and passes the second indication information protected by the security.
  • the message sends the second indication information to other IAB nodes.
  • This process uses the IAB host node as a bridge for information transmission between the two IAB nodes, which can realize the security protection of the information transmitted between the IAB nodes, thereby eliminating the communication process.
  • the potential safety hazards can help improve the quality of communication.
  • the first message further includes information about a first path, and the first indication information is used to indicate that a signal transmission abnormality occurs in the first path, and the first path includes the first path.
  • a node; the IAB host node determines the second node according to the first indication information, including: the IAB host node determines according to the first indication information, network topology information, and information about the first path.
  • the second node in the network topology that is affected by the abnormal signal transmission, the information of the network topology includes an IAB host node and the connection relationship between at least two IAB nodes, and the network topology includes the first path.
  • the first path further includes a third node, and the information of the first path includes the address of the third node and the address of the first node; or, the first node
  • the path information includes the identifier of the first path.
  • the present application provides a communication method, including: a first node receives a first derivation parameter from an IAB host node, where the first derivation parameter includes one or more of the following: C-RNTI of the first node , The DU identifier of the second node, the DU name of the second node, the first node is an IAB node, the second node is an IAB node connected to the first node, and the first node passes all The second node accesses the IAB host node; the first node derives the shared key between the first node and the second node according to the root key and the first derivation parameter, and the shared key The key is used to encrypt the information transmitted between the first node and the second node.
  • the first derivation parameter includes one or more of the following: C-RNTI of the first node , The DU identifier of the second node, the DU name of the second node, the first node is an IAB node, the second node is an
  • the shared key is used between the two IAB nodes to encrypt the transmitted information, which can eliminate security risks in the communication process and help improve communication quality.
  • the root key is a key of the granularity of an IAB node, or a key of the granularity of an IAB host node, or a key of the granularity of the access and mobility management function AMF.
  • the first node receives first indication information from the IAB host node, and the first indication information is used to instruct to delete the communication between the first node and the second node.
  • the shared key the first node deletes the shared key according to the first indication information.
  • the first node after the first node receives the connection reconfiguration message from the IAB host node, deletes the shared key between the first node and the second node, The connection reconfiguration message is used to instruct the first node to establish a connection with a third node, and the third node is different from the second node; or, the first node reports to the IAB host node
  • the connection reconfiguration complete message is sent, the shared key between the first node and the second node is deleted, and the connection reconfiguration complete message is used to instruct the first node to complete the establishment and the second node.
  • the connection between the three nodes after the connection reconfiguration complete message is sent, the shared key between the first node and the second node is deleted, and the connection reconfiguration complete message is used to instruct the first node to complete the establishment and the second node.
  • the present application provides a communication method, including: an IAB donor node determines a first derivation parameter, where the first derivation parameter includes one or more of the following: the cell radio network temporary identifier C-RNTI of the first node, The DU identifier of the distributed unit of the second node, the DU name of the second node, the first node is an IAB node, the second node is an IAB node, and the second node is connected to the first node,
  • the first node accesses the IAB host node through the second node; the IAB host node sends the first derivation parameter to the first node, and the first derivation parameter is used to derive the A shared key between the first node and the second node, where the shared key is used to encrypt information transmitted between the first node and the second node.
  • the shared key is used between the two IAB nodes to encrypt the transmitted information, which can eliminate security risks in the communication process and help improve communication quality.
  • the IAB host node derives the shared key according to the root key and the first derivation parameter; the IAB host node sends the shared key to the second node; Alternatively, the IAB host node sends the first derivation parameter to the second node, where the first derivation parameter is used to derive the shared key; or, the IAB host node sends the second node Send an intermediate key and a second derivation parameter in the first derivation parameter, the intermediate key and the second derivation parameter are used to derive the shared key, and the intermediate key is based on the root A key and a third deduction parameter in the first deduction parameter, and the third deduction parameter is a deduction parameter in the first deduction parameter other than the second deduction parameter.
  • the root key is a key of the granularity of an IAB node, or a key of the granularity of an IAB host node, or a key of the granularity of the access and mobility management function AMF.
  • the present application provides a communication method, including: a first node receives a root key from an IAB host node, where the root key is a root key of the granularity of the IAB host node or the granularity of the access and mobility management function AMF ,
  • the first node is an IAB node; the first node derives the relationship between the first node and the second node based on the root key and the shared parameter between the first node and the second node
  • the shared key is used to encrypt information transmitted between the first node and the second node, and the first node is connected to the second node.
  • the shared key is used between the two IAB nodes to encrypt the transmitted information, which can eliminate security risks in the communication process and help improve communication quality.
  • the shared parameters include one or more of the following: backhaul adaptation protocol BAP layer parameters of the first node, BAP layer parameters of the second node, and the first node
  • BAP layer parameters of the second node controls the RLC layer shared parameters, and the shared parameters between the DU of the first node and the MT of the second node.
  • the first node deletes the root key after disconnecting from the IAB host node.
  • the present application provides a communication device, which may be an IAB node or a chip used for an IAB node.
  • the device has the function of implementing the foregoing first aspect, fourth aspect, sixth aspect, or each embodiment of the first aspect, or each embodiment of the fourth aspect, or each embodiment of the sixth aspect.
  • This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the present application provides a communication device, which may be an IAB host node or a chip for the IAB host node.
  • the device has the function of implementing the above-mentioned second aspect, third aspect, fifth aspect, or each embodiment of the second aspect, or each embodiment of the third aspect, or each embodiment of the fifth aspect.
  • This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions.
  • the present application provides a communication device including a processor and a memory; the memory is used to store computer execution instructions.
  • the processor executes the computer execution instructions stored in the memory to make the device Perform the method as described in the first aspect to the sixth aspect or the embodiments of the first aspect to the sixth aspect.
  • the present application provides a communication device, which includes units or means for performing the steps of the first aspect to the sixth aspect, or the first aspect to the sixth aspect of each embodiment.
  • the present application provides a communication device, including a processor and an interface circuit.
  • the processor is configured to communicate with other devices through the interface circuit and execute the first aspect to the sixth aspect, or the first aspect to the first aspect.
  • the processor includes one or more.
  • the present application provides a communication device, including a processor, configured to be connected to a memory, and used to call a program stored in the memory to execute the first aspect to the sixth aspect, or the first aspect to the first aspect.
  • the memory can be located inside the device or outside the device.
  • the processor includes one or more.
  • the present application also provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, which when run on a computer, causes the processor to execute the above-mentioned first to sixth aspects, Or the method described in each embodiment of the first aspect to the sixth aspect.
  • the present application also provides a computer program product including instructions, which when run on a computer, causes the computer to execute the embodiments of the first aspect to the sixth aspect, or the first aspect to the sixth aspect. The method described.
  • the present application also provides a chip system, including a processor, configured to execute the methods described in the first aspect to the sixth aspect, or the first aspect to the sixth aspect in each embodiment.
  • the present application also provides a communication system, including a first node for executing the first aspect or any embodiment of the first aspect, and a first node for executing the second aspect or any implementation of the second aspect.
  • the IAB host node of the example is a communication system, including a first node for executing the first aspect or any embodiment of the first aspect, and a first node for executing the second aspect or any implementation of the second aspect.
  • the present application also provides a communication system, including a first node configured to execute any one of the foregoing fourth aspect or the fourth aspect, and a first node configured to execute any one of the foregoing fifth aspect or the fifth aspect.
  • the IAB host node of the example includes a communication system, including a first node configured to execute any one of the foregoing fourth aspect or the fourth aspect, and a first node configured to execute any one of the foregoing fifth aspect or the fifth aspect.
  • this application also provides a communication method, including:
  • the first node receives a first message from a second node, the first message contains first indication information, the first message is not protected by security, and the first node and the second node are both access backhauls Integrated IAB node;
  • the IAB host node sends a third message to the first node, where the third message includes second indication information, and the second indication information is used to indicate whether the first indication information is credible, and the third The message is protected by security;
  • the first node receives the third message from the IAB host node.
  • this application also provides a communication method, including:
  • the IAB donor node determines a first deduction parameter, and the first deduction parameter includes one or more of the following: the cell radio network temporary identifier C-RNTI of the first node, the distributed unit DU identifier of the second node, and the second The DU name of the node, the first node is an IAB node, the second node is an IAB node, the second node is connected to the first node, and the first node accesses the office through the second node
  • the IAB host node the cell radio network temporary identifier C-RNTI of the first node, the distributed unit DU identifier of the second node, and the second The DU name of the node, the first node is an IAB node, the second node is an IAB node, the second node is connected to the first node, and the first node accesses the office through the second node
  • the IAB host node
  • the IAB host node sends the first derivation parameter to the first node, where the first derivation parameter is used to derive the shared key between the first node and the second node, and the shared key The key is used to encrypt the information transmitted between the first node and the second node;
  • the first node receives the first derivation parameter from the IAB host node
  • the first node derives the shared key between the first node and the second node according to the root key and the first derivation parameter.
  • Figure 1A is a schematic diagram of a 5G network architecture based on a service-oriented architecture
  • Figure 1B is a schematic diagram of a 5G network architecture based on a point-to-point interface
  • FIG. 2 is a schematic diagram of the IAB architecture
  • FIG. 3 is a schematic diagram of the startup process of an IAB node
  • Figure 4 is a schematic diagram of protocol stacks of related nodes in the IAB architecture
  • FIG. 5A is a schematic flowchart of a communication method provided by this application.
  • FIG. 5B is a schematic flowchart of another communication method provided by this application.
  • FIG. 6A is a schematic flowchart of another communication method provided by this application.
  • FIG. 6B is a schematic flowchart of another communication method provided by this application.
  • FIG. 7A is a schematic flowchart of another communication method provided by this application.
  • FIG. 7B is a schematic flowchart of another communication method provided by this application.
  • FIG. 8A is a schematic flowchart of another communication method provided by this application.
  • FIG. 8B is a schematic flowchart of another communication method provided by this application.
  • FIG. 9 is a schematic diagram of a communication device provided by this application.
  • FIG. 10 is a schematic diagram of another communication device provided by this application.
  • FIG. 11 is a schematic diagram of an IAB node provided by this application.
  • Fig. 12 is a schematic diagram of an IAB host node provided by this application.
  • FIG. 1A it is a schematic diagram of a 5G network architecture based on a service-oriented architecture.
  • the 5G network architecture shown in FIG. 1A may include three parts, namely a terminal equipment part, a data network (DN), and an operator network part.
  • DN data network
  • Operator network part The functions of some of the network elements are briefly introduced below.
  • the operator network may include one or more of the following network elements: Authentication Server Function (AUSF) network elements, network exposure function (NEF) network elements, policy control function (policy control) function, PCF) network element, unified data management (UDM) network element, unified database (Unified Data Repository, UDR), network storage function (Network Repository Function, NRF) network element, application function (AF) ) Network element, access and mobility management function (AMF) network element, session management function (SMF) network element, radio access network (RAN) and user plane function (user plane function, UPF) network elements, etc.
  • AUSF Authentication Server Function
  • NEF network exposure function
  • policy control policy control
  • PCF policy control function
  • UDM unified data management
  • UDR Unified Data Repository
  • NRF Network Repository Function
  • AMF access and mobility management function
  • SMS session management function
  • RAN radio access network
  • UPF user plane function
  • a terminal device is a device with wireless transceiver function. It can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; it can also be deployed on the water (such as ships, etc.); it can also be deployed in the air ( Such as airplanes, balloons and satellites etc.)
  • the terminal device may be a mobile phone (mobile phone), a tablet computer (pad), a computer with wireless transceiver function, a virtual reality (VR) terminal, an augmented reality (AR) terminal, an industrial control (industrial control) Wireless terminals in ), wireless terminals in self-driving, wireless terminals in remote medical, wireless terminals in smart grid, and wireless terminals in transportation safety , Wireless terminals in smart cities, wireless terminals in smart homes, user equipment (UE), etc.
  • the above-mentioned terminal device may establish a connection with the operator's network through an interface (such as N1, etc.) provided by the operator's network, and use services such as data and/or voice provided by the operator's network.
  • the terminal device can also access the DN through the operator's network, and use the operator's service deployed on the DN and/or the service provided by a third party.
  • the above-mentioned third party may be a service party other than the operator's network and terminal equipment, and may provide other services such as data and/or voice for the terminal equipment.
  • the specific form of expression of the above-mentioned third party can be determined according to the actual application scenario, and is not limited here.
  • RAN is a sub-network of an operator's network, and an implementation system between service nodes and terminal equipment in the operator's network.
  • the terminal device To access the operator's network, the terminal device first passes through the RAN, and then can be connected to the service node of the operator's network through the RAN.
  • RAN equipment is a type of equipment that provides wireless communication functions for terminal equipment.
  • RAN equipment is also called access network equipment.
  • RAN equipment includes, but is not limited to: next-generation base stations (gnodeB, gNB) in 5G, evolved node B (evolved node B, eNB), radio network controller (RNC), node B (node B, NB), base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (BBU) , Transmission point (transmitting and receiving point, TRP), transmitting point (transmitting point, TP), mobile switching center, etc.
  • next-generation base stations gnodeB, gNB
  • 5G evolved node B (evolved node B, eNB), radio network controller (RNC), node B (node B, NB), base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (BBU) , Transmission point (transmitting and
  • the AMF network element mainly performs functions such as mobility management and access authentication/authorization. In addition, it is also responsible for transferring user policies between UE and PCF.
  • the SMF network element mainly performs functions such as session management, execution of control policies issued by PCF, selection of UPF, and UE Internet Protocol (IP) address allocation.
  • functions such as session management, execution of control policies issued by PCF, selection of UPF, and UE Internet Protocol (IP) address allocation.
  • IP Internet Protocol
  • the UPF network element as the interface UPF with the data network, completes functions such as user plane data forwarding, session/stream-based billing statistics, and bandwidth limitation.
  • the UDM network element is mainly responsible for functions such as management of contract data and user access authorization.
  • UDR is mainly responsible for the access function of contract data, strategy data, application data and other types of data.
  • NEF network elements are mainly used to support the opening of capabilities and events.
  • the AF network element mainly conveys the requirements of the application side to the network side, for example, quality of service (QoS) requirements or user status event subscriptions.
  • QoS quality of service
  • the AF can be a third-party functional entity, or an application service deployed by an operator, such as an IP Multimedia Subsystem (IMS) voice call service.
  • IMS IP Multimedia Subsystem
  • the PCF network element is mainly responsible for policy control functions such as billing, QoS bandwidth guarantee and mobility management, and UE policy decision-making for the session and service flow levels.
  • the PCF connected to the AMF and the SMF corresponds to AM PCF (PCF for Access and Mobility Control) and SM PCF (PCF for Session Management), and may not be the same PCF entity in actual deployment scenarios.
  • the NRF network element can be used to provide the network element discovery function, and provide the network element information corresponding to the network element type based on the request of other network elements.
  • NRF also provides network element management services, such as network element registration, update, de-registration, and network element status subscription and push.
  • AUSF network element Mainly responsible for authenticating users to determine whether users or devices are allowed to access the network.
  • a DN is a network located outside the operator's network.
  • the operator's network can access multiple DNs.
  • a variety of services can be deployed on the DN to provide terminal equipment with services such as data and/or voice.
  • DN is the private network of a smart factory.
  • the sensors installed in the workshop of the smart factory can be terminal devices.
  • a control server for the sensors is deployed in the DN, and the control server can provide services for the sensors.
  • the sensor can communicate with the control server, obtain instructions from the control server, and transmit the collected sensor data to the control server according to the instructions.
  • the DN is the internal office network of a company.
  • the mobile phones or computers of the employees of the company can be terminal devices, and the mobile phones or computers of the employees can access the information and data resources on the internal office network of the company.
  • Nausf, Nnef, Npcf, Nudm, Naf, Namf, Nsmf, N1, N2, N3, N4, and N6 are interface serial numbers.
  • the meaning of these interface serial numbers can refer to the meaning defined in the 3GPP standard protocol, which is not limited here.
  • FIG. 1B it is a schematic diagram of a 5G network architecture based on a point-to-point interface.
  • FIG. 1A For the introduction of the functions of the network elements therein, reference may be made to the introduction of the functions of the corresponding network elements in FIG. 1A, which will not be repeated.
  • the main difference between Fig. 1B and Fig. 1A is that the interfaces between the various network elements in Fig. 1B are point-to-point interfaces, rather than service-oriented interfaces.
  • N7 The interface between PCF and SMF, which can be used to issue protocol data unit (protocol data unit, PDU) session granularity and service data flow granularity control strategy.
  • protocol data unit protocol data unit
  • PDU protocol data unit
  • N15 The interface between PCF and AMF, which can be used to issue UE policies and access control related policies.
  • N5 The interface between AF and PCF, which can be used for application service request issuance and network event reporting.
  • N4 The interface between SMF and UPF, which can be used to transfer information between the control plane and the user plane, including controlling the issuance of user-oriented forwarding rules, QoS control rules, traffic statistics rules, etc., and user-plane Information reported.
  • N11 The interface between SMF and AMF, which can be used to transfer PDU session tunnel information between RAN and UPF, transfer control messages sent to UE, and transfer radio resource control information sent to RAN.
  • N2 The interface between AMF and RAN, which can be used to transfer radio bearer control information from the core network side to the RAN.
  • N1 The interface between the AMF and the UE, which can be used to transfer QoS control rules to the UE.
  • N8 The interface between AMF and UDM, which can be used for AMF to obtain access and mobility management related subscription data and authentication data from UDM, and AMF to register UE current mobility management related information with UDM, etc.
  • N10 The interface between SMF and UDM, which can be used for SMF to obtain session management related subscription data from UDM, and SMF to register UE current session related information with UDM, etc.
  • N35 The interface between UDM and UDR, which can be used for UDM to obtain user subscription data information from UDR.
  • N36 The interface between the PCF and the UDR, which can be used for the PCF to obtain policy-related contract data and application data-related information from the UDR.
  • N12 The interface between AMF and AUSF, which can be used for AMF to initiate an authentication process to AUSF, where SUCI can be carried as a contract identifier;
  • N13 The interface between UDM and AUSF, which can be used for AUSF to obtain user authentication vector from UDM to execute the authentication process.
  • IAB technology In order to reduce the burden of cable transmission network construction and provide flexible and intensive NR deployment, 5G NR proposes IAB technology. As shown in Figure 2, it is a schematic diagram of the IAB architecture. It should be noted that the number of IAB nodes and the connection relationship between the IAB nodes shown in the figure are only examples, and the embodiments of the present application are not limited to this example.
  • the IAB donor node is an access type node. Its role and function are similar to that of a traditional base station. It provides UE interface to the core network (CN) (refer to the core network part shown in Figure 1A or Figure 1B) and supports Wireless backhaul function of IAB node.
  • the IAB host node includes a centralized unit (centralized unit, CU) part (also known as IAB host node-CU, or IAB-donor-CU), a distributed unit (DU) part (also known as IAB host node-DU, Or IAB-donor-DU) and other functions.
  • CU centralized unit
  • DU distributed unit
  • the IAB host node-CU includes a user plane (UP) and a control plane (CP).
  • the IAB node is also an access type node, supporting wireless access of the UE and wireless backhaul of data.
  • the IAB node includes a mobile terminal (MT) part and a DU part.
  • the MT has the mobile terminal function in the IAB node.
  • the MT communicates with the IAB host node or other IAB nodes through the NR Uu interface to help the IAB node perform network access authentication and establish communication security.
  • IAB node 1 in Fig. 2 is the parent node of IAB node 2
  • IAB node 2 is the child node of IAB node 1.
  • IAB node 2 is the parent node of IAB node 3
  • IAB node 3 is the child node of IAB node 2.
  • the link between the IAB host node and the IAB node and the link between two IAB nodes are called wireless backhaul links, and the link between the IAB node and the UE is called the wireless access link.
  • the connection relationship between the IAB node and the IAB host node is called topology information.
  • the IAB node and the IAB host node can communicate through the F1 interface. Two different IAB nodes can communicate through the Uu interface.
  • the IAB host node can connect to the core network through the NG interface. It should be noted that in a 5G network or other future networks, the various interfaces described above, such as F1 interface, Uu interface, etc., may have other names, which are not limited in the embodiment of the present application.
  • the UE in the IAB architecture may include parts such as Universal Integrated Circuit Card (UICC) and Mobile Equipment (ME).
  • UICC is mainly used to store user information, authentication keys, short messages, payment methods and other information.
  • An important logic module in the UICC is a Subscriber Identity Module (SIM) card, for example, it may be a physical hard SIM card. After the SIM card is put in the mobile device, it can complete registration, service request, session establishment and other services with the core network.
  • ME can complete functions such as sending and receiving and processing messages.
  • other keys in the security context can be deduced and calculated in the ME.
  • the UE performs two-way authentication with core network elements (such as AMF and AUSF), it will use long-term keys and related functions to verify the authenticity of the network.
  • core network elements such as AMF and AUSF
  • the startup process of the IAB node includes the following steps:
  • Step 301 The IAB node sends a registration request message to the AMF.
  • the registration request message includes: the identity information of the IAB node.
  • the identity information of the IAB node For example, Subscription Concealed Identifier (SUCI) or 5G-Globally Unique Temporary UE Identity (GUTI).
  • SUCI Subscription Concealed Identifier
  • GUI 5G-Globally Unique Temporary UE Identity
  • AMF integrates a security anchor function (SEAF).
  • SEAF security anchor function
  • Step 302 AMF sends message 1 to AUSF.
  • message 1 may include: SUCI/SUPI, and service network name (server network name, SN name).
  • the message 1 may be Nausf_UEAuthentication_Authenticate Request.
  • Step 303 AUSF sends message 2 to UDM.
  • the UDM integrates an authentication credential repository and a processing function (authentication credential repository and processing function, ARPF).
  • message 2 may include: SUCI/SUPI, and SN name.
  • the message 2 may be Nudm_UEAuthentication_Get Request.
  • Step 304 UDM queries whether the identifier in the message 2 is in the IAB list.
  • the IAB list is used to record the identities of one or more IAB nodes.
  • the identifier in message 2 is SUCI/SUPI.
  • UDM can determine that the communication device accessing the network is an IAB node. Otherwise, UDM determines that the communication device accessing the network is a normal UE.
  • Step 305 The IAB node performs master authentication with the network side.
  • Step 306 The AMF sends a non-access stratum (NAS) security mode command (SMC) message to the IAB node.
  • NAS non-access stratum
  • SMC security mode command
  • Step 307 The IAB node sends a NAS security mode complete (security mode complete, SMP) message to the AMF.
  • NAS security mode complete security mode complete, SMP
  • the NAS security context is established between the AMF and the IAB node.
  • Step 308 The AMF sends an initial context setup request (initial context setup request) to the IAB host node.
  • the initial context establishment request includes IAB authorization (authorized). IAB authorized is sent by UDM to AMF.
  • Step 309 The IAB host node sends an access stratum (AS) SMC message to the IAB node.
  • AS access stratum
  • Step 310 The IAB node sends an AS SMP message to the IAB host node.
  • step 309 and step 310 the AS security context is established between the IAB host node and the IAB node.
  • Step 311 The IAB node establishes a route with the IAB host node.
  • a secure tunnel is established between the IAB node and the IAB host node.
  • Step 312 the IAB node starts the DU.
  • the IAB node may provide transmission services for the UE or other IAB nodes.
  • startup process of the IAB node may also include other steps, which are not limited in the embodiment of the present application.
  • the IAB node can provide access services like a base station. From the perspective of the IAB host node, the IAB node is an extended DU. Therefore, the IAB node acts as a bridge and expands the signal coverage.
  • the protocol stacks of related nodes in the IAB architecture are described below. As shown in Figure 4, it is a schematic diagram of the protocol stacks of related nodes in the IAB architecture.
  • the security tunnel between the IAB node and the IAB host node may be an Internet protocol security (IPsec) tunnel, or another type of tunnel, and the embodiment of the present application is not limited thereto.
  • IPsec Internet protocol security
  • the process of UE receiving/sending data on the user plane involves the following nodes: UE, access IAB node, intermediate IAB node, IAB host node, and UPF.
  • the access IAB node is an IAB node used to provide access services to the UE.
  • the relay IAB node is an IAB node that provides a wireless backhaul function.
  • the relay IAB node is optional.
  • the UE's protocol stack may include: Radio Resource Control (RRC) layer, Packet Data Convergence Protocol (PDCP) layer, radio link control (RLC) Layer, media access control (MAC) layer, and physical layer (PHY layer).
  • RRC Radio Resource Control
  • PDCP Packet Data Convergence Protocol
  • RLC radio link control
  • MAC media access control
  • PHY physical layer
  • the protocol stack of the DU accessing the IAB node may include: an RLC layer, a MAC layer, and a PHY layer.
  • the protocol stack of the MT connected to the IAB node may include: F1 application protocol (F1 application protocol, F1AP) layer, stream control transmission protocol (Stream Control Transmission Protocol, SCTP) layer, IPsec layer, IP layer, and adaptation (Adapt) layer , RLC layer, MAC layer, and PHY layer.
  • F1 application protocol F1 application protocol, F1AP
  • stream control transmission protocol Stream Control Transmission Protocol, SCTP
  • IPsec IPsec layer
  • IP layer IP layer
  • Adapt adaptation layer
  • RLC layer MAC layer
  • PHY layer PHY layer
  • the adaptation layer is also called the Backhaul Adaptation Protocol (BAP) layer.
  • the protocol stack of the DU relaying the IAB node may include: an IP layer, an Adapt layer, an RLC layer, a MAC layer, and a PHY layer.
  • the protocol stack of the MT relaying the IAB node may include: an IP layer, an Adapt layer, an RLC layer, a MAC layer, and a PHY layer.
  • the protocol stack of the IAB host node DU may include: IP layer, Adapt layer, RLC layer, MAC layer, and PHY layer.
  • the protocol stack of the IAB host node CU may include: RRC layer, PDCP layer, F1AP layer, SCTP layer, IPsec layer, and IP layer.
  • the interface between the IAB node and the IAB host node is called the F1 interface
  • the communication payload between the IAB node and the IAB host node is processed by the F1AP layer
  • the embodiment of the application also effectively communicates between the IAB node and the IAB host node
  • the messages loaded at the F1AP layer are collectively referred to as F1 messages.
  • the IAB node when an IAB node is directly connected to the IAB host node, the IAB node can communicate through the wireless backhaul link between the IAB node and the IAB host node.
  • the IAB node 1 receives the F1 message from the IAB host node, or the IAB node 1 sends the F1 message to the IAB host node.
  • the IAB node can communicate with other IAB nodes between the IAB node and the IAB host node. For example, referring to Figure 2, when the IAB host node needs to send an F1 message to the IAB node 3, it can forward the F1 message through the IAB node 1 and IAB node 2, that is, the F1 message sent by the IAB host node, passing through the IAB node 1, IAB node 2. Transit and arrive at IAB node 3.
  • the IAB node 3 when the IAB node 3 needs to send the F1 message to the IAB host node, it can forward the F1 message through the IAB node 2 and IAB node 1, that is, the F1 message sent by the IAB host node, through the relay of IAB node 2 and IAB node 1, to arrive IAB host node.
  • an IPsec tunnel is established on the IPsec layer between the IAB node and the IAB host node to securely transmit data, that is, the message transmitted between the IAB node and the IAB host node through the F1AP layer is protected by IPSec security, that is, integrity and Encryption protection. Therefore, the communication between the IAB node and the IAB host node is safe and reliable, and the security-protected part of the transmission message will not be tampered with or parsed by the attacker, that is, the F1 message is securely protected.
  • Messages are transferred between two IAB nodes through the IP layer, Adapt layer, RLC layer, MAC layer, and PHY layer. Because the corresponding IP layer, Adapt layer, RLC layer, MAC layer, and PHY layer have not established a secure tunnel (such as an IPsec tunnel) ), therefore, the communication between the two IAB nodes is unreliable, and the transmitted message may be subject to security attacks (such as being intercepted and tampered with the data carried in the message), that is, the message transmitted between the two IAB nodes It is not protected by security.
  • a secure tunnel such as an IPsec tunnel
  • the messages transmitted by two IAB nodes may be unreliable.
  • the IAB node cannot determine whether the information carried in the message is credible, such as Whether the information has been tampered with by an attacker, which affects the communication quality.
  • a communication method provided by an embodiment of this application is implemented on the IAB node side and can be executed by the IAB node or components (such as chips, circuits, etc.) used for the IAB node; on the IAB host node side , Can be executed by the IAB host node or components used in the IAB host node (such as chips, circuits, etc.).
  • the following takes the IAB node and the IAB host node to execute the method as an example for description.
  • the method includes the following steps:
  • Step 501a The second node sends a first message to the first node.
  • the first node can receive the first message.
  • Both the first node and the second node are IAB nodes.
  • the first message contains the first indication information.
  • the first message is not protected by security, such as the aforementioned IPsec security protection or other security protection. Therefore, whether the first indication information carried in the first message is credible remains to be confirmed .
  • the first message may be an IP layer message, an Adapt layer message (also referred to as a BAP layer message), an RLC layer message, a MAC layer message, or a PHY layer message.
  • Step 502a The first node sends a second message to the IAB host node.
  • the IAB host node can receive the second message.
  • the first node may be an IAB node that is directly connected to the IAB host node, or may be an IAB node that is not directly connected to the IAB host node.
  • the second node is IAB node 1
  • the first node is IAB node 2 or IAB node 5.
  • the second node is IAB node 2
  • the first node is IAB node 1 or IAB node 3.
  • the second node is IAB node 3
  • the first node is IAB node 2 or IAB node 4.
  • the first node may send the second message to the IAB host node through the wireless backhaul link between the first node and the IAB host node.
  • the first node may send the second message to the IAB host node through other IAB nodes between the first node and the IAB host node. For example, when the first node is the IAB node 2, the IAB node 2 may send the second message to the IAB host node through the IAB node 1, and at this time, the IAB node 1 transparently transmits the second message.
  • the second message is used to indicate that the first node has received the above-mentioned first indication information, and the second message is protected by security, for example, by the aforementioned IPsec security protection or other security protection.
  • the second message may be an F1 message.
  • the second message is used to indicate that the first node has received the foregoing first indication information.
  • the implementation methods include but are not limited to:
  • the second message may be a special message, such as a special F1 message, and the IAB host node can recognize that the second message is used to indicate that the first node has received the first indication information. That is, the name of the second message may be used to indicate that the first node has received the above-mentioned first indication information.
  • Method 2 The second message includes third indication information, and the third indication information is used to indicate that the first node has received the first indication information.
  • Step 503a The IAB host node judges whether the first indication information is credible.
  • the embodiment of the present application does not limit the method for the IAB host node to determine whether the first indication information is credible, and different methods can be used in combination with different application scenarios.
  • the first indication information is used to indicate that a certain IAB node in the IAB network topology is congested, and the IAB host node can comprehensively determine whether the IAB node indicated by the first indication information is indeed congested based on the information reported by other IAB nodes. , And then determine whether the first indication information is credible.
  • the first indication information is used to indicate that a signal transmission interruption occurs between a certain IAB node in the IAB network topology and the child IAB node of the IAB node, then the IAB host node can comprehensively determine the information according to the information reported by other IAB nodes. Whether a signal transmission interruption does occur between the two IAB nodes indicated by the first indication information, so as to determine whether the first indication information is credible.
  • Step 504a the IAB host node sends a third message to the first node.
  • the first node can receive the third message.
  • the IAB host node may send the third message to the first node through the wireless backhaul link between the first node and the IAB host node.
  • the IAB host node may send the third message to the first node through other IAB nodes between the first node and the IAB host node. For example, when the first node is the IAB node 2, the IAB host node may send the third message to the IAB node 2 through the IAB node 1, and at this time, the IAB node 1 transparently transmits the third message.
  • the third message includes second indication information, the second indication information is used to indicate whether the first indication information is credible, and the third message is protected by security, such as IPsec security protection described above or other security protections.
  • the third message may be an F1 message.
  • the second indication information is used to indicate that the first indication information is credible.
  • the second indication information is used to indicate that the first indication information is not credible.
  • the second indication information may be 1-bit information, "0" is used to indicate that the first indication information is not credible, and "1" is used to indicate that the first indication information is credible; or "0" is used to indicate that the above The first indication information is credible, and "1" is used to indicate that the above-mentioned first indication information is not credible.
  • the first node can verify to the IAB host node whether the first indication information is credible, so that the first node can follow the IAB
  • the verification result of the host node is used to perform subsequent operations. For example, when the first node confirms that the first indication information is credible, it performs a corresponding operation according to the first indication information, otherwise it does not perform a corresponding operation, thereby eliminating security risks in the communication process and helping to improve communication quality.
  • the following takes an example of abnormal signal transmission between IAB node 2 (parent node) and IAB node 3 (child node) in FIG. 2 for description.
  • FIG. 5B it is a schematic flowchart of another communication method provided by this application. The method includes the following steps:
  • step 501b both the IAB node 2 and the IAB node 3 detect that the signal transmission between the IAB node 2 and the IAB node 3 is abnormal.
  • step 502b the IAB node 3 sends a BAP message to the IAB node 4, and the BAP message includes a signal transmission abnormality indication.
  • the signal transmission abnormality indication here is an example of the first indication information in the embodiment corresponding to FIG. 5A, and the signal transmission abnormality indication is used to indicate that the IAB node 3 has a signal transmission abnormality.
  • the BAP message is the first message in the embodiment corresponding to FIG. 5A and is not protected by security.
  • step 503b the IAB node 2 sends an F1 message to the IAB host node.
  • the F1 message contains a signal transmission abnormality indication, and the signal transmission abnormality indication is used to indicate that the IAB node 2 has a signal transmission abnormality.
  • the F1 message includes the identifier of the IAB node 2.
  • the identifier of the IAB node 2 may be, for example, the BAP address (BAP address) of the IAB node 2, or the BAP path ID (BAP path ID) between the IAB node 2 and the IAB node 3.
  • the F1 message is protected by security.
  • step 504b the IAB node 3 sends an F1 message to the IAB host node.
  • step 504b is an optional step. For example, when step 503b carries the identifier of the BAP path between IAB node 2 and IAB node 3, step 504b may not be executed.
  • the F1 message contains a signal transmission abnormality indication, and the signal transmission abnormality indication is used to indicate that the IAB node 3 has a signal transmission abnormality.
  • the F1 message includes the identifier of the IAB node 3.
  • the identifier of the IAB node 3 may be, for example, the BAP address of the IAB node 3, or the identifier of the BAP path between the IAB node 2 and the IAB node 3.
  • the F1 message is protected by security.
  • the IAB host node determines that an abnormal signal transmission occurs between the IAB node 2 and the IAB node 3 through the F1 message in step 503b and/or the F1 message in step 504b.
  • step 502b does not limit the execution sequence among the foregoing step 502b, step 503b, and step 504b.
  • the IAB node 4 interrupts the uplink data transmission and performs uplink data recovery.
  • the uplink data transmission recovery here means that after an abnormal signal transmission occurs between the IAB node 2 and the IAB node 3, the IAB node 4 continues to send data to the IAB node 3 but did not successfully send the data, it needs to be restored again, and the transmission channel is restored. After that, the recovered data needs to be sent to the IAB node 3 again.
  • step 505b the IAB node 4 sends an F1 message to the IAB host node.
  • the IAB host node can receive the F1 message.
  • the F1 message is protected by security.
  • the F1 message is the second message of the embodiment corresponding to FIG. 5A.
  • the above F1 message is a special message.
  • the F1 message carries the identifier of the IAB node 3 and is used to indicate that the signal transmission abnormality indication from the IAB node 3 is received. Therefore, when the IAB host node receives the F1 message, it can be recognized that the F1 message is used to instruct the IAB node 3 to send a signal transmission abnormal indication to the IAB node 4 through the name of the F1 message and the identifier of the IAB node 3 carried. . Further, the IAB host node will confirm whether the IAB node 3 actually has a signal transmission abnormality.
  • the above F1 message may also be an existing F1 message.
  • the F1 message carries the identifier and indication information of the IAB node 3.
  • the indication information is used to indicate that the signal transmission abnormality indication from the IAB node 3 is received. . Therefore, after the IAB host node receives the F1 message, it can be determined that the IAB node 3 has sent an abnormal signal transmission indication to the IAB node 4 through the indication information carried in the F1 message and the identifier of the IAB node 3. Further, the IAB host node will confirm whether the IAB node 3 actually has a signal transmission abnormality.
  • the identifier of the IAB node 3 may be, for example, the BAP address of the IAB node 3, or the identifier of the BAP path between the IAB node 2 and the IAB node 3.
  • the IAB node 4 starts the timer after sending the F1 message to the IAB host node. If before the timer expires, the IAB node 4 receives the F1 message sent by the IAB host node that carries indication information (the indication information is used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible), then the IAB node 4 It is determined that the IAB node 3 has a signal transmission abnormality, that is, the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible.
  • the IAB node 4 determines that no signal transmission abnormality has occurred in the IAB node 3, that is, the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is unreliable.
  • the IAB node 4 receives the F1 message sent by the IAB host node that carries indication information (the indication information is used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is not credible), then The IAB node 4 determines that no signal transmission abnormality has occurred in the IAB node 3, that is, the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is unreliable.
  • step 506b the IAB host node judges whether the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible.
  • the IAB host node After the IAB host node receives the F1 message sent by the IAB node 4, it determines that the IAB node 4 has received the signal transmission abnormality indication sent by the IAB node 3, and further determines whether the signal transmission abnormality indication is credible. For example, the following method can be used to determine: For example, the IAB host node determines that a signal transmission abnormality occurs between IAB node 2 and IAB node 3 according to the signal transmission abnormality indication reported by IAB node 2, and then determines that IAB node 4 receives from IAB node 3.
  • the signal transmission abnormality indication is credible; for another example, the IAB host node determines that a signal transmission abnormality occurs between IAB node 2 and IAB node 3 according to the signal transmission abnormality indications reported by IAB node 2 and IAB node 3, and then determines IAB
  • the abnormal signal transmission indication received by node 4 from IAB node 3 is credible; for another example, if the IAB host node determines that there is no abnormal signal transmission between IAB node 2 and IAB node 3, it determines that IAB node 4 receives from IAB node 3.
  • the received signal transmission abnormal indication is not credible.
  • step 507b the IAB host node sends an F1 message to the IAB node 4.
  • the IAB node 4 can receive the F1 message.
  • the F1 message is protected by security, and the F1 message is the third message in the embodiment corresponding to FIG. 5A.
  • the F1 message carries an indication information used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible, or used to indicate that the signal transmission abnormality indication sent by the IAB node 2 to the IAB node 3 is not credible.
  • the indication information is used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible.
  • the IAB node 4 After the IAB node 4 receives the F1 message, through the indication information in the F1 message, it can be determined that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible, that is, the IAB node 3 does signal transmission. abnormal.
  • the F1 message is sent to the IAB node 3, the F1 message or the indication information in the F1 message It is used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible.
  • the IAB node 4 After receiving the F1 message, the IAB node 4 determines that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is credible according to the indication information in the F1 message or the F1 message, that is, the IAB node 3 has a signal transmission abnormality, so The IAB node 4 can keep the state of stopping data transmission, and wait for the topology change to resume data transmission. It should be noted that if a timer is set in the IAB node 4 in the above step 505b, the IAB node 4 needs to receive the above F1 message before the timer expires before determining the signal transmission from the IAB node 3 to the IAB node 4. The abnormal indication is credible.
  • the IAB host node determines that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is not credible, it sends the F1 message mentioned above to the IAB node 4, the F1 message or the indication in the F1 message The information is used to indicate that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is not credible.
  • the IAB node 4 determines according to the F1 message that the signal transmission abnormality indication sent by the IAB node 3 to the IAB node 4 is not credible, that is, the IAB node 3 has no signal transmission abnormality, so the IAB node 4 can resume data transmission .
  • the IAB node 4 receives the F1 message before the timer expires or does not receive the F1 message before the timeout, then it is determined that the IAB node 3
  • the abnormal signal transmission indication sent by the IAB node 4 is not credible.
  • step 507b when the IAB host node determines that the signal transmission abnormal indication sent by the IAB node 3 to the IAB node 4 is credible, the IAB host node sends an F1 message to the IAB node 4, and the F1 message is used Instructing the IAB node 3 to send the signal transmission abnormality indication to the IAB node 4 to be credible, or the IAB host node sends an F1 message to the IAB node 4, the F1 message carries indication information, and the indication information is used to instruct the IAB node 3 to send to the IAB The abnormal signal transmission indication of node 4 is credible.
  • the IAB node 4 needs to receive the F1 message before the timer expires before determining the signal transmission from the IAB node 3 to the IAB node 4.
  • the abnormal indication is credible.
  • the IAB host node determines that the abnormal signal transmission indication sent by the IAB node 3 to the IAB node 4 is not credible, the IAB host node does not send the F1 message to the IAB node 4.
  • the IAB node after receiving the abnormal transmission indication, uses a secured F1 message to verify whether the received abnormal transmission indication is credible to the IAB host node, and perform corresponding operations according to the feedback result of the IAB host node.
  • This method can eliminate potential safety hazards in the communication process and help improve communication quality.
  • the IAB node 3 and the IAB node 4 in the embodiment corresponding to FIG. 5B are examples of the first node and the second node in the embodiment corresponding to FIG. 5A.
  • the instruction information of step 507b in the embodiment corresponding to FIG. 5B is an example of the second instruction information in the embodiment corresponding to FIG. 5A.
  • the path where the abnormal signal transmission occurs between the IAB node 2 and the IAB3 may also be referred to as the first path, that is, the first path is the path where the abnormal signal transmission occurs.
  • the third path includes a third node.
  • the third node here is the IAB node 3 described above.
  • IAB node 2 when other IAB nodes (such as IAB node 1) receive the signal transmission abnormal indication, they can also use the IAB node 4 In a similar method, verify whether the received signal transmission abnormal indication is credible from the IAB host node, so I won’t repeat it.
  • the method can be executed by the IAB node or components (such as chips, circuits, etc.) used in the IAB node on the side of the IAB node; in the IAB host node
  • the side can be executed by the IAB host node or a component (such as a chip, a circuit, etc.) used for the IAB host node.
  • the following takes the IAB node and the IAB host node to execute the method as an example for description.
  • the IAB node forwards information to other IAB nodes through the IAB host node, which helps to avoid potential safety hazards in direct communication with IAB nodes, thereby improving communication quality.
  • the method includes the following steps:
  • Step 601a The first node sends a first message to the IAB host node.
  • the IAB host node can receive the first message.
  • the first node is an IAB node.
  • the first message includes first indication information.
  • the first message is protected by security, for example, by the aforementioned IPsec security protection or other security protection.
  • the first message may be an F1 message.
  • the first node may be an IAB node that is directly connected to the IAB host node, or may be an IAB node that is not directly connected to the IAB host node.
  • the first node is IAB node 1, IAB node 2, or IAB node 5, and so on.
  • the first node may send the first message to the IAB host node through the wireless backhaul link between the first node and the IAB host node.
  • the first node may send the first message to the IAB host node through other IAB nodes between the first node and the IAB host node.
  • the IAB node 2 may send the first message to the IAB host node through the IAB node 1, and at this time, the IAB node 1 transparently transmits the first message.
  • Step 602a The IAB host node determines the second node according to the first indication information, and the second node is the IAB node.
  • the second node is the IAB node that needs to receive the first indication information.
  • the embodiment of the present application does not limit the specific method for the IAB host node to determine the second node, and the corresponding method can be used in combination with specific scenarios.
  • the above first message also carries information about the first path, the first path includes the first node, the first path is a path in the network topology where abnormal signal transmission occurs, and the first indication information It is used to indicate that a signal transmission abnormality occurs in the first path, then the IAB host node can determine that the node in the network topology affected by the signal transmission abnormality is the second node. That is, the second node is a node that is affected by the first path where the signal transmission abnormality occurs.
  • the second node can be the parent node of the first node or the second-level child of the first node. node.
  • Step 603a the IAB host node sends a second message to the second node.
  • the second node can receive the second message.
  • the second message includes second indication information, and the second indication information may be the same as the foregoing first indication information, or may also be generated according to the foregoing first indication information.
  • the second message is protected by security, for example, by the aforementioned IPsec security protection or other security protection.
  • the second message may be an F1 message.
  • the second message and the foregoing first message are the same message, that is, the IAB host node is forwarding the first message received from the first node.
  • the second indication information carried in the second message and the first indication information carried in the first message are the same indication information.
  • the second message and the foregoing first message are not the same message, that is, after the IAB host node receives the first message, it needs to perform corresponding processing to generate the second message.
  • the second indication information in the second message and the first indication information carried in the first message may be the same or different.
  • the second node may be an IAB node that is directly connected to the IAB host node, or may be an IAB node that is not directly connected to the IAB host node.
  • the IAB host node may send the second message to the second node through the wireless backhaul link between the second node and the IAB host node.
  • the IAB host node may send the second message to the second node through other IAB nodes between the second node and the IAB host node.
  • the IAB node sends the first indication information to the IAB host node through the first message protected by security, and then the IAB host node obtains the second indication information according to the first indication information, and passes the second indication information protected by the security.
  • the message sends the second indication information to other IAB nodes.
  • This process uses the IAB host node as a bridge for information transmission between the two IAB nodes, which can realize the security protection of the information transmitted between the IAB nodes, thereby eliminating the communication process.
  • the potential safety hazards can help improve the quality of communication.
  • the following takes an example of abnormal signal transmission between IAB node 2 (parent node) and IAB node 3 (child node) in FIG. 2 for description.
  • FIG. 6B it is a schematic flowchart of another communication method provided by this application. The method includes the following steps:
  • step 601b the IAB node 2 and the IAB node 3 both detect that the signal transmission between the IAB node 2 and the IAB node 3 is abnormal.
  • step 602b the IAB node 2 sends an F1 message to the IAB host node.
  • the IAB host node can receive the F1 message.
  • the IAB node 2 is an example of the first node in the embodiment corresponding to FIG. 6A.
  • the IAB node 2 immediately sends an F1 message to the IAB host node after detecting an abnormal signal transmission.
  • the IAB node 2 detects that the signal transmission abnormality occurs, if it is determined that there is no alternative path for the current signal transmission abnormality path, it sends an F1 message to the IAB host node.
  • the method for the IAB node 2 to send the F1 message may be, for example, that the IAB node 2 judges whether the parent node of the IAB node 2 is an IAB host node. If the parent node of the IAB node 2 is not the IAB host node, the IAB node 2 sends the BAP message (the BAP message carries the information of the first path and the first indication information, and the first indication information is used to indicate that signal transmission occurs on the first path). Exception) is sent to the F1AP layer, SCTP layer, or IPsec layer for processing, and after the F1AP layer, SCTP layer, or IPsec layer is used for security protection processing, the F1 message is sent to the IAB host node.
  • the IAB node 2 sends an F1 message to the IAB host node, and the F1 message carries the information of the first path and the above-mentioned indication information.
  • the information of the first path may be the identification of the BAP path between IAB node 2 and IAB node 3 (BAP path ID), or the BAP address of IAB node 2 (BAP address) and the BAP address of IAB node 3 (BAP address).
  • the F1 message may also carry the identifier of the parent node of IAB node 2 (ie, IAB node 1).
  • the above-mentioned first path refers to the path between the IAB node 2 and the IAB node 3.
  • Step 603b the IAB host node sends an F1 message to the IAB node 1 and/or the IAB node 4.
  • the IAB node 1 and/or the IAB node 4 can receive the F1 message.
  • the IAB node 1 and IAB node 4 are an example of the second node in the embodiment corresponding to FIG. 6A.
  • the IAB host node After the IAB host node receives the security-protected F1 message from IAB node 2, it verifies the F1 message. When the F1 message is successfully verified, the IAB host node obtains the path information of the abnormal signal transmission (ie, IAB node 2 and IAB Path information between nodes 3, that is, the information of the first path), and determine the object (ie, the node affected by abnormal signal transmission) that needs to forward the indication information in the received F1 message.
  • the judging method may be: the IAB host node queries the routing table that currently contains the above-mentioned path information of the abnormal signal transmission, and finds the nodes affected by the abnormal signal transmission (for example, including IAB node 1 and IAB node 4).
  • the nodes affected by the abnormal signal transmission may be one or more, and may include the first-level parent node or the multi-level parent node of the IAB node 2, and the first-level child node or the multi-level child node of the IAB node 3.
  • the IAB host node sends an F1 message to nodes affected by abnormal signal transmission (for example, including IAB node 1, IAB node 4), and the F1 message carries second indication information and first path information, and the second indication information is used to indicate A signal transmission abnormality occurs in the above-mentioned first path.
  • the second indication information and the first indication information may be the same indication information or generated according to the first indication information.
  • the aforementioned second node may be an IAB node that is directly connected to the IAB host node, or may be an IAB node that is not directly connected to the IAB host node.
  • the IAB host node can send the F1 message to the second node through the wireless backhaul link between the second node and the IAB host node.
  • the IAB host node can send the F1 message to the second node through other IAB nodes between the second node and the IAB host node, and the other IAB node transparently transmits the F1 news.
  • the IAB host node can check whether there is an available path from the IAB host node to IAB node 4. If there is no available path, perform topology adjustment and Create available paths.
  • topology adjustment method please refer to the relevant description in section 9.7 of 3GPP TR 38.874, which will not be repeated.
  • the IAB node 2 sends the F1 message carrying the first path information and the first indication information to the IAB host node.
  • the IAB node 3 may also send the F1 message to the IAB host node, which is not limited in this embodiment of the present application.
  • the above solution forwards the information between the IAB nodes through the secured F1 message, so that the information between the IAB nodes can be securely protected, which helps to ensure that the messages between the IAB nodes will not be maliciously used by attackers, thereby eliminating the communication process
  • the hidden safety hazards in, help to improve the quality of communication.
  • the method can be executed by the IAB node or components (such as chips, circuits, etc.) used in the IAB node on the side of the IAB node; at the IAB host node
  • the side can be executed by the IAB host node or a component (such as a chip, a circuit, etc.) used for the IAB host node.
  • the following takes the IAB node and the IAB host node to execute the method as an example for description.
  • the IAB host node generates a shared key used to encrypt the information transmitted between the first node and the second node, and then the first node and the second node use the shared key to encrypt the transmitted information ,
  • the first node and the second node are both IAB nodes.
  • the second node is an IAB node that has been registered to the core network, and then after the first node accesses and registers to the core network through the second IAB node and the IAB host node, the following method is executed. That is, the second node is the parent node of the first node.
  • the following method can be executed to generate a pairing between the IAB node 3 and the IAB node 4.
  • the transmitted information is encrypted with a shared key, where the IAB node 4 is a child node of the IAB node 3.
  • the method includes the following steps:
  • step 701a the IAB host node determines a first deduction parameter, and the first deduction parameter is used to derive a shared key between the first node and the second node.
  • the first deduction parameter includes one or more of the following:
  • C-RNTI The Cell Radio Network Temporary Identifier (C-RNTI) of the first node.
  • C-RNTI is the AS-layer identity identifier assigned by the IAB host node when the first node initially accesses the IAB host node. Both the first node and the IAB host node store the C-RNTI, but the second node cannot learn the C-RNTI.
  • C-RNTI when used as a parameter to derive a shared key, it helps prevent replay attacks.
  • DU-ID and DU-name are used as parameters for deriving the shared key, the key and DU can be bound, so that the shared key is only used between the first node and the second node.
  • Step 702a the IAB host node sends the first derivation parameter to the first node.
  • the first node can receive the first deduction parameter.
  • the first node may be an IAB node that is directly connected to the IAB host node, or may be an IAB node that is not directly connected to the IAB host node.
  • the IAB host node can send the first deduction parameter to the first node through the wireless backhaul link between the first node and the IAB host node.
  • the IAB host node may send the first deduction parameter to the first node through other IAB nodes between the first node and the IAB host node.
  • step 703a the first node derives the shared key between the first node and the second node according to the root key and the first derivation parameter.
  • the root key can be the root key of the granularity of the IAB node (such as KgNB), that is, the root keys of different IAB nodes are different, and the root key is the key shared between the first node and the IAB host node. It may be a key shared between the first node and the IAB host node after the IPsec establishment is completed. It should be noted that the second node cannot learn the root key.
  • KgNB the root key of the granularity of the IAB node
  • the root key can also be the root key of the granularity of the IAB host node (such as K donor ), that is, the root keys of different IAB host nodes are different, and different IAB nodes under the IAB host node can all use the root key.
  • K donor the root key of the granularity of the IAB host node
  • the root key K donor may be generated by a random number, or the IAB host node may be derived from the NAS key or the AS key.
  • the root key can also be an AMF granular root key (such as K AMF ), that is, different AMF root keys are different, and different IAB nodes and IAB host nodes under the AMF can use the root key K AMF .
  • K AMF AMF granular root key
  • the above describes the process in which the first node obtains the shared key between the first node and the second node.
  • the following describes the process in which the second node obtains the shared key, including but not limited to the following three methods:
  • Method 1 The IAB host node derives the shared key according to the root key and the first derivation parameter, and sends the shared key to the second node.
  • the root key here is the same as the root key used by the first node in step 703a.
  • the root key is the root key of the granularity of the IAB node
  • the root key is shared by the IAB host node and the first node
  • the second node cannot learn the root key.
  • the second node cannot derive the shared key between the first node and the second node.
  • the method 1 can be used to derive the shared key by the IAB host node and send it to the second node.
  • the first method can also be used, and the shared key is deduced by the IAB host node and sent to the second node.
  • Method 2 The IAB host node sends the first deduction parameter to the second node, and the first deduction parameter is used for deduction to obtain the shared key.
  • the second node can learn the root key, and the IAB host node can send the first node to the second node.
  • the parameters are deduced, and then the second node deduces the shared key between the first node and the second node according to the root key and the first deduction parameter.
  • Method 3 The IAB host node derives the intermediate key according to the root key and the third deduction parameter of the first deduction parameter, and then sends the intermediate key and the second deduction parameter of the first deduction parameter to the second node.
  • the node deduces the shared key between the first node and the second node according to the intermediate key and the second deduction parameter, where the third deduction parameter is a deduction parameter other than the second deduction parameter in the first deduction parameter.
  • the first deduction parameter includes C-RNTI, DU-ID, and DU-name
  • the second deduction parameter includes DU-ID, DU-name
  • the third deduction parameter includes C-RNTI
  • the second deduction parameter includes DU- ID
  • the third deduction parameter includes C-RNTI, DU-name, etc.
  • the IAB host node deduces the intermediate key according to the root key and C-RNTI, and then sends the intermediate key to the second node Key, DU-ID, DU-name, the second node derives the shared key between the first node and the second node according to the intermediate key, DU-ID, and DU-name.
  • the third method is applicable to the scenario where the second node can learn the above-mentioned root key, that is, the root key is the root key with the granularity of the IAB host node or the root key with the granularity of the AMF.
  • the IAB host node can send a first indication to the first node
  • the first instruction information is used to instruct to delete the shared key between the first node and the second node, so that the first node deletes the shared key according to the first instruction information.
  • the first node when a topology update occurs and the first node is no longer connected to the second node, that is, when the first node is no longer a child node of the second node, the first node can receive data from the IAB host node Delete the shared key between the first node and the second node after the connection reconfiguration message of the first node, the connection reconfiguration message is used to instruct the first node to establish a connection with the third node, and the third node The node is different from the second node.
  • the first node when a topology update occurs and the first node is no longer connected to the second node, that is, the first node is no longer a child node of the second node, the first node can send a connection reconfiguration to the IAB host node. After the configuration complete message, the shared key between the first node and the second node is deleted, and the connection reconfiguration complete message is used to instruct the first node to complete the establishment of the connection with the third node.
  • the IAB host node can send a second indication to the second node
  • the second instruction information is used to instruct to delete the shared key between the first node and the second node, so that the second node deletes the shared key according to the second instruction information.
  • the second node when a topology update occurs and the first node is no longer connected to the second node, that is, when the first node is no longer a child node of the second node, the second node can receive data from the IAB host node
  • the shared key between the first node and the second node is deleted after the connection release message in, and the connection release message is used to instruct to release the connection between the first node and the second node.
  • the second node can send a connection reconfiguration to the IAB host node. After the configuration message, the shared key between the first node and the second node is deleted. The connection reconfiguration message is used to instruct the second node to establish a connection with the fourth node. One node is different.
  • the shared key is used between the two IAB nodes to encrypt the transmitted information, which can eliminate security risks in the communication process and help improve communication quality.
  • IAB node 1 has been registered to the core network through the IAB host node, and then IAB node 2 accesses and registers to the core network through IAB node 1 and the IAB host node. After the registration is successful, IAB node 2 is a child of IAB node 1. node.
  • FIG. 7B it is a schematic flowchart of another communication method provided by this application. The method includes the following steps:
  • step 701b the IAB node 2 accesses and registers with the core network through the IAB node 1 and the IAB host node.
  • the main process of this step includes: the MT part of the IAB node 2 is started, the backhaul link part is started, and the DU part is started.
  • the MT part starts the process including initial registration, NAS and AS security context establishment. At this time, MT has similar functions to ordinary terminals.
  • the specific process of the IAB node 2 accessing and registering to the core network can refer to the process shown in FIG. 3, which will not be repeated.
  • step 702b the IAB host node derives the shared key K BH-int between the IAB node 1 and the IAB node 2 according to the root key and the first derivation parameter.
  • step 703b the IAB host node sends the first deduction parameter to the IAB node 2 through the RRC message that is protected by security.
  • the IAB node 2 can receive the first deduction parameter.
  • the above-mentioned RRC message is a special RRC message
  • the RRC message carries the first derivation parameter
  • the RRC message is used to instruct to derive the key K BH-int according to the first derivation parameter. Therefore, after the IAB node 2 receives the RRC message, through the name of the RRC message and the first derivation parameter carried, it can be recognized that the RRC message is used to instruct to derive the key K BH-int according to the first derivation parameter.
  • the above-mentioned RRC message is an existing RRC message, and the RRC message carries the first derivation parameter and indication information, and the indication information is used to instruct to derive the key K BH-int according to the first derivation parameter. Therefore, after the IAB node 2 receives the RRC message, it is determined to obtain the shared key K BH-int based on the first derivation parameter and the root key based on the indication information and the first derivation parameter carried in the RRC message.
  • step 704b the IAB node 2 derives the shared key K BH-int shared between the IAB node 1 and the IAB node 2 according to the root key and the first derivation parameter.
  • the method for the IAB node 2 to derive K BH-int is the same as the method for the IAB host node to derive K BH-int in step 702b.
  • step 705b the IAB node 2 sends a response message to the IAB host node.
  • the IAB host node can receive the response message.
  • This step 705b is an optional step.
  • step 706b the IAB host node sends the shared key K BH-int to the IAB node 1 through the F1 message to complete the key sharing between the IAB node 1 and the IAB node 2.
  • the IAB node 1 receives and verifies the F1 message, and stores and uses the key K BH-int after successful verification to protect the data transmission security between the IAB node 1 and the IAB node 2.
  • this step 706b does not carry the shared key K BH-int , but carries the intermediate key and the second deduction parameter, and then the IAB node 1 deduces it according to the intermediate key and the second deduction parameter Get the key K BH-int .
  • the intermediate key is derived from the root key and the third deduction parameter
  • the third deduction parameter is the deduction parameter in the first deduction parameter except the second deduction parameter.
  • the key distribution mechanism may be triggered when the IAB node 2 just enters the network, so that the IAB node 1 and the IAB node 2 can share a pair of keys.
  • the parent node i.e., IAB node 1
  • the parent node can delete the connection between IAB node 1 and IAB node 2 after receiving the connection release message (such as UE context release command) sent by the IAB host node. Shared secret key.
  • the IAB node 1 receives the instruction information sent by the IAB host node, and the instruction information is used to instruct to delete the shared key with the IAB node 2.
  • the child node i.e., IAB node 2
  • IAB node 2 can delete the relationship between IAB node 2 and IAB node 1 after determining to complete path reselection (for example, sending an RRC Connection Reconfiguration Complete (RRCConnectionReconfigurationComplete) message).
  • RRCConnectionReconfigurationComplete RRC Connection Reconfiguration Complete
  • the IAB node 2 receives the instruction information sent by the IAB host node, and the instruction information is used to instruct to delete the shared key with the IAB node 1.
  • step 702b to step 706b are to configure a new shared key for the new IAB node pair.
  • IAB node 1 and IAB node 2 are no longer connected, but IAB node 1 is connected to IAB node 3, and IAB node 2 is connected to IAB node 4, so IAB node 1 and IAB node 3 can be assigned one For the new shared key, configure another new shared key for IAB node 2 and IAB node 4.
  • the key K BH-int shared between the IAB node 1 and the IAB node 2 can be used to protect the transmitted information.
  • the process of information transmission includes the following steps 707b to 712b.
  • step 707b the IAB node 1 uses K BH-int to calculate the integrity protection value DL-MAC-I.
  • DL-MAC-I is calculated based on K BH-int , downlink sequence value, direction number, and downlink messages to be protected (such as BAP messages, etc.).
  • K BH-int is the input key
  • the downstream sequence value, direction number, and downstream message to be protected are input parameters.
  • the purpose of the descending sequence value is to prevent replay attacks.
  • the number in the downstream direction is 0, and the number in the upstream direction is 1.
  • step 708b the IAB node 1 sends a control message to the IAB node 2, which carries DL-MAC-I and a downlink message.
  • the IAB node 2 can receive the control message.
  • step 709b the IAB node 2 uses the K BH-int to check the DL-MAC-I.
  • the IAB node 2 uses the downlink message and K BH-int to check the DL-MAC-I. If the IAB node 2 successfully checks the DL-MAC-I, it indicates that the received downlink message is correct.
  • step 710b the IAB node 2 uses K BH-int to calculate the integrity protection value UL-MAC-I.
  • UL-MAC-I is calculated based on K BH-int , uplink sequence value, direction number, and uplink message to be protected.
  • K BH-int is the input key
  • the upstream sequence value, direction number, and upstream message to be protected are input parameters.
  • the role of the upstream sequence value is to prevent replay attacks.
  • step 711b the IAB node 2 sends a control message to the IAB node 1, which carries UL-MAC-I and an uplink message.
  • the IAB node 1 can receive the control message.
  • Step 712b IAB node 1 uses K BH-int to check UL-MAC-I.
  • the IAB node 1 uses the uplink message and K BH-int to check the UL-MAC-I. If the IAB node 1 successfully checks the UL-MAC-I, it indicates that the received uplink message is correct.
  • the above scheme realizes the configuration process of the shared key between IAB nodes.
  • the shared key can be used to encrypt the information (such as signal transmission abnormality indication) transmitted between IAB nodes, thereby ensuring the security of data transmission between IAB nodes , which helps to improve the quality of communication.
  • the method can be executed by the IAB node or components (such as chips, circuits, etc.) used in the IAB node on the side of the IAB node; at the IAB host node
  • the side can be executed by the IAB host node or a component (such as a chip, a circuit, etc.) used for the IAB host node.
  • the following takes the IAB node and the IAB host node to execute the method as an example for description.
  • the IAB host node sends the root key to the first node and the second node respectively, so that the first node and the second node respectively generate the same shared key according to the root key, and then the first node and the second node
  • the shared key is used to encrypt the transmitted information, thus the aforementioned problem of insecure communication between IAB nodes.
  • the first node and the second node are both IAB nodes.
  • the first node is connected to the second node.
  • the method includes the following steps:
  • Step 801a The IAB host node sends a root key to the first node and the second node, where the root key is the root key of the granularity of the IAB host node or the granularity of the AMF.
  • this step 801a may be executed after the first node accesses and registers with the core network.
  • step 802a the first node and the second node derive the shared key between the first node and the second node based on the root key and the shared parameter between the first node and the second node, and the shared key is used To encrypt the information transmitted between the first node and the second node.
  • the shared parameters include one or more of the following: BAP layer parameters of the first node (such as UE-bearer-ID, BAP-ID, etc.), and BAP layer parameters of the second node (such as UE-bearer-ID, BAP-ID, etc.) ID, etc.), the RLC layer shared parameters between the first node and the second node (such as logical channel ID (logical channel ID, LCID), etc.), the shared parameters between the DU of the first node and the MT of the second node ( Such as SDAP-config, etc.).
  • BAP layer parameters of the first node such as UE-bearer-ID, BAP-ID, etc.
  • BAP layer parameters of the second node such as UE-bearer-ID, BAP-ID, etc.
  • ID such as UE-bearer-ID, BAP-ID, etc.
  • RLC layer shared parameters between the first node and the second node such as logical channel ID (logical channel ID, LCID), etc
  • the first node deletes the above-mentioned root key after disconnecting from the IAB host node.
  • the second node deletes the above-mentioned root key after disconnecting from the IAB host node.
  • the above scheme realizes the configuration process of the shared key between IAB nodes.
  • the shared key can be used to encrypt the information (such as signal transmission abnormality indication) transmitted between IAB nodes, thereby ensuring the security of data transmission between IAB nodes , which helps to improve the quality of communication.
  • FIG. 8B it is a schematic flowchart of another communication method provided by this application. The method includes the following steps:
  • step 801b the IAB node 1 accesses and registers with the core network.
  • the main process of this step includes: the MT part of the IAB node 1 is started, the backhaul link part is started, and the DU part is started.
  • the MT part starts the process including initial registration, NAS and AS security context establishment. At this time, MT has similar functions to ordinary terminals.
  • step 802b the IAB host node sends a configuration message to the IAB node 1, and the configuration message carries the root key. Accordingly, the IAB node 1 can receive the configuration message.
  • the root key may be the granular root key of the IAB host node (such as K donor ), that is, the root keys of different IAB host nodes are different, and different IAB nodes under the IAB host node can use the root key.
  • K donor the granular root key of the IAB host node
  • the root key K donor may be generated by a random number, or the IAB host node may be derived from the NAS key or the AS key.
  • the root key can also be an AMF-granular root key (such as K AMF ), that is, different AMF root keys are different, and different IAB nodes and IAB host nodes under the AMF can use the root key.
  • K AMF AMF-granular root key
  • the configuration message can be an RRC message, which is secured by the AS layer.
  • the configuration message can also be an F1 message, which is protected by IPsec after IPsec is established.
  • the new IAB host node may also send the new root key to the IAB node 1.
  • step 803b the IAB node 1 receives and verifies the root key sent by the IAB host node, and stores the root key after the verification is successful.
  • step 804b the IAB node 1 sends a response message to the IAB host node.
  • the IAB host node can receive the response message.
  • the response message is used to inform the IAB host node that the root key has been received.
  • This step 804b is an optional step.
  • step 805b the IAB node 2 accesses and registers with the core network.
  • the main process of this step includes: the MT part of the IAB node 2 is started, the backhaul link part is started, and the DU part is started.
  • the MT part starts the process including initial registration, NAS and AS security context establishment. At this time, MT has similar functions to ordinary terminals.
  • step 806b the IAB host node sends a configuration message to the IAB node 2, and the configuration message carries the root key. Accordingly, the IAB node 2 can receive the configuration message.
  • the root key is the same as the root key in step 802b.
  • the configuration message can be an RRC message, which is secured by the AS layer.
  • the configuration message can also be an F1 message, which is protected by IPsec after IPsec is established.
  • the new IAB host node may also send the new root key to the IAB node 2.
  • step 807b the IAB node 2 receives and verifies the root key sent by the IAB host node, and stores the root key after the verification is successful.
  • step 808b the IAB node 2 sends a response message to the IAB host node.
  • the IAB host node can receive the response message.
  • the response message is used to inform the IAB host node that the root key has been received.
  • This step 808b is an optional step.
  • step 809b the IAB node 1 uses the root key to calculate the shared key K BH-int , and uses K BH-int to calculate the integrity protection value DL-MAC-I.
  • IAB node 1 uses the root key counter and shared parameters to calculate K BH-int .
  • the shared parameters here include but are not limited to one or more of the following: BAP layer parameters of IAB node 1 (such as UE-bearer-ID, BAP -ID, etc.), BAP layer parameters of IAB node 2 (such as UE-bearer-ID, BAP-ID, etc.), RLC layer shared parameters between IAB node 1 and IAB node 2 (such as LCID, etc.), IAB node 1 Shared parameters (such as SDAP-config, etc.) between the DU and the MT of the IAB node 2.
  • BAP layer parameters of IAB node 1 such as UE-bearer-ID, BAP -ID, etc.
  • BAP layer parameters of IAB node 2 such as UE-bearer-ID, BAP-ID, etc.
  • RLC layer shared parameters between IAB node 1 and IAB node 2 such as LCID, etc.
  • DL-MAC-I is calculated based on K BH-int , downlink sequence value, direction number, and downlink messages to be protected (such as BAP messages, etc.).
  • K BH-int is the input key
  • the downstream sequence value, direction number, and downstream message to be protected are input parameters.
  • the purpose of the descending sequence value is to prevent replay attacks.
  • the number in the downstream direction is 0, and the number in the upstream direction is 1.
  • step 810b the IAB node 1 sends a control message to the IAB node 2, which carries DL-MAC-I and a downlink message.
  • the IAB node 2 can receive the control message.
  • Step 811b the IAB node 2 uses the K BH-int to check the DL-MAC-I.
  • the IAB node 2 uses the downlink message and K BH-int to check the DL-MAC-I. If the IAB node 2 successfully checks the DL-MAC-I, it indicates that the received downlink message is correct.
  • step 812b the IAB node 2 uses K BH-int to calculate the integrity protection value UL-MAC-I.
  • the IAB node 2 uses the root key counter and the shared parameter to calculate K BH-int .
  • the shared parameter here, reference may be made to the foregoing description, and will not be repeated.
  • UL-MAC-I is calculated based on K BH-int , uplink sequence value, direction number, and uplink messages to be protected (such as BAP messages, etc.).
  • K BH-int is the input key
  • the upstream sequence value, direction number, and upstream message to be protected are input parameters.
  • the role of the upstream sequence value is to prevent replay attacks.
  • the number in the downstream direction is 0, and the number in the upstream direction is 1.
  • Step 813b the IAB node 2 sends a control message to the IAB node 1, which carries UL-MAC-I and an uplink message.
  • the IAB node 1 can receive the control message.
  • Step 814b IAB node 1 uses K BH-int to check UL-MAC-I.
  • the IAB node 1 uses the uplink message and K BH-int to check the UL-MAC-I. If the IAB node 1 successfully checks the UL-MAC-I, it indicates that the received uplink message is correct.
  • the IAB host node when the IAB host node determines that the number of IAB nodes leaving the IAB host node exceeds a preset threshold, the IAB host node deletes the root key.
  • the IAB host node may also delete the root key through the IAB node under the IAB host node.
  • the IAB node deletes the root key stored in the IAB node.
  • the above scheme realizes the configuration process of the shared key between IAB nodes.
  • the shared key can be used to encrypt the information (such as signal transmission abnormality indication) transmitted between IAB nodes, thereby ensuring the security of data transmission between IAB nodes , which helps to improve the quality of communication.
  • each network element described above includes hardware structures and/or software modules corresponding to each function.
  • the present invention can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of the present invention.
  • a device for implementing any of the above methods.
  • a device is provided that includes units (or means) for implementing each step performed by an IAB node in any of the above methods.
  • another device is also provided, including a unit (or means) for implementing each step performed by the IAB host node in any of the above methods.
  • the device 900 includes a receiving unit 910 and a sending unit 920. Optionally, it further includes a deduction unit 930 and a deletion unit 940.
  • the receiving unit 910 is configured to receive a first message from a second node, where the first message contains first indication information, the first message is not protected by security, and the first node and the second node are both receiving Incoming and returning an integrated IAB node; the sending unit 920 is configured to send a second message to the IAB host node, where the second message is used to indicate that the first node has received the first indication information, and the second message Subject to security protection; the receiving unit 910 is further configured to receive a third message from the IAB host node, the third message contains second indication information, and the second indication information is used to indicate whether the first indication information is available Letter, the third message is protected by security.
  • the first message further includes an identifier of a third node, the first indication information is used to indicate that a signal transmission abnormality occurs in the third node, and the third node is an IAB node;
  • the second message further includes the identifier of the third node; the second message is used to indicate that the first node has received the first indication information, and includes: the second message is used to indicate the first A node receives the first indication information from the third node.
  • the identifier of the third node is the address of the third node or the identifier of the first path corresponding to the third node, and the first path is an abnormal signal transmission Path, the first path includes the third node.
  • the second message is used to indicate that the first node has received the first indication information, including: the second message includes third indication information, and the third indication information It is used to indicate that the first node has received the first indication information.
  • the first message is an Internet Protocol IP layer message, an Adapt layer message, a radio link control RLC message, a medium access control MAC message, or a physical PHY layer message.
  • the second message is an F1 Application Protocol F1AP layer message, a Stream Control Transmission Protocol SCTP layer message, or an Internet Security Protocol IPsec layer message
  • the third message is an F1AP layer message, an SCTP layer message, or an IPsec layer message.
  • the receiving unit 910 is configured to receive a first deduction parameter from the IAB host node, where the first deduction parameter includes one or more of the following: the C-RNTI of the first node, the DU identifier of the second node, and the second node
  • Derivation unit 930 configured to derive the shared key between the first node and the second node according to the root key and the first derivation parameter, and the shared key is used for the first node
  • the information transmitted with the second node is encrypted.
  • the root key is a key of the granularity of an IAB node, or a key of the granularity of an IAB host node, or a key of the granularity of the access and mobility management function AMF.
  • the receiving unit 910 is further configured to receive first indication information from the IAB host node, where the first indication information is used to instruct to delete the difference between the first node and the second node.
  • the deletion unit 940 is configured to delete the shared key according to the first instruction information.
  • the deleting unit 940 is configured to delete all connections between the first node and the second node after the receiving unit 910 receives the connection reconfiguration message from the IAB host node.
  • the shared key, the connection reconfiguration message is used to instruct the first node to establish a connection with a third node, and the third node is different from the second node; or, the deleting unit 940 is configured to After the sending unit 920 sends a connection reconfiguration complete message to the IAB host node, the shared key between the first node and the second node is deleted, and the connection reconfiguration complete message is used to indicate all The first node completes establishing a connection with the third node.
  • the receiving unit 910 is configured to receive a root key from the IAB host node, the root key is the root key of the granularity of the IAB host node or the granularity of the access and mobility management function AMF, and the first node is the IAB node;
  • the unit 930 is configured to derive the shared key between the first node and the second node according to the root key and the shared parameter between the first node and the second node, and the shared key Used to encrypt information transmitted between the first node and the second node, and the first node is connected to the second node.
  • the shared parameters include one or more of the following: backhaul adaptation protocol BAP layer parameters of the first node, BAP layer parameters of the second node, and the first node
  • BAP layer parameters of the second node controls the RLC layer shared parameters, and the shared parameters between the DU of the first node and the MT of the second node.
  • the deleting unit 940 is configured to delete the root key after disconnecting the connection with the IAB host node.
  • each of the above-mentioned units may also be referred to as a module or a circuit, etc., and each of the above-mentioned units may be provided independently, or may be fully or partially integrated.
  • the foregoing sending unit 920 and receiving unit 910 may also be implemented by a transceiver unit, or the sending unit 920 and the receiving unit 910 may also be collectively referred to as a transceiver unit.
  • the aforementioned deduction unit 930 and the deletion unit 940 may also be implemented by a processing unit, or the deduction unit 930 and the deletion unit 940 may also be collectively referred to as a processing unit.
  • the sending unit 920 described above.
  • the receiving unit 910 or the transceiving unit may also be referred to as a communication interface, and the foregoing processing unit may also be referred to as a processor.
  • the aforementioned communication device 900 may further include a storage unit for storing data or instructions (also referred to as codes or programs), and each of the aforementioned units may interact or couple with the storage unit to implement the corresponding method or Features.
  • the processing unit may read data or instructions in the storage unit, so that the communication device implements the method in the foregoing embodiment.
  • the device 1000 includes a receiving unit 1010 and a sending unit 1020. Optionally, it further includes a judgment unit 1030, a determination unit 1040, and a deduction unit 1050.
  • the receiving unit 1010 is configured to receive a second message from a first node, the second message is used to indicate that the first node has received the first indication information, the second message is protected by security, and the first node is IAB node; a judging unit 1030, configured to judge whether the first indication information is credible; a sending unit 1020, configured to send a third message to the first node, the third message containing the second indication information, the The second indication information is used to indicate whether the first indication information is credible, and the third message is protected by security.
  • the second message further includes an identifier of a third node, and the identifier of the third node is the address of the third node or the path of the first path corresponding to the third node.
  • Identification the first path is a path where abnormal signal transmission occurs, and the first path includes the third node; the second message is used to indicate that the first node has received the first indication information, including: The second message is used to indicate that the first node has received the first indication information from the third node.
  • the judging unit 1030 is specifically configured to determine that a signal transmission abnormality occurs in the first path, and determine that the first indication information is credible.
  • the receiving unit 1010 is further configured to receive fourth indication information from the third node, where the fourth indication information is used to indicate that a signal transmission abnormality occurs in the first path.
  • the second message is used to indicate that the first node has received the first indication information, including: the second message includes third indication information, and the third indication information It is used to indicate that the first node has received the first indication information.
  • the receiving unit 1010 is configured to receive a first message from a first node, the first message includes first indication information, the first message is protected by security, and the first node is an IAB node; the determining unit 1040 is configured to Determine a second node according to the first indication information, and the second node is an IAB node; the sending unit 1020 is configured to send a second message to the second node, and the second message includes the second indication information, The second message is protected by security, and the second indication information corresponds to the first indication information.
  • the first message further includes information about a first path, and the first indication information is used to indicate that a signal transmission abnormality occurs in the first path, and the first path includes the first path.
  • the information of the network topology includes the connection relationship between the IAB host node and at least two IAB nodes, and the network topology includes the first path.
  • the first path further includes a third node, and the information of the first path includes the address of the third node and the address of the first node; or, the first node
  • the path information includes the identifier of the first path.
  • the determining unit 1040 is configured to determine a first deduction parameter, where the first deduction parameter includes one or more of the following: the cell radio network temporary identifier C-RNTI of the first node, the distributed unit DU identifier of the second node, and the The DU name of the second node, the first node is an IAB node, the second node is an IAB node, the second node is connected to the first node, and the first node passes through the second node Access to the IAB host node; a sending unit 1020, configured to send the first derivation parameter to the first node, and the first derivation parameter is used to derive the difference between the first node and the second node
  • the shared key between the first node and the second node is used to encrypt the information transmitted between the first node and the second node.
  • the derivation unit 1050 is configured to derive the shared key according to the root key and the first derivation parameter; the sending unit 1020 is further configured to send the shared key to the second node Key; or the sending unit 1020 is further configured to send the first derivation parameter to the second node, and the first derivation parameter is used to derive the shared key; or, the sending unit 1020 also uses To send an intermediate key and a second derivation parameter in the first derivation parameter to the second node, the intermediate key and the second derivation parameter are used to derive the shared key, and the intermediate The key is derived from the root key and the third deduction parameter in the first deduction parameter, and the third deduction parameter is the first deduction parameter except the second deduction parameter The deduction parameters.
  • the root key is a key of the granularity of an IAB node, or a key of the granularity of an IAB host node, or a key of the granularity of the access and mobility management function AMF.
  • each of the above-mentioned units may also be referred to as a module or a circuit, etc., and each of the above-mentioned units may be provided independently, or may be fully or partially integrated.
  • the foregoing sending unit 1020 and receiving unit 1010 may also be implemented by a transceiver unit, or the sending unit 1020 and the receiving unit 1010 may also be collectively referred to as a transceiver unit.
  • the above-mentioned judgment unit 1030, determination unit 1040, and deduction unit 1050 may also be implemented by processing units, or the judgment unit 1030, determination unit 1040, and deduction unit 1050 may also be collectively referred to as processing units.
  • the foregoing sending unit 1020, receiving unit 1010, or transceiving unit may also be referred to as a communication interface, and the foregoing processing unit may also be referred to as a processor.
  • the above-mentioned communication device 1000 may further include a storage unit for storing data or instructions (also referred to as codes or programs), and each of the above-mentioned units may interact or couple with the storage unit to implement the corresponding method or Features.
  • the processing unit may read data or instructions in the storage unit, so that the communication device implements the method in the foregoing embodiment.
  • each unit in the device can be all implemented in the form of software called by processing elements; they can also be all implemented in the form of hardware; part of the units can also be implemented in the form of software called by the processing elements, and some of the units can be implemented in the form of hardware.
  • each unit can be a separate processing element, or it can be integrated in a certain chip of the device for implementation.
  • it can also be stored in the memory in the form of a program, which is called and executed by a certain processing element of the device.
  • each step of the above method or each of the above units may be implemented by an integrated logic circuit of hardware in a processor element or implemented in a form of being called by software through a processing element.
  • the unit in any of the above devices may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (ASICs), or, one or Multiple microprocessors (digital singnal processors, DSPs), or, one or more field programmable gate arrays (Field Programmable Gate Arrays, FPGAs), or a combination of at least two of these integrated circuits.
  • ASICs application specific integrated circuits
  • DSPs digital singnal processors
  • FPGAs Field Programmable Gate Arrays
  • the unit in the device can be implemented in the form of a processing element scheduler
  • the processing element can be a general-purpose processor, such as a central processing unit (CPU) or other processors that can call programs.
  • CPU central processing unit
  • these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
  • the above receiving unit is an interface circuit of the device for receiving signals from other devices.
  • the receiving unit is an interface circuit used by the chip to receive signals from other chips or devices.
  • the above unit for sending is an interface circuit of the device for sending signals to other devices.
  • the sending unit is an interface circuit used by the chip to send signals to other chips or devices.
  • the IAB node includes: a processor 1110, an interface 1130, and optionally, a memory 1120.
  • the interface 1130 is used to implement communication with other devices.
  • the method executed by the IAB node in the above embodiment may be implemented by the processor 1110 calling a program stored in a memory (which may be the memory 1120 in the IAB node or an external memory). That is, the apparatus for an IAB node may include a processor 1110 that calls a program in a memory to execute the method executed by the IAB node in the above method embodiment.
  • the processor here may be an integrated circuit with signal processing capability, such as a CPU.
  • the device for the IAB node can be implemented by one or more integrated circuits configured to implement the above method. For example: one or more ASICs, or, one or more microprocessors DSP, or, one or more FPGAs, etc., or a combination of at least two of these integrated circuit forms. Or, the above implementations can be combined.
  • the IAB host node includes a processor 1210, an interface 1230, and optionally, a memory 1220.
  • the interface 1230 is used to implement communication with other devices.
  • the method executed by the IAB host node in the above embodiment can be implemented by the processor 1210 calling a program stored in a memory (which may be the memory 1220 in the IAB host node or an external memory). That is, the apparatus for the IAB host node may include the processor 1210, which calls the program in the memory to execute the method executed by the IAB host node in the above method embodiment.
  • the processor here may be an integrated circuit with signal processing capability, such as a CPU.
  • the apparatus for the IAB host node may be implemented by one or more integrated circuits configured to implement the above method. For example: one or more ASICs, or, one or more microprocessors DSP, or, one or more FPGAs, etc., or a combination of at least two of these integrated circuit forms. Or, the above implementations can be combined.
  • An embodiment of the present application also provides a communication system, including the communication device as shown in FIG. 9 and the communication device as shown in FIG. 10.
  • Another embodiment of the present application provides a communication system, including an IAB node as shown in FIG. 11 and an IAB host node as shown in FIG. 12.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the various illustrative logic units and circuits described in the embodiments of this application can be implemented by general-purpose processors, digital signal processors, application-specific integrated circuits (ASIC), field programmable gate arrays (FPGA) or other programmable logic devices, Discrete gates or transistor logic, discrete hardware components, or any combination of the above are designed to implement or operate the described functions.
  • the general-purpose processor may be a microprocessor.
  • the general-purpose processor may also be any traditional processor, controller, microcontroller, or state machine.
  • the processor can also be implemented by a combination of computing devices, such as a digital signal processor and a microprocessor, multiple microprocessors, one or more microprocessors combined with a digital signal processor core, or any other similar configuration. achieve.
  • the aforementioned functions described in this application can be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, these functions can be stored on a computer-readable medium, or transmitted on the computer-readable medium in the form of one or more instructions or codes.
  • Computer readable media include computer storage media and communication media that facilitate the transfer of computer programs from one place to another. The storage medium can be any available medium that can be accessed by a general-purpose or special computer.
  • Such computer-readable media may include, but are not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other device that can be used to carry or store instructions or data structures and Other program code media that can be read by general-purpose or special computers, or general-purpose or special processors.
  • any connection can be appropriately defined as a computer-readable medium, for example, if the software is from a website, server, or other remote source through a coaxial cable, fiber optic computer, twisted pair, digital subscriber line (DSL) Or transmitted by wireless means such as infrared, wireless and microwave are also included in the definition of computer-readable media.
  • DSL digital subscriber line
  • the disks and discs include compressed disks, laser disks, optical disks, digital versatile disks (English: Digital Versatile Disc, abbreviated as DVD), floppy disks, and Blu-ray disks. Disks usually copy data with magnetism. Discs usually use lasers to copy data optically. The combination of the above can also be contained in a computer readable medium.
  • the functions described in this application can be implemented by hardware, software, firmware, or any combination thereof. When implemented by software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium.
  • the computer-readable medium includes a computer storage medium and a communication medium, where the communication medium includes any medium that facilitates the transfer of a computer program from one place to another.
  • the storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请提供通信方法、装置及系统。该方法包括:第二节点通过未受安全保护的消息向第一节点发送第一指示信息后,第一节点可以向IAB宿主节点求证该第一指示信息是否可信,以便于第一节点根据IAB宿主节点的求证结果来执行后续操作。从而可以消除通信过程中的安全隐患,有助于提升通信质量。

Description

通信方法、装置及系统 技术领域
本申请涉及通信技术领域,尤其涉及通信方法、装置及系统。
背景技术
为了减轻有线传输网络的建设负担,提供灵活和密集的新空口(new radio,NR)部署,第五代(5th generation,5G)新空口(new radio,NR)提出了接入回传一体化(integrated access backhaul,IAB)技术。
IAB架构中包括两种类型的节点,分别为:IAB宿主(IAB-donor)节点和IAB节点(IAB-node)。IAB宿主节点的作用和功能与传统的基站相似,提供到核心网(core net,CN)的终端设备接口,以及支持IAB节点的无线回传(wireless backhaul)功能。IAB节点支持终端设备的无线接入和数据的无线回传。
目前,两个IAB节点之间传递的信息未受到安全保护,导致通信过程中存在安全隐患,从而降低了通信质量。
发明内容
本申请提供通信方法、装置及系统,用以保障IAB节点间数据传输的安全性,从而提升通信质量。
第一方面,本申请提供一种通信方法,包括:第一节点从第二节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息未受到安全保护,所述第一节点和所述第二节点均为接入回传一体化IAB节点;所述第一节点向IAB宿主节点发送第二消息,所述第二消息用于指示所述第一节点收到了所述第一指示信息,所述第二消息受到安全保护;所述第一节点从所述IAB宿主节点接收第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
通过上述方案,第二节点通过未受安全保护的消息向第一节点发送第一指示信息后,第一节点可以向IAB宿主节点求证该第一指示信息是否可信,以便于第一节点根据IAB宿主节点的求证结果来执行后续操作。比如,当第一节点确认该第一指示信息可信时,则根据该第一指示信息执行相应操作,否则不执行相应操作,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述第一消息还包含第三节点的标识,所述第一指示信息用于指示所述第三节点发生信号传输异常,所述第三节点为IAB节点;所述第二消息还包括所述第三节点的标识;所述第二消息用于指示所述第一节点接收到了所述第一指示信息,包括:所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
在一种可能的实现方法中,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点。
在一种可能的实现方法中,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
在一种可能的实现方法中,所述第一消息为互联网协议IP层消息、适配Adapt层消息、无线链路控制RLC消息、媒体接入控制MAC消息、或物理PHY层消息,所述第二消息为F1应用协议F1AP层消息、流控制传输协议SCTP层消息、或互联网安全协议IPsec层消息,所述第三消息为F1AP层消息、SCTP层消息、或IPsec层消息。
第二方面,本申请提供一种通信方法,包括:IAB宿主节点从第一节点接收第二消息,所述第二消息用于指示所述第一节点收到了第一指示信息,所述第二消息受到安全保护,所述第一节点为IAB节点;所述IAB宿主节点判断所述第一指示信息是否可信;所述IAB宿主节点向所述第一节点发送第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
通过上述方案,第二节点通过未受安全保护的消息向第一节点发送第一指示信息后,第一节点可以向IAB宿主节点求证该第一指示信息是否可信,以便于第一节点根据IAB宿主节点的求证结果来执行后续操作。比如,当第一节点确认该第一指示信息可信时,则根据该第一指示信息执行相应操作,否则不执行相应操作,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述第二消息还包括第三节点的标识,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点;所述第二消息用于指示所述第一节点接收到了第一指示信息,包括:所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
在一种可能的实现方法中,所述IAB宿主节点判断所述第一指示信息是否可信,包括:
所述IAB宿主节点确定所述第一路径发生信号传输异常,确定所述第一指示信息可信。
在一种可能的实现方法中,所述IAB宿主节点从所述第三节点接收第四指示信息,所述第四指示信息用于指示所述第一路径发生信号传输异常。
在一种可能的实现方法中,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
第三方面,本申请提供一种通信方法,包括:IAB宿主节点从第一节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息受到安全保护,所述第一节点为IAB节点;所述IAB宿主节点根据所述第一指示信息,确定第二节点,所述第二节点为IAB节点;所述IAB宿主节点向所述第二节点发送第二消息,所述第二消息包含第二指示信息,所述第二消息受到安全保护,所述第二指示信息与所述第一指示信息对应。
基于上述方案,IAB节点通过受到安全保护的第一消息将第一指示信息发送至IAB宿主节点,然后由IAB宿主节点再根据第一指示信息得到第二指示信息,并通过受到安全保护的第二消息将第二指示信息发送至其他IAB节点,该过程将IAB宿主节点作为两个IAB节点之间传输信息的桥梁,可以实现对IAB节点之间传输的信息进行安全保护,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述第一消息还包含第一路径的信息,所述第一指示信息用于指示所述第一路径发生信号传输异常,所述第一路径包括所述第一节点;所述IAB宿主节点根据所述第一指示信息,确定第二节点,包括:所述IAB宿主节点根据所述第一指示信息、网络拓扑的信息和所述第一路径的信息,确定所述网络拓扑中受到所述信号传输异常影响的所述第二节点,所述网络拓扑的信息包含IAB宿主节点及至少两个IAB节点之间的连接关系,所述网络拓扑包含所述第一路径。
在一种可能的实现方法中,所述第一路径还包括第三节点,所述第一路径的信息包括所述第三节点的地址和所述第一节点的地址;或者,所述第一路径的信息包括所述第一路径的标识。
第四方面,本申请提供一种通信方法,包括:第一节点从IAB宿主节点接收第一推演参数,所述第一推演参数包含以下一项或多项:所述第一节点的C-RNTI、第二节点的DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为与所述第一节点相连的IAB节点,所述第一节点通过所述第二节点接入所述IAB宿主节点;所述第一节点根据根密钥和所述第一推演参数,推演得到所述第一节点与第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
基于上述方案,两个IAB节点之间使用共享密钥对传输的信息进行加密,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
在一种可能的实现方法中,所述第一节点从所述IAB宿主节点接收第一指示信息,所述第一指示信息用于指示删除所述第一节点与所述第二节点之间的所述共享密钥;所述第一节点根据所述第一指示信息删除所述共享密钥。
在一种可能的实现方法中,所述第一节点接收到来自所述IAB宿主节点的连接重配置消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置消息用于指示所述第一节点建立与第三节点之间的连接,所述第三节点与所述第二节点不同;或者,所述第一节点向所述IAB宿主节点发送连接重配置完成消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置完成消息用于指示所述第一节点完成建立与所述第三节点之间的连接。
第五方面,本申请提供一种通信方法,包括:IAB宿主节点确定第一推演参数,所述第一推演参数包含以下一项或多项:第一节点的小区无线网络临时标识C-RNTI、第二节点的分布式单元DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为IAB节点,所述第二节点与所述第一节点相连,所述第一节点通过所述第二节点接入所述IAB宿主节点;所述IAB宿主节点向所述第一节点发送所述第一推演参数,所述第一推演参数用于推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
基于上述方案,两个IAB节点之间使用共享密钥对传输的信息进行加密,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述IAB宿主节点根据根密钥和第一推演参数,推演得到所述共享密钥;所述IAB宿主节点向所述第二节点发送所述共享密钥;或者,所述IAB宿主节点向所述第二节点发送所述第一推演参数,所述第一推演参数用于推演得到所述共 享密钥;或者,所述IAB宿主节点向所述第二节点发送中间密钥和所述第一推演参数中的第二推演参数,所述中间密钥和所述第二推演参数用于推演得到所述共享密钥,所述中间密钥是根据所述根密钥和所述第一推演参数中的第三推演参数推演得到的,所述第三推演参数是所述第一推演参数中的除所述第二推演参数之外的推演参数。
在一种可能的实现方法中,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
第六方面,本申请提供一种通信方法,包括:第一节点从IAB宿主节点接收根密钥,所述根密钥是IAB宿主节点粒度或接入与移动性管理功能AMF粒度的根密钥,所述第一节点为IAB节点;所述第一节点根据根密钥和所述第一节点与第二节点之间的共享参数,推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密,所述第一节点与所述第二节点相连。
基于上述方案,两个IAB节点之间使用共享密钥对传输的信息进行加密,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
在一种可能的实现方法中,所述共享参数包括以下一项或多项:所述第一节点的回传适配协议BAP层参数、所述第二节点的BAP层参数、所述第一节点与所述第二节点之间的无线链路控制RLC层共享参数、所述第一节点的DU与所述第二节点的MT之间的共享参数。
在一种可能的实现方法中,所述第一节点在断开与所述IAB宿主节点的连接后,删除所述根密钥。
第七方面,本申请提供一种通信装置,该装置可以是IAB节点,还可以是用于IAB节点的芯片。该装置具有实现上述第一方面、第四方面、第六方面、或第一方面的各实施例、或第四方面的各实施例、或第六方面的各实施例的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。
第八方面,本申请提供一种通信装置,该装置可以是IAB宿主节点,还可以是用于IAB宿主节点的芯片。该装置具有实现上述第二方面、第三方面、第五方面、或第二方面的各实施例、或第三方面的各实施例、或第五方面的各实施例的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。
第九方面,本申请提供一种通信装置,包括处理器和存储器;该存储器用于存储计算机执行指令,当该装置运行时,该处理器执行该存储器存储的该计算机执行指令,以使该装置执行如上述第一方面至第六方面、或第一方面至第六方面的各实施例的方法。
第十方面,本申请提供一种通信装置,包括用于执行上述第一方面至第六方面、或第一方面至第六方面的各实施例的各个步骤的单元或手段(means)。
第十一方面,本申请提供一种通信装置,包括处理器和接口电路,所述处理器用于通过接口电路与其它装置通信,并执行上述第一方面至第六方面、或第一方面至第六方面的各实施例的方法。该处理器包括一个或多个。
第十二方面,本申请提供一种通信装置,包括处理器,用于与存储器相连,用于调用所述存储器中存储的程序,以执行上述第一方面至第六方面、或第一方面至第六方面的各实施例的方法。该存储器可以位于该装置之内,也可以位于该装置之外。且该处理器包括 一个或多个。
第十三方面,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得处理器执行上述第一方面至第六方面、或第一方面至第六方面的各实施例所述的方法。
第十四方面,本申请还提供一种包括指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述第一方面至第六方面、或第一方面至第六方面的各实施例所述的方法。
第十五方面,本申请还提供一种芯片系统,包括:处理器,用于执行上述第一方面至第六方面、或第一方面至第六方面的各实施例所述的方法。
第十六方面,本申请还提供一种通信系统,包括用于执行上述第一方面或第一方面任一实施例的第一节点,和用于执行上述第二方面或第二方面任一实施例的IAB宿主节点。
第十七方面,本申请还提供一种通信系统,包括用于执行上述第四方面或第四方面任一实施例的第一节点,和用于执行上述第五方面或第五方面任一实施例的IAB宿主节点。
第十八方面,本申请还提供一种通信方法,包括:
第一节点从第二节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息未受到安全保护,所述第一节点和所述第二节点均为接入回传一体化IAB节点;
所述第一节点向IAB宿主节点发送第二消息,所述第二消息用于指示所述第一节点收到了所述第一指示信息,所述第二消息受到安全保护;
所述IAB宿主节点判断所述第一指示信息是否可信;
所述IAB宿主节点向所述第一节点发送第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护;
所述第一节点从所述IAB宿主节点接收所述第三消息。
第十九方面,本申请还提供一种通信方法,包括:
IAB宿主节点确定第一推演参数,所述第一推演参数包含以下一项或多项:第一节点的小区无线网络临时标识C-RNTI、第二节点的分布式单元DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为IAB节点,所述第二节点与所述第一节点相连,所述第一节点通过所述第二节点接入所述IAB宿主节点;
所述IAB宿主节点向所述第一节点发送所述第一推演参数,所述第一推演参数用于推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密;
所述第一节点从IAB宿主节点接收所述第一推演参数;
所述第一节点根据根密钥和所述第一推演参数,推演得到所述第一节点与第二节点之间的所述共享密钥。
附图说明
图1A为基于服务化架构的5G网络架构示意图;
图1B为基于点对点接口的5G网络架构示意图;
图2为IAB架构的一个示意图;
图3为IAB节点的启动流程示意图;
图4为IAB架构中的相关节点的协议栈示意图;
图5A为本申请提供的一种通信方法流程示意图;
图5B为本申请提供的又一种通信方法流程示意图;
图6A为本申请提供的又一种通信方法流程示意图;
图6B为本申请提供的又一种通信方法流程示意图;
图7A为本申请提供的又一种通信方法流程示意图;
图7B为本申请提供的又一种通信方法流程示意图;
图8A为本申请提供的又一种通信方法流程示意图;
图8B为本申请提供的又一种通信方法流程示意图;
图9为本申请提供的一种通信装置示意图;
图10为本申请提供的又一种通信装置示意图;
图11为本申请提供的一种IAB节点示意图;
图12为本申请提供的一种IAB宿主节点示意图。
具体实施方式
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述。方法实施例中的具体操作方法也可以应用于装置实施例或系统实施例中。其中,在本申请的描述中,除非另有说明,“多个”的含义是两个或两个以上。
如图1A所示,为基于服务化架构的5G网络架构示意图。图1A所示的5G网络架构中可包括三部分,分别是终端设备部分、数据网络(data network,DN)和运营商网络部分。下面对其中的部分网元的功能进行简单介绍说明。
其中,运营商网络可包括以下网元中的一个或多个:鉴权服务器功能(Authentication Server Function,AUSF)网元、网络开放功能(network exposure function,NEF)网元、策略控制功能(policy control function,PCF)网元、统一数据管理(unified data management,UDM)网元、统一数据库(Unified Data Repository,UDR)、网络存储功能(Network Repository Function,NRF)网元、应用功能(application function,AF)网元、接入与移动性管理功能(access and mobility management function,AMF)网元、会话管理功能(session management function,SMF)网元、无线接入网(radioaccess network,RAN)以及用户面功能(user plane function,UPF)网元等。上述运营商网络中,除无线接入网部分之外的部分可以称为核心网络部分。
终端设备(terminal device),是一种具有无线收发功能的设备,可以部署在陆地上,包括室内或室外、手持或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。所述终端设备可以是手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端、增强现实(augmented reality,AR)终端、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端、用户设备(user equipment,UE)等。
上述终端设备可通过运营商网络提供的接口(例如N1等)与运营商网络建立连接,使用运营商网络提供的数据和/或语音等服务。终端设备还可通过运营商网络访问DN,使用DN上部署的运营商业务,和/或第三方提供的业务。其中,上述第三方可为运营商网络和终端设备之外的服务方,可为终端设备提供他数据和/或语音等服务。其中,上述第三方 的具体表现形式,具体可根据实际应用场景确定,在此不做限制。
RAN是运营商网络的子网络,是运营商网络中业务节点与终端设备之间的实施系统。终端设备要接入运营商网络,首先是经过RAN,进而可通过RAN与运营商网络的业务节点连接。RAN设备,是一种为终端设备提供无线通信功能的设备,RAN设备也称为接入网设备。RAN设备包括但不限于:5G中的下一代基站(g nodeB,gNB)、演进型节点B(evolved node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(例如,home evolved nodeB,或home node B,HNB)、基带单元(baseBand unit,BBU)、传输点(transmitting and receiving point,TRP)、发射点(transmitting point,TP)、移动交换中心等。
AMF网元,主要进行移动性管理、接入鉴权/授权等功能。此外,还负责在UE与PCF间传递用户策略。
SMF网元,主要进行会话管理、PCF下发控制策略的执行、UPF的选择、UE互联网协议(internet protocol,IP)地址分配等功能。
UPF网元,作为和数据网络的接口UPF,完成用户面数据转发、基于会话/流级的计费统计,带宽限制等功能。
UDM网元,主要负责管理签约数据、用户接入授权等功能。
UDR,主要负责签约数据、策略数据、应用数据等类型数据的存取功能。
NEF网元,主要用于支持能力和事件的开放。
AF网元,主要传递应用侧对网络侧的需求,例如,服务质量(Quality of Service,QoS)需求或用户状态事件订阅等。AF可以是第三方功能实体,也可以是运营商部署的应用服务,如IP多媒体子系统(IP Multimedia Subsystem,IMS)语音呼叫业务。
PCF网元,主要负责针对会话、业务流级别进行计费、QoS带宽保障及移动性管理、UE策略决策等策略控制功能。该架构中,AMF与SMF所连接的PCF分别对应AM PCF(PCF for Access and Mobility Control)和SM PCF(PCF for Session Management),在实际部署场景中可能不是同一个PCF实体。
NRF网元,可用于提供网元发现功能,基于其他网元的请求,提供网元类型对应的网元信息。NRF还提供网元管理服务,如网元注册、更新、去注册以及网元状态订阅和推送等。
AUSF网元:主要负责对用户进行鉴权,以确定是否允许用户或设备接入网络。
DN,是位于运营商网络之外的网络,运营商网络可以接入多个DN,DN上可部署多种业务,可为终端设备提供数据和/或语音等服务。例如,DN是某智能工厂的私有网络,智能工厂安装在车间的传感器可为终端设备,DN中部署了传感器的控制服务器,控制服务器可为传感器提供服务。传感器可与控制服务器通信,获取控制服务器的指令,根据指令将采集的传感器数据传送给控制服务器等。又例如,DN是某公司的内部办公网络,该公司员工的手机或者电脑可为终端设备,员工的手机或者电脑可以访问公司内部办公网络上的信息、数据资源等。
图1A中Nausf、Nnef、Npcf、Nudm、Naf、Namf、Nsmf、N1、N2、N3、N4,以及N6为接口序列号。这些接口序列号的含义可参见3GPP标准协议中定义的含义,在此不做限制。
如图1B所示,为基于点对点接口的5G网络架构示意图,其中的网元的功能的介绍可以参考图1A中对应的网元的功能的介绍,不再赘述。图1B与图1A的主要区别在于:图1B中的各个网元之间的接口是点对点的接口,而不是服务化的接口。
在图1B所示的架构中,各个网元之间的接口名称及功能如下:
1)、N7:PCF与SMF之间的接口,可以用于下发协议数据单元(protocol data unit,PDU)会话粒度以及业务数据流粒度控制策略。
2)、N15:PCF与AMF之间的接口,可以用于下发UE策略及接入控制相关策略。
3)、N5:AF与PCF之间的接口,可以用于应用业务请求下发以及网络事件上报。
4)、N4:SMF与UPF之间的接口,可以用于控制面与用户面之间传递信息,包括控制面向用户面的转发规则、QoS控制规则、流量统计规则等的下发以及用户面的信息上报。
5)、N11:SMF与AMF之间的接口,可以用于传递RAN和UPF之间的PDU会话隧道信息、传递发送给UE的控制消息、传递发送给RAN的无线资源控制信息等。
6)、N2:AMF与RAN之间的接口,可以用于传递核心网侧至RAN的无线承载控制信息等。
7)、N1:AMF与UE之间的接口,可以用于向UE传递QoS控制规则等。
8)、N8:AMF与UDM间的接口,可以用于AMF向UDM获取接入与移动性管理相关签约数据与鉴权数据,以及AMF向UDM注册UE当前移动性管理相关信息等。
9)、N10:SMF与UDM间的接口,可以用于SMF向UDM获取会话管理相关签约数据,以及SMF向UDM注册UE当前会话相关信息等。
10)、N35:UDM与UDR间的接口,可以用于UDM从UDR中获取用户签约数据信息。
11)、N36:PCF与UDR间的接口,可以用于PCF从UDR中获取策略相关签约数据以及应用数据相关信息。
12)、N12:AMF和AUSF间的接口,可以用于AMF向AUSF发起鉴权流程,其中可携带SUCI作为签约标识;
13)、N13:UDM与AUSF间的接口,可以用于AUSF向UDM获取用户鉴权向量,以执行鉴权流程。
为了减轻有线传输网络的建设负担,提供灵活和密集的NR部署,5G NR提出了IAB技术。如图2所示,为IAB架构的一个示意图。需要说明的是,图中所示的IAB节点的数量以及IAB节点之间的连接关系仅作为示例,本申请实施例不限于该示例。
IAB架构中包括两种类型的节点,分别为:IAB宿主(IAB-donor)节点和IAB节点(IAB-node)。IAB宿主节点是一种接入类型的节点,其作用和功能与传统的基站相似,提供到核心网(CN)(可以参考图1A或图1B所示的核心网部分)的UE接口,以及支持IAB节点的无线回传功能。IAB宿主节点包括集中单元(centralized unit,CU)部分(也称为IAB宿主节点-CU、或IAB-donor-CU)、分布单元(distributed unit,DU)部分(也称为IAB宿主节点-DU、或IAB-donor-DU)以及其他功能,其中,IAB宿主节点-CU又包括用户面(user plane,UP)和控制面(control plane,CP)。IAB节点也是一种接入类型的节点,支持UE的无线接入和数据的无线回传。IAB节点包括移动终端(Mobile Terminal,MT)部 分和DU部分。MT具有IAB节点中的移动终端功能,MT与IAB宿主节点或者其他IAB节点之间通过NR Uu接口通信,以帮助IAB节点进行入网鉴权和建立通信安全。
IAB架构中,两个相连的IAB节点中,靠近IAB宿主节点的IAB节点称为父节点,远离IAB宿主节点的IAB节点被称为子节点。比如图2中的IAB节点1是IAB节点2的父节点,IAB节点2是IAB节点1的子节点。再比如,IAB节点2是IAB节点3的父节点,IAB节点3是IAB节点2的子节点。
IAB宿主节点与IAB节点之间的链路、两个IAB节点之间的链路称为无线回传链路,IAB节点与UE之间的链路称为无线接入链路。IAB节点和IAB宿主节点之间的连接关系被称为拓扑信息。
IAB节点与IAB宿主节点之间可以通过F1接口进行通信。不同的两个IAB节点之间可以通过Uu接口进行通信。IAB宿主节点可以通过NG接口连接核心网。需要说明的是,在5G网络或者未来其他的网络中,上述各种接口,例如F1接口、Uu接口等,均可以有其他名称,本申请实施例对此不作限定。
IAB架构中的UE可以包括通用集成电路卡(Universal Integrated Circuit Card,UICC)和移动设备(Mobile Equipment,ME)等部分。UICC主要用于存储用户信息、鉴权密钥、短消息、付费方式等信息。UICC中一个重要的逻辑模块是用户识别模块(Subscriber Identity Module,SIM)卡,比如可以是实体硬SIM卡。当移动设备内放入SIM卡后,可以向核心网完成注册、服务请求、会话建立等业务。ME可以完成消息的收发、处理等功能。除长期密钥存储在SIM卡内,安全上下文中的其他密钥可以在ME中推演和计算。UE在与核心网网元(如AMF、AUSF)进行双向鉴权时,会使用长期密钥和相关函数验证网络的真实性。
下面对现有技术中的IAB节点的启动流程进行简单介绍。如图3所示,IAB节点的启动流程包括以下步骤:
步骤301,IAB节点向AMF发送注册请求消息。
其中,注册请求消息包括:IAB节点的身份信息。例如,签约隐藏标识(Subscription Concealed Identifier,SUCI)或者5G-全局唯一临时标识(Globally Unique Temporary UE Identity,GUTI)。
可以理解的是,该AMF集成了安全锚功能(security anchor function,SEAF)。
步骤302,AMF向AUSF发送消息1。
其中,消息1可以包括:SUCI/SUPI、以及服务网络名称(server network name,SN name)。
示例性的,消息1可以为Nausf_UEAuthentication_Authenticate Request。
步骤303,AUSF向UDM发送消息2。
可以理解的是,该UDM集成了认证凭证库以及处理功能(authentication credential repository and processing function,ARPF)。
其中,消息2可以包括:SUCI/SUPI、以及SN name。
示例性的,消息2可以为Nudm_UEAuthentication_Get Request。
步骤304,UDM查询消息2中的标识是否在IAB列表中。
其中,该IAB列表用于记录一个或多个IAB节点的标识。
可以理解的是,消息2中的标识即为SUCI/SUPI。
当消息2中的标识在IAB列表中,UDM可以确定接入网络的通信设备为IAB节点。否则,UDM确定接入网络的通信设备为普通UE。
步骤305,IAB节点与网络侧进行主鉴权。
步骤306,AMF向IAB节点发送非接入层(non-access stratum,NAS)安全模式命令(security mode command,SMC)消息。
步骤307,IAB节点向AMF发送NAS安全模式完成(security mode complete,SMP)消息。
可以理解的是,基于步骤306和步骤307,AMF与IAB节点之间建立NAS安全上下文。
步骤308,AMF向IAB宿主节点发送初始上下文建立请求(initial context setup request)。
其中,初始上下文建立请求包括IAB授权(authorized)。IAB authorized是UDM发送给AMF的。
步骤309,IAB宿主节点向IAB节点发送接入层(access stratum,AS)SMC消息。
步骤310,IAB节点向IAB宿主节点发送AS SMP消息。
可以理解的是,基于步骤309和步骤310,IAB宿主节点与IAB节点之间建立AS安全上下文。
步骤311,IAB节点与IAB宿主节点建立路由。
例如,IAB节点与IAB宿主节点之间建立安全隧道。
步骤312,IAB节点启动DU。
需要说明的是,在IAB节点的DU启动之后,IAB节点可以为UE或者其他IAB节点提供传输服务。
以上是对IAB节点的启动流程的简单介绍。可以理解的是,IAB节点的启动流程还可以包括其他步骤,本申请实施例对此不作限定。
由于IAB宿主节点和IAB节点之间通过无线回传链路进行数据交互,因此IAB宿主节点和IAB节点之间可以不用铺设线缆,这使得IAB节点的部署更加灵活。在UE看来,IAB节点可以像基站一样提供接入服务。在IAB宿主节点看来,IAB节点是延伸的DU。因此IAB节点起到了桥接的作用,扩展了信号的覆盖范围。
下面对IAB架构中的相关节点的协议栈进行说明。如图4所示,为IAB架构中的相关节点的协议栈示意图。示例性的,IAB节点和IAB宿主节点之间的安全隧道可以为互联网安全协议(internet protocol security,IPsec)隧道,或者其他类型的隧道,本申请实施例不限于此。
IAB架构中,UE在用户面上接收/发送数据的过程涉及到以下节点:UE、接入(access)IAB节点、中继(intermediate)IAB节点、IAB宿主节点、以及UPF。
其中,接入IAB节点为用于向UE提供接入服务的IAB节点。中继IAB节点为提供无线回传功能的IAB节点。中继IAB节点是可选的。
如图4所示,UE的协议栈可以包括:无线资源控制(Radio Resource Control,RRC)层、分组数据汇聚协议(Packet Data Convergence Protocol,PDCP)层、无线链路控制(radio link control,RLC)层、媒体接入控制(media access control,MAC)层、物理层(PHY layer)。
接入IAB节点的DU的协议栈可以包括:RLC层、MAC层和PHY层。接入IAB节 点的MT的协议栈可以包括:F1应用协议(F1 application protocol,F1AP)层、流控制传输协议(Stream Control Transmission Protocol,SCTP)层、IPsec层、IP层、适配(Adapt)层、RLC层、MAC层、以及PHY层。其中适配层也被称为回传适配协议(Backhaul Adaptation Protocol,BAP)层。
中继IAB节点的DU的协议栈可以包括:IP层、Adapt层、RLC层、MAC层、以及PHY层。中继IAB节点的MT的协议栈可以包括:IP层、Adapt层、RLC层、MAC层、以及PHY层。
IAB宿主节点DU的协议栈可以包括:IP层、Adapt层、RLC层、MAC层、以及PHY层。IAB宿主节点CU的协议栈可以包括:RRC层、PDCP层、F1AP层、SCTP层、IPsec层、以及IP层。
其中,IAB节点与IAB宿主节点之间的接口称为F1接口,IAB节点和IAB宿主节点间的通信有效负载由F1AP层处理,因此本申请实施例也将IAB节点与IAB宿主节点之间通信有效负载在F1AP层的消息统称为F1消息。
上述各个层的功能,可以参考现有技术中的描述,在此不予赘述。
需要说明的是,本申请实施例中,当一个IAB节点与IAB宿主节点直连时,则该IAB节点可以通过该IAB节点与IAB宿主节点之间的无线回传链路进行通信。比如参考图2,IAB节点1从IAB宿主节点接收F1消息,或者IAB节点1向IAB宿主节点发送F1消息。
当一个IAB节点没有与IAB宿主节点直连时,则该IAB节点可以通过该IAB节点与IAB宿主节点之间的其他IAB节点进行通信。比如参考图2,IAB宿主节点需要向IAB节点3发送F1消息时,可以通过IAB节点1、IAB节点2转发F1消息,也即IAB宿主节点发出的F1消息,经过IAB节点1、IAB节点2的中转,到达IAB节点3。或者,IAB节点3需要向IAB宿主节点发送F1消息时,可以通过IAB节点2、IAB节点1转发F1消息,也即IAB宿主节点发出的F1消息,经过IAB节点2、IAB节点1的中转,到达IAB宿主节点。
参考图4,IAB节点与IAB宿主节点间在IPsec层上建立IPsec隧道,以安全传输数据,也即,IAB节点与IAB宿主节点之间通过F1AP层传输的消息受到IPSec安全保护,即完整性和加密保护。因此,IAB节点与IAB宿主节点之间进行的通信是安全可靠的,传输消息中受安全保护的部分不会被攻击者篡改、解析,也即F1消息是受到安全保护的。
两个IAB节点之间通过IP层、Adapt层、RLC层、MAC层、以及PHY层传递消息,由于对应IP层、Adapt层、RLC层、MAC层、以及PHY层没有建立安全隧道(如IPsec隧道),因此,两个IAB节点之间进行的通信是不可靠的,传输的消息可能会受到安全攻击(比如被截获并篡改消息中携带的数据),也即两个IAB节点之间传输的消息是未受安全保护的。
通过前面的描述可知,两个IAB节点传递的消息可能是不可靠的,当一个IAB节点接收到另一个IAB节点发送的消息,该IAB节点并不能确定该消息中携带的信息是否可信,比如该信息是否被攻击者篡改,从而影响通信质量。
为解决上述问题,本申请实施例提供多种不同的方法,下面分别说明。
如图5A所示,为本申请实施例提供的一种通信方法,该方法在IAB节点侧,可以由IAB节点或用于IAB节点的部件(如芯片、电路等)执行;在IAB宿主节点侧,可以由 IAB宿主节点或用于IAB宿主节点的部件(如芯片、电路等)执行。为便于说明,下面以IAB节点和IAB宿主节点执行该方法为例进行说明。
该方法包括以下步骤:
步骤501a,第二节点向第一节点发送第一消息。相应地,第一节点可以接收到该第一消息。
第一节点和第二节点均为IAB节点。
该第一消息包含第一指示信息,该第一消息未受到安全保护,比如未受到前述描述的IPsec安全保护或者其他安全保护,因此该第一消息携带的第一指示信息是否可信还有待确认。
该第一消息可以是IP层消息、Adapt层消息(也称为BAP层消息)、RLC层消息、MAC层消息、或PHY层消息。
步骤502a,第一节点向IAB宿主节点发送第二消息。相应地,IAB宿主节点可以接收到该第二消息。
需要说明的是,该第一节点可以是与IAB宿主节点直连的IAB节点,也可以是没有与IAB宿主节点直连的IAB节点。以图2为例,比如第二节点为IAB节点1,第一节点为IAB节点2、或IAB节点5。再比如,第二节点为IAB节点2,第一节点为IAB节点1、或IAB节点3。再比如,第二节点为IAB节点3,第一节点为IAB节点2、或IAB节点4。
当第一节点与IAB宿主节点直连时,则第一节点可以通过第一节点与IAB宿主节点之间的无线回传链路向IAB宿主节点发送第二消息。当第一节点没有与IAB宿主节点直连时,则第一节点可以通过第一节点与IAB宿主节点之间的其他IAB节点向IAB宿主节点发送第二消息。例如,当第一节点为IAB节点2时,则IAB节点2可以通过IAB节点1向IAB宿主节点发送第二消息,此时IAB节点1透传该第二消息。
该第二消息用于指示第一节点收到了上述第一指示信息,第二消息受到安全保护,比如受到前述描述IPsec安全保护或者其他安全保护。该第二消息可以是F1消息。
其中,第二消息用于指示第一节点收到了上述第一指示信息的实现方法包括但不限于:
方法一,该第二消息可以是一个特殊的消息,比如是一个特殊的F1消息,IAB宿主节点可以识别该第二消息是用于指示第一节点收到了上述第一指示信息。也即,第二消息的名称可以用于指示第一节点收到了上述第一指示信息。
方法二,第二消息包含第三指示信息,该第三指示信息用于指示第一节点收到了上述第一指示信息。
步骤503a,IAB宿主节点判断第一指示信息是否可信。
本申请实施例对于IAB宿主节点判断第一指示信息是否可信的方法不做限定,可以结合不同应用场景使用不同的方法。比如,第一指示信息用于指示IAB网络拓扑中的某个IAB节点发生拥塞,则IAB宿主节点可以根据其他IAB节点上报的信息,综合判断该第一指示信息指示的IAB节点是否确实发生了拥塞,进而确定该第一指示信息是否可信。再比如,第一指示信息用于指示IAB网络拓扑中的某个IAB节点与该IAB节点的子IAB节点之间发生信号传输中断,则IAB宿主节点可以根据其他IAB节点上报的信息,综合判断该第一指示信息指示的两个IAB节点之间是否确实发生了信号传输中断,进而确定该第一指示信息是否可信。
步骤504a,IAB宿主节点向第一节点发送第三消息。相应的,第一节点可以接收到第 三消息。
需要说明的是,当第一节点与IAB宿主节点直连时,则IAB宿主节点可以通过第一节点与IAB宿主节点之间的无线回传链路向第一节点发送第三消息。当第一节点没有与IAB宿主节点直连时,则IAB宿主节点可以通过第一节点与IAB宿主节点之间的其他IAB节点向第一节点发送第三消息。例如,当第一节点为IAB节点2时,则IAB宿主节点可以通过IAB节点1向IAB节点2发送第三消息,此时IAB节点1透传该第三消息。
该第三消息包含第二指示信息,第二指示信息用于指示上述第一指示信息是否可信,该第三消息受到安全保护,比如受到前述描述IPsec安全保护或者其他安全保护。该第三消息可以是F1消息。
比如,若步骤503a中IAB宿主节点判断第一指示信息可信,则该第二指示信息用于指示上述第一指示信息可信。再比如,若步骤503a中IAB宿主节点判断第一指示信息不可信,则该第二指示信息用于指示上述第一指示信息不可信。例如,该第二指示信息可以是1比特信息,“0”用于指示上述第一指示信息不可信,“1”用于指示上述第一指示信息可信;或者,“0”用于指示上述第一指示信息可信,“1”用于指示上述第一指示信息不可信。
通过上述方案,第二节点通过未受安全保护的消息向第一节点发送第一指示信息后,第一节点可以向IAB宿主节点求证该第一指示信息是否可信,以便于第一节点根据IAB宿主节点的求证结果来执行后续操作。比如,当第一节点确认该第一指示信息可信时,则根据该第一指示信息执行相应操作,否则不执行相应操作,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
下面以父节点与子节点之间发生信号传输异常(如信号传输中断、子节点拥塞、子节点传输模块失效、或父节点拥塞、或父节点传输模块失效等)为例,对图5A所示的实施例进行说明。当父节点和子节点间发生时,父节点和子节点均会检查当前信息传输情况,如果发现信号传输异常,则分别会向与其连接的其他IAB节点发送指示信息,该指示信息用于指示该IAB节点发生信号传输异常。
下面以图2中的IAB节点2(父节点)与IAB节点3(子节点)之间发生信号传输异常为例进行说明。
如图5B所示,为本申请提供的又一种通信方法流程示意图。该方法包括以下步骤:
步骤501b,IAB节点2和IAB节点3均检测出IAB节点2与IAB节点3之间信号传输异常。
步骤502b,IAB节点3向IAB节点4发送BAP消息,该BAP消息包含信号传输异常指示。
这里的信号传输异常指示即为图5A对应的实施例中的第一指示信息的一个示例,该信号传输异常指示用于指示IAB节点3发生信号传输异常。
该BAP消息即为图5A对应的实施例中的第一消息,未受到安全保护。
步骤503b,IAB节点2向IAB宿主节点发送F1消息。
该F1消息包含信号传输异常指示,该信号传输异常指示用于指示IAB节点2发生信号传输异常。可选的,该F1消息包含IAB节点2的标识。其中,IAB节点2的标识比如可以是IAB节点2的BAP地址(BAP address)、或IAB节点2与IAB节点3之间的BAP 路径的标识(BAP path ID)。
该F1消息受到安全保护。
步骤504b,IAB节点3向IAB宿主节点发送F1消息。
该步骤504b为可选步骤。比如当步骤503b携带有IAB节点2与IAB节点3之间的BAP路径的标识时,可以不执行该步骤504b。
该F1消息包含信号传输异常指示,该信号传输异常指示用于指示IAB节点3发生信号传输异常。可选的,该F1消息包含IAB节点3的标识。其中,IAB节点3的标识比如可以是IAB节点3的BAP地址、或IAB节点2与IAB节点3之间的BAP路径的标识。
该F1消息受到安全保护。
IAB宿主节点通过上述步骤503b的F1消息和/或步骤504b的F1消息,确定IAB节点2与IAB节点3之间发生信号传输异常。
需要说明的是,本申请实施例对于上述步骤502b、步骤503b、步骤504b之间的执行顺序不做限定。
可选的,IAB节点4收到信号传输异常指示后,中断上行数据传输,并进行上行数据恢复。这里的上行数据传输恢复指的是,IAB节点2与IAB节点3之间发生信号传输异常之后,IAB节点4继续向IAB节点3发送但没有发送成功的数据,需要重新恢复出来,待传输信道恢复后,需要重新向IAB节点3发送这些恢复的数据。
步骤505b,IAB节点4向IAB宿主节点发送F1消息。相应的,IAB宿主节点可以接收到该F1消息。
该F1消息受到安全保护。该F1消息即为图5A对应的实施例的第二消息。
作为一种实现方法,上述F1消息是一条特殊的消息,该F1消息携带IAB节点3的标识,用于指示收到来自IAB节点3的信号传输异常指示。因此,当IAB宿主节点接收到该F1消息后,通过该F1消息的名称和携带的IAB节点3的标识,可以识别出该F1消息用于指示IAB节点3向IAB节点4发送了信号传输异常指示。进一步的,IAB宿主节点会确认IAB节点3是否确实发生了信号传输异常。
作为又一种实现方法,上述F1消息也可以是现有的一条F1消息,该F1消息携带IAB节点3的标识和指示信息,该指示信息用于指示收到来自IAB节点3的信号传输异常指示。因此,当IAB宿主节点接收到该F1消息后,通过该F1消息携带的指示信息和IAB节点3的标识,可以确定IAB节点3向IAB节点4发送了信号传输异常指示。进一步的,IAB宿主节点会确认IAB节点3是否确实发生了信号传输异常。
其中,IAB节点3的标识比如可以是IAB节点3的BAP地址、或IAB节点2与IAB节点3之间的BAP路径的标识。
可选的,IAB节点4向IAB宿主节点发送F1消息后,启动定时器。若在定时器超时前,IAB节点4接收到IAB宿主节点发送的携带指示信息(该指示信息用于指示IAB节点3向IAB节点4发送的信号传输异常指示可信)的F1消息,则IAB节点4确定IAB节点3发生信号传输异常,也即IAB节点3向IAB节点4发送的信号传输异常指示是可信的。或者,若在定时器超时前,IAB节点4未接收到IAB宿主节点发送的携带指示信息(该指示信息用于指示IAB节点3向IAB节点4发送的信号传输异常指示可信)的F1消息,则IAB节点4确定IAB节点3未发生信号传输异常,也即IAB节点3向IAB节点4发送的信号传输异常指示是不可信的。或者,若在定时器超时前,IAB节点4接收到IAB宿主节 点发送的携带指示信息(该指示信息用于指示IAB节点3向IAB节点4发送的信号传输异常指示不可信)的F1消息,则IAB节点4确定IAB节点3未发生信号传输异常,也即IAB节点3向IAB节点4发送的信号传输异常指示是不可信的。
步骤506b,IAB宿主节点判断IAB节点3向IAB节点4发送的信号传输异常指示是否可信。
IAB宿主节点接收到IAB节点4发送的F1消息后,确定IAB节点4收到了IAB节点3发送的信号传输异常指示,并进一步判断该信号传输异常指示是否可信。比如,可以通过以下方法判断:比如,IAB宿主节点根据IAB节点2上报的信号传输异常指示,确定IAB节点2与IAB节点3之间发生信号传输异常,则确定IAB节点4从IAB节点3收到的信号传输异常指示是可信的;再比如,IAB宿主节点根据IAB节点2和IAB节点3分别上报的信号传输异常指示,确定IAB节点2与IAB节点3之间发生信号传输异常,则确定IAB节点4从IAB节点3收到的信号传输异常指示是可信的;再比如,IAB宿主节点确定IAB节点2与IAB节点3之间没有发生信号传输异常,则确定IAB节点4从IAB节点3收到的信号传输异常指示是不可信。
步骤507b,IAB宿主节点向IAB节点4发送F1消息。相应的,IAB节点4可以接收到该F1消息。
该F1消息受到安全保护,该F1消息即为图5A对应的实施例的第三消息。
该F1消息携带一个指示信息,该指示信息用于指示IAB节点3发送至IAB节点4的信号传输异常指示可信、或用于指示IAB节点2发送至IAB节点3的信号传输异常指示不可信。具体的,在本申请实施例中,IAB节点2与IAB节点3之间确实发生了信号传输异常,因此,该指示信息用于指示IAB节点3发送至IAB节点4的信号传输异常指示可信。因此,当IAB节点4接收到该F1消息后,通过该F1消息中的指示信息,可以确定IAB节点3向IAB节点4发送的信号传输异常指示可信,也即IAB节点3确实发生了信号传输异常。
在一种实现方法中,比如,若IAB宿主节点确定IAB节点3向IAB节点4发送的信号传输异常指示可信,则向IAB节点3发送上述F1消息,该F1消息或F1消息内的指示信息用于指示IAB节点3向IAB节点4发送的信号传输异常指示可信。IAB节点4在收到上述F1消息后,根据F1消息或F1消息内的指示信息确定IAB节点3向IAB节点4发送的信号传输异常指示可信,也即IAB节点3发生了信号传输异常,因此IAB节点4可以保持停止数据发送的状态,并等待拓扑变化后进行数据恢复发送。需要说明的是,若上述步骤505b中,IAB节点4中设置了定时器,则IAB节点4需要在定时器超时前收到上述F1消息,才会确定IAB节点3向IAB节点4发送的信号传输异常指示可信。
在又一种实现方法中,比如,若IAB宿主节点确定IAB节点3向IAB节点4发送的信号传输异常指示不可信,则向IAB节点4发送上述F1消息,该F1消息或F1消息内的指示信息用于指示IAB节点3向IAB节点4发送的信号传输异常指示不可信。IAB节点4在收到上述F1消息后,根据F1消息确定IAB节点3向IAB节点4发送的信号传输异常指示不可信,也即IAB节点3没有发生信号传输异常,因此IAB节点4可以恢复数据发送。需要说明的是,若上述步骤505b中,IAB节点4中设置了定时器,则IAB节点4在定时器超时前收到上述F1消息或超时前没有收到上述F1消息,则确定IAB节点3向IAB节点4发送的信号传输异常指示不可信。
作为上述步骤507b的另一种可替代的实现方案,当IAB宿主节点确定IAB节点3发送至IAB节点4的信号传输异常指示可信,IAB宿主节点向IAB节点4发送F1消息,该F1消息用于指示IAB节点3发送至IAB节点4的信号传输异常指示可信,或者是IAB宿主节点向IAB节点4发送F1消息,该F1消息携带指示信息,该指示信息用于指示IAB节点3发送至IAB节点4的信号传输异常指示可信。需要说明的是,若上述步骤505b中,IAB节点4中设置了定时器,则IAB节点4需要在定时器超时前收到该F1消息,才会确定IAB节点3向IAB节点4发送的信号传输异常指示可信。当IAB宿主节点确定IAB节点3发送至IAB节点4的信号传输异常指示不可信,IAB宿主节点不向IAB节点4发送F1消息。
上述方案中,IAB节点在收到传输异常指示后,通过受安全保护的F1消息向IAB宿主节点进行求证收到的传输异常指示是否可信,并根据IAB宿主节点的反馈结果执行相应的操作。该方法可以消除通信过程中的安全隐患,有助于提升通信质量。
需要说明的是,图5B对应的实施例中的IAB节点3、IAB节点4即为图5A对应的实施例中的第一节点、第二节点的一个示例。图5B对应的实施例的步骤507b的指示信息即为图5A对应的实施例中的第二指示信息的一个示例。
该实施例中,IAB节点2与IAB3之间发生信号传输异常的路径也可以称为第一路径,即第一路径为发生信号传输异常的路径。该第三路径包含第三节点,在上述示例中,这里的第三节点即为上述IAB节点3。
需要说明的是,在图2中IAB节点2与IAB节点3之间发生信号传输异常的情况下,当其他IAB节点(如IAB节点1)接收到信号传输异常指示后,也可以使用与IAB节点4类似的方法,向IAB宿主节点求证接收到的信号传输异常指示是否可信,不再赘述。
如图6A所示,为本申请实施例提供的又一种通信方法,该方法在IAB节点侧,可以由IAB节点或用于IAB节点的部件(如芯片、电路等)执行;在IAB宿主节点侧,可以由IAB宿主节点或用于IAB宿主节点的部件(如芯片、电路等)执行。为便于说明,下面以IAB节点和IAB宿主节点执行该方法为例进行说明。
该方法,IAB节点通过IAB宿主节点转发信息至其他IAB节点,有助于避免IAB节点直接通信所存在的安全隐患问题,从而可以提升通信质量。
该方法包括以下步骤:
步骤601a,第一节点向IAB宿主节点发送第一消息。相应地,IAB宿主节点可以接收到该第一消息。
该第一节点为IAB节点。该第一消息包含第一指示信息。
该第一消息受到安全保护,比如受到前述描述IPsec安全保护或者其他安全保护。该第一消息可以是F1消息。
该第一节点可以是与IAB宿主节点直连的IAB节点,也可以是没有与IAB宿主节点直连的IAB节点。以图2为例,比如第一节点为IAB节点1、IAB节点2、或IAB节点5等等。当第一节点与IAB宿主节点直连时,则第一节点可以通过第一节点与IAB宿主节点之间的无线回传链路向IAB宿主节点发送第一消息。当第一节点没有与IAB宿主节点直连时,则第一节点可以通过第一节点与IAB宿主节点之间的其他IAB节点向IAB宿主节点发送第一消息。例如,当第一节点为IAB节点2时,则IAB节点2可以通过IAB节点1 向IAB宿主节点发送第一消息,此时IAB节点1透传该第一消息。
步骤602a,IAB宿主节点根据第一指示信息,确定第二节点,第二节点为IAB节点。
该第二节点即为需要接收第一指示信息的IAB节点。本申请实施例对于IAB宿主节点确定第二节点的具体方法不做限定,可结合具体场景使用相应的方法。作为一种实现方法,比如,上述第一消息中还携带第一路径的信息,第一路径包含第一节点,该第一路径为网络拓扑中的发生信号传输异常的路径,且第一指示信息用于指示第一路径发生信号传输异常,则IAB宿主节点可以确定该网络拓扑中受到所述信号传输异常影响的节点,为所述第二节点。也即,第二节点是受到发生信号传输异常的第一路径的影响的节点。例如,如果第一节点和第一节点的子节点之间发生信号传输异常(如拥塞、信号传输中断等),第二节点可以是第一节点的父节点,也可以是第一节点二级子节点。
步骤603a,IAB宿主节点向第二节点发送第二消息。相应的,第二节点可以接收到该第二消息。
第二消息包含第二指示信息,该第二指示信息可以与上述第一指示信息相同,或者也可以是根据上述第一指示信息生成的。
第二消息受到安全保护,比如受到前述描述IPsec安全保护或者其他安全保护。该第二消息可以是F1消息。
作为一种实现方法,该第二消息与上述第一消息是同一个消息,也即IAB宿主节点在转发从第一节点接收到的第一消息。此时,第二消息中携带的第二指示信息与第一消息中携带的第一指示信息是同一个指示信息。
作为另一种实现方法,该第二消息与上述第一消息不是同一个消息,也即IAB宿主节点在接收到第一消息后,需要做相应的处理后生成第二消息。此时,第二消息中的第二指示信息与第一消息中携带的第一指示信息可以相同,也可以不同。
该第二节点可以是与IAB宿主节点直连的IAB节点,也可以是没有与IAB宿主节点直连的IAB节点。当第二节点与IAB宿主节点直连时,则IAB宿主节点可以通过第二节点与IAB宿主节点之间的无线回传链路向第二节点发送第二消息。当第二节点没有与IAB宿主节点直连时,则IAB宿主节点可以通过第二节点与IAB宿主节点之间的其他IAB节点向第二节点发送第二消息。
基于上述方案,IAB节点通过受到安全保护的第一消息将第一指示信息发送至IAB宿主节点,然后由IAB宿主节点再根据第一指示信息得到第二指示信息,并通过受到安全保护的第二消息将第二指示信息发送至其他IAB节点,该过程将IAB宿主节点作为两个IAB节点之间传输信息的桥梁,可以实现对IAB节点之间传输的信息进行安全保护,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
下面以父节点与子节点之间发生信号传输异常(如信号传输中断、子节点拥塞、子节点传输模块失效、或父节点拥塞、或父节点传输模块失效等)为例,对图5A所示的实施例进行说明。当父节点和子节点间发生时,父节点和子节点均会检查当前信息传输情况,如果发现信号传输异常,则分别会向与其连接的其他IAB节点发送指示信息,该指示信息用于指示该IAB节点发生信号传输异常。
下面以图2中的IAB节点2(父节点)与IAB节点3(子节点)之间发生信号传输异常为例进行说明。
如图6B所示,为本申请提供的又一种通信方法流程示意图。该方法包括以下步骤:
步骤601b,IAB节点2和IAB节点3均检测出IAB节点2与IAB节点3之间信号传输异常。
步骤602b,IAB节点2向IAB宿主节点发送F1消息。相应的,IAB宿主节点可以接收到该F1消息。
该IAB节点2即为图6A对应的实施例中的第一节点的一个示例。
作为一种实现方法,IAB节点2检测出发生信号传输异常后,立即向IAB宿主节点发送F1消息。作为又一种实现方法,IAB节点2检测出发生信号传输异常后,若确定当前发生信号传输异常的路径没有其他可替代的路径时,向IAB宿主节点发送F1消息。
IAB节点2发送F1消息的方式比如可以是:IAB节点2判断IAB节点2的父节点是不是IAB宿主节点。如果IAB节点2的父节点不是IAB宿主节点,则IAB节点2将BAP消息(该BAP消息携带第一路径的信息和第一指示信息,该第一指示信息用于指示该第一路径发生信号传输异常)发送到F1AP层、SCTP层、或IPsec层处理,利用F1AP层、SCTP层、或IPsec层安全保护处理后,发送F1消息给IAB宿主节点。如果IAB节点2的父节点是IAB宿主节点,则IAB节点2向IAB宿主节点发送F1消息,该F1消息携带第一路径的信息和上述指示信息。其中,第一路径的信息可以是IAB节点2与IAB节点3之间的BAP路径的标识(BAP path ID)、或者是IAB节点2的BAP地址(BAP address)及IAB节点3的BAP地址(BAP address)。可选地,F1消息还可以携带IAB节点2的父节点(即IAB节点1)的标识。
上述第一路径指的是IAB节点2与IAB节点3之间的路径。
步骤603b,IAB宿主节点向IAB节点1和/或IAB节点4发送F1消息。相应的,IAB节点1和/或IAB节点4可以接收到该F1消息。
该IAB节点1、IAB节点4即为图6A对应的实施例中的第二节点的一个示例。
IAB宿主节点接收到来自IAB节点2的受到安全保护的F1消息后,校验该F1消息,当F1消息校验成功后,IAB宿主节点获得发生信号传输异常的路径信息(即IAB节点2与IAB节点3之间的路径信息,也即第一路径的信息),并判断需要转发接收到的F1消息中的指示信息的对象(即受信号传输异常影响的节点)。判断方法可以是:IAB宿主节点查询当前包含上述发生信号传输异常的路径信息的路由表,查找受信号传输异常影响的节点(比如包括IAB节点1、IAB节点4)。受信号传输异常影响的节点可以是一个或者多个,可以包括IAB节点2的一级父节点或者多级父节点,以及包括IAB节点3的一级子节点或者多级子节点。
IAB宿主节点向受信号传输异常影响的节点(比如包括IAB节点1、IAB节点4)发送F1消息,该F1消息中携带第二指示信息和第一路径的信息,该第二指示信息用于指示上述第一路径发生信号传输异常。该第二指示信息与第一指示信息可以是同一个指示信息,或者是根据第一指示信息生成的。
上述第二节点可以是与IAB宿主节点直连的IAB节点,也可以是没有与IAB宿主节点直连的IAB节点。当第二节点与IAB宿主节点直连时,则IAB宿主节点可以通过第二节点与IAB宿主节点之间的无线回传链路向第二节点发送F1消息。当第二节点没有与IAB宿主节点直连时,则IAB宿主节点可以通过第二节点与IAB宿主节点之间的其他IAB节点向第二节点发送F1消息,此时该其他IAB节点透传该F1消息。
需要说明的是,针对IAB节点3的子节点(比如IAB节点4),IAB宿主节点可以检验从IAB宿主节点到IAB节点4之间是否存在可用路径,如果不存在可用路径,则进行拓扑调整并创建可用路径。拓扑调整方法可以参考3GPP TR 38.874第9.7节的相关描述,不再赘述。
需要说明的是,当IAB节点2与IAB节点3之间发生信号传输异常,上述实施例是由IAB节点2向IAB宿主节点发送携带第一路径的信息和第一指示信息的F1消息。作为另一种实现方法,也可以是由IAB节点3向IAB宿主节点发送该F1消息,对此本申请实施例不做限定。
上述方案,通过受安全保护的F1消息转发IAB节点间的信息,使得IAB节点间的信息可以受到安全保护,有助于保障IAB节点间的消息不会被攻击者恶意利用,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
如图7A所示,为本申请实施例提供的又一种通信方法,该方法在IAB节点侧,可以由IAB节点或用于IAB节点的部件(如芯片、电路等)执行;在IAB宿主节点侧,可以由IAB宿主节点或用于IAB宿主节点的部件(如芯片、电路等)执行。为便于说明,下面以IAB节点和IAB宿主节点执行该方法为例进行说明。
该方法由IAB宿主节点生成用于对第一节点与第二节点之间传输的信息进行加密的共享密钥,然后第一节点与第二节点之间使用该共享密钥对传输的信息进行加密,从而上述提到的IAB节点之间通信不安全的问题。其中,第一节点、第二节点均为IAB节点。
以下描述中,第二节点是已经注册至核心网的IAB节点,然后在第一节点通过第二IAB节点和IAB宿主节点接入并注册到核心网之后,执行以下方法。也即,第二节点是第一节点的父节点。比如,参考图2所示的示例,在IAB节点4通过IAB节点3和IAB宿主节点接入并注册到核心网之后,可以执行以下方法,为IAB节点3和IAB节点4之间生成用于对传输的信息进行加密的共享密钥,其中,IAB节点4是IAB节点3的子节点。
该方法包括以下步骤:
步骤701a,IAB宿主节点确定第一推演参数,该第一推演参数用于推演得到第一节点与第二节点之间的共享密钥。
第一推演参数包含以下一项或多项:
1)、第一节点的小区无线网络临时标识(Cell Radio Network Temporary Identifier,C-RNTI)。C-RNTI为第一节点初始接入IAB宿主节点时,IAB宿主节点分配的AS层的身份标识。第一节点和IAB宿主节点均保存有该C-RNTI,但第二节点无法获知该C-RNTI。
2)、第二节点的DU标识(DU-ID)。
3)、第二节点的DU名字(DU-name)。
其中,C-RNTI用作推演共享密钥的参数时,有助于防止重放攻击。DU-ID和DU-name用作推演共享密钥的参数时,可以实现将密钥和DU进行绑定,从而该共享密钥仅用于第一节点与第二节点之间。
步骤702a,IAB宿主节点向第一节点发送第一推演参数。相应的,第一节点可以接收到该第一推演参数。
该第一节点可以是与IAB宿主节点直连的IAB节点,也可以是没有与IAB宿主节点直连的IAB节点。当第一节点与IAB宿主节点直连时,则IAB宿主节点可以通过第一节 点与IAB宿主节点之间的无线回传链路向第一节点发送第一推演参数。当第一节点没有与IAB宿主节点直连时,则IAB宿主节点可以通过第一节点与IAB宿主节点之间的其他IAB节点向第一节点发送第一推演参数。
步骤703a,第一节点根据根密钥和第一推演参数,推演得到第一节点与第二节点之间的共享密钥。
该根密钥可以是IAB节点粒度的根密钥(如KgNB),也即不同的IAB节点的根密钥不同,该根密钥为第一节点和IAB宿主节点之间共享的密钥,也可以是IPsec建立完成后第一节点和IAB宿主节点之间共享的密钥。需要说明的是,第二节点不能获知该根密钥。
或者,该根密钥还可以是IAB宿主节点粒度的根密钥(如K donor),也即不同的IAB宿主节点的根密钥不同,该IAB宿主节点下的不同IAB节点均可以使用该根密钥K donor。比如,该根密钥K donor可以是由随机数生成,或者,IAB宿主节点根据NAS密钥或者AS密钥推演得到。
或者,该根密钥还可以是AMF粒度的根密钥(如K AMF),也即不同的AMF的根密钥不同,该AMF下的不同IAB节点、IAB宿主节点均可以使用该根密钥K AMF
以上描述了第一节点获取到第一节点与第二节点之间的共享密钥的过程,下面介绍第二节点获取到该共享密钥的过程,包括但不限于以下三种方法:
方法一,IAB宿主节点根据根密钥和第一推演参数,推演得到共享密钥,并向第二节点发送共享密钥。
这里的根密钥与上述步骤703a中第一节点使用的根密钥相同。
比如,当该根密钥是IAB节点粒度的根密钥时,该根密钥由IAB宿主节点与第一节点共享该根密钥,而第二节点并不能获知该根密钥。进而第二节点不能推演得到上述第一节点与第二节点之间的共享密钥,该情形下,可以使用该方法一,由IAB宿主节点推演得到共享密钥并发送给第二节点。
当然,当该根密钥是IAB宿主节点粒度的根密钥、或AMF粒度的根密钥时,也可以使用该方法一,由IAB宿主节点推演得到共享密钥并发送给第二节点。
方法二,IAB宿主节点向第二节点发送第一推演参数,第一推演参数用于推演得到所述共享密钥。
比如,当该根密钥是IAB宿主节点粒度的根密钥、或AMF粒度的根密钥时,第二节点可以获知该根密钥,则可以由,IAB宿主节点向第二节点发送第一推演参数,然后第二节点根据根密钥和第一推演参数推演得到第一节点与第二节点之间的共享密钥。
方法三,IAB宿主节点根据根密钥和第一推演参数中的第三推演参数推演得到中间密钥,然后向第二节点发送中间密钥和第一推演参数中的第二推演参数,第二节点根据中间密钥和第二推演参数推演得到第一节点与第二节点之间的共享密钥,该第三推演参数是第一推演参数中的除第二推演参数之外的推演参数。
比如,第一推演参数包括C-RNTI、DU-ID、DU-name,第二推演参数包括DU-ID、DU-name,第三推演参数包括C-RNTI;或者,第二推演参数包括DU-ID,第三推演参数包括C-RNTI、DU-name,等等。
以第二推演参数包括DU-ID、DU-name,第三推演参数包括C-RNTI为例,IAB宿主节点根据根密钥和C-RNTI推演得到中间密钥,然后向第二节点发送中间密钥、DU-ID、DU-name,第二节点根据中间密钥、DU-ID、DU-name推演得到第一节点与第二节点之间 的共享密钥。
需要说明的是,该方法三适用于第二节点可以获知上述根密钥的场景,也即该根密钥是IAB宿主节点粒度的根密钥、或AMF粒度的根密钥。
作为一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,IAB宿主节点可以向第一节点发送第一指示信息,第一指示信息用于指示删除第一节点与所述第二节点之间的共享密钥,从而第一节点根据第一指示信息删除所述共享密钥。
作为又一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,第一节点可以在接收到来自IAB宿主节点的连接重配置消息后,删除第一节点与第二节点之间的所述共享密钥,所述连接重配置消息用于指示第一节点建立与第三节点之间的连接,所述第三节点与所述第二节点不同。
作为又一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,第一节点可以向IAB宿主节点发送连接重配置完成消息后,删除第一节点与第二节点之间的共享密钥,连接重配置完成消息用于指示第一节点完成建立与第三节点之间的连接。
作为一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,IAB宿主节点可以向第二节点发送第二指示信息,第二指示信息用于指示删除第一节点与所述第二节点之间的共享密钥,从而第二节点根据第二指示信息删除所述共享密钥。
作为又一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,第二节点可以在接收到来自IAB宿主节点的连接释放消息后,删除第一节点与第二节点之间的所述共享密钥,所述连接释放消息用于指示释放第一节点与第二节点之间的连接。
作为又一种实现方法,当发生拓扑更新,第一节点与第二节点不再相连,也即第一节点不再是第二节点的子节点时,第二节点可以向IAB宿主节点发送连接重配置消息后,删除第一节点与第二节点之间的共享密钥,所述连接重配置消息用于指示第二节点建立与第四节点之间的连接,所述第四节点与所述第一节点不同。
基于上述方案,两个IAB节点之间使用共享密钥对传输的信息进行加密,从而可以消除通信过程中的安全隐患,有助于提升通信质量。
下面结合一个具体示例,对图7A对应的实施例进行说明。该示例中,IAB节点1已经通过IAB宿主节点注册至核心网,然后IAB节点2通过IAB节点1和IAB宿主节点接入并注册到核心网,注册成功后,IAB节点2是IAB节点1的子节点。
如图7B所示,为本申请提供的又一种通信方法流程示意图。该方法包括以下步骤:
步骤701b,IAB节点2通过IAB节点1和IAB宿主节点接入并注册到核心网。
该步骤的主要过程包括:IAB节点2的MT部分启动、回传链路部分启动和DU部分启动等。MT部分启动包括初始注册、NAS和AS安全上下文建立等过程。此时,MT与普通终端功能相似。
其中,IAB节点2接入并注册到核心网的具体过程可以参考图3所示的流程,不再赘述。
步骤702b,IAB宿主节点根据根密钥以及第一推演参数推演IAB节点1和IAB节点2之间的共享密钥K BH-int
步骤703b,IAB宿主节点通过受到安全保护的RRC消息向IAB节点2发送第一推演参数。相应的,IAB节点2可以接收到第一推演参数。
作为一种实现方法,上述RRC消息是一条特殊的RRC消息,该RRC消息携带第一推演参数,该RRC消息用于指示根据该第一推演参数推演密钥K BH-int。因此,当IAB节点2接收到该RRC消息后,通过该RRC消息的名称和携带的第一推演参数,可以识别出该RRC消息用于指示根据该第一推演参数推演密钥K BH-int
作为又一种实现方法,上述RRC消息是一条现有的RRC消息,该RRC消息携带第一推演参数和指示信息,该指示信息用于指示根据该第一推演参数推演密钥K BH-int。因此,当IAB节点2接收到该RRC消息后,通过该RRC消息携带的指示信息和第一推演参数,确定根据该第一推演参数和根密钥推演得到共享密钥K BH-int
步骤704b,IAB节点2根据根密钥以及第一推演参数,推演IAB节点1和IAB节点2之间共享的共享密钥K BH-int
其中,IAB节点2推演K BH-int的方法与步骤702b中IAB宿主节点推演K BH-int的方法相同。
步骤705b,IAB节点2向IAB宿主节点发送响应消息。相应的,IAB宿主节点可以接收到该响应消息。
该步骤705b为可选步骤。
步骤706b,IAB宿主节点通过F1消息将共享密钥K BH-int发送到IAB节点1,完成IAB节点1和IAB节点2之间的密钥共享。
IAB节点1接收并校验F1消息,验证成功后存储并使用密钥K BH-int,用来保护IAB节点1和IAB节点2之间的数据传输安全。
作为一种可替代的实现方法,该步骤706b中不携带共享密钥K BH-int,而是携带中间密钥和第二推演参数,然后由IAB节点1根据中间密钥和第二推演参数推演得到密钥K BH-int。其中,中间密钥是根据根密钥和第三推演参数推演得到的,第三推演参数是第一推演参数中除第二推演参数之外的推演参数。
作为一种实现方法,上述实施例中,可以是在IAB节点2刚入网时,触发密钥分配机制,从而使得IAB节点1和IAB节点2可以共享一对密钥。
作为另一种实现方法,还可以是在发生拓扑更新时,触发旧密钥的删除以及新密钥的分配机制,从而使得IAB节点1和IAB节点2可以共享一对新的密钥。比如,在发生拓扑更新时,父节点(即IAB节点1)可以在接收到IAB宿主节点发送的连接释放消息(如UE context release command)后,删除与IAB节点1内的与IAB节点2之间的共享密钥。或者是IAB节点1收到IAB宿主节点发送的指示信息,该指示信息用于指示删除与IAB节点2之间的共享密钥。再比如,在发生拓扑更新时,子节点(即IAB节点2)可以在确定完成路径重选(比如发出RRC连接重配置完成(RRCConnectionReconfigurationComplete)消息)后,删除IAB节点2内的与IAB节点1之间的共享密钥。或者是IAB节点2收到IAB宿主节点发送的指示信息,该指示信息用于指示删除与IAB节点1之间的共享密钥。再比如,发生拓扑更新后,若IAB宿主节点发现IAB节点完成了路径重选(比如收到RRC连接重配置完成消息),或者IAB宿主节点配置新的无线回传路径,则可以通过上述实施 例的步骤702b至步骤706b的操作,为新的IAB节点对配置新的共享密钥。例如发生拓扑更新后,上述IAB节点1与IAB节点2不再相连,而是IAB节点1与IAB节点3相连,IAB节点2与IAB节点4相连,则可以为IAB节点1与IAB节点3分配一个新的共享密钥,为IAB节点2与IAB节点4配置另一个新的共享密钥。
当需要在IAB节点1与IAB节点2之间传输信息时,则可以使用IAB节点1与IAB节点2之间共享的密钥K BH-int对传输的信息进行保护。比如,信息传输的过程包括以下步骤707b至步骤712b。
其中,当IAB节点1需要向IAB节点2发送下行消息时,执行以下步骤707b至步骤709b。当IAB节点2需要向IAB节点1发送上行消息时,执行以下步骤710b至步骤712b。
步骤707b,IAB节点1使用K BH-int计算完整性保护值DL-MAC-I。
DL-MAC-I是根据K BH-int、下行顺序值、方向编号、待保护的下行消息(如BAP消息等)计算得到的。其中,K BH-int是输入密钥,下行顺序值、方向编号、待保护的下行消息是输入参数。下行顺序值的作用是为了防止重放攻击。下行方向编号为0,上行方向编号为1。
步骤708b,IAB节点1向IAB节点2发送控制消息,其中携带DL-MAC-I和下行消息。相应地,IAB节点2可以接收到该控制消息。
步骤709b,IAB节点2使用K BH-int校验DL-MAC-I。
具体的,IAB节点2使用下行消息和K BH-int校验DL-MAC-I,如果IAB节点2对DL-MAC-I校验成功,表明接收到的下行消息是正确的。
步骤710b,IAB节点2使用K BH-int计算完整性保护值UL-MAC-I。
UL-MAC-I是根据K BH-int、上行顺序值、方向编号、待保护的上行消息计算得到的。其中,K BH-int是输入密钥,上行顺序值、方向编号、待保护的上行消息是输入参数。上行顺序值的作用是为了防止重放攻击。
步骤711b,IAB节点2向IAB节点1发送控制消息,其中携带UL-MAC-I和上行消息。相应地,IAB节点1可以接收到该控制消息。
步骤712b,IAB节点1使用K BH-int校验UL-MAC-I。
具体的,IAB节点1使用上行消息和K BH-int校验UL-MAC-I,如果IAB节点1对UL-MAC-I校验成功,表明接收到的上行消息是正确的。
上述方案,实现了IAB节点间的共享密钥的配置过程,该共享密钥可用于对IAB节点间传输的信息(如信号传输异常指示)进行加密,从而可以保障IAB节点间数据传输的安全性,有助于提升通信质量。
如图8A所示,为本申请实施例提供的又一种通信方法,该方法在IAB节点侧,可以由IAB节点或用于IAB节点的部件(如芯片、电路等)执行;在IAB宿主节点侧,可以由IAB宿主节点或用于IAB宿主节点的部件(如芯片、电路等)执行。为便于说明,下面以IAB节点和IAB宿主节点执行该方法为例进行说明。
该方法由IAB宿主节点分别向第一节点和第二节点发送根密钥,从而第一节点和第二节点分别根据该根密钥生成相同的共享密钥,然后第一节点与第二节点之间使用该共享密钥对传输的信息进行加密,从而上述提到的IAB节点之间通信不安全的问题。其中,第一 节点、第二节点均为IAB节点。其中,第一节点与第二节点相连。
该方法包括以下步骤:
步骤801a,IAB宿主节点向第一节点、第二节点发送根密钥,该根密钥是IAB宿主节点粒度或AMF粒度的根密钥。
比如可以是在第一节点接入并注册至核心网之后,执行该步骤801a。
步骤802a,第一节点、第二节点根据根密钥和第一节点与第二节点之间的共享参数,推演得到第一节点与第二节点之间的共享密钥,所述共享密钥用于对第一节点与第二节点之间传输的信息进行加密。
所述共享参数包括以下一项或多项:第一节点的BAP层参数(如UE-bearer-ID,BAP-ID等)、第二节点的BAP层参数(如UE-bearer-ID,BAP-ID等)、第一节点与第二节点之间的RLC层共享参数(如逻辑信道标识(logical channel ID,LCID)等)、第一节点的DU与第二节点的MT之间的共享参数(如SDAP-config等)。
可选的,第一节点在断开与IAB宿主节点的连接后,删除上述根密钥。第二节点在断开与IAB宿主节点的连接后,删除上述根密钥。
上述方案,实现了IAB节点间的共享密钥的配置过程,该共享密钥可用于对IAB节点间传输的信息(如信号传输异常指示)进行加密,从而可以保障IAB节点间数据传输的安全性,有助于提升通信质量。
下面结合一个具体示例,对图8A对应的实施例进行说明。如图8B所示,为本申请提供的又一种通信方法流程示意图。该方法包括以下步骤:
步骤801b,IAB节点1接入并注册到核心网。
该步骤的主要过程包括:IAB节点1的MT部分启动、回传链路部分启动和DU部分启动等。MT部分启动包括初始注册、NAS和AS安全上下文建立等过程。此时,MT与普通终端功能相似。
该过程的具体实现可以参考图3所示的描述,这里不再赘述。
步骤802b,IAB宿主节点向IAB节点1发送配置消息,该配置消息携带根密钥,相应地,IAB节点1可以接收到该配置消息。
比如,该根密钥可以是IAB宿主节点粒度的根密钥(如K donor),也即不同的IAB宿主节点的根密钥不同,该IAB宿主节点下的不同IAB节点均可以使用该根密钥K donor。比如,该根密钥K donor可以是由随机数生成,或者,IAB宿主节点根据NAS密钥或者AS密钥推演得到。
再比如,该根密钥还可以是AMF粒度的根密钥(如K AMF),也即不同的AMF的根密钥不同,该AMF下的不同IAB节点、IAB宿主节点均可以使用该根密钥K AMF
该配置消息可以是RRC消息,由AS层安全保护。或者该配置消息也可以是F1消息,在IPsec建立后由IPsec保护。
可选的,当IAB节点1切换到新的IAB宿主节点后,新的IAB宿主节点也可以向IAB节点1发送新的根密钥。
步骤803b,IAB节点1接收并校验IAB宿主节点发送的根密钥,在校验成功后存储根密钥。
步骤804b,IAB节点1向IAB宿主节点发送应答消息。相应地,IAB宿主节点可以接 收到该应答消息。
该应答消息用于告知IAB宿主节点,已经接收到根密钥。
该步骤804b为可选步骤。
步骤805b,IAB节点2接入并注册到核心网。
该步骤的主要过程包括:IAB节点2的MT部分启动、回传链路部分启动和DU部分启动等。MT部分启动包括初始注册、NAS和AS安全上下文建立等过程。此时,MT与普通终端功能相似。
该过程的具体实现可以参考图3所示的描述,这里不再赘述。
步骤806b,IAB宿主节点向IAB节点2发送配置消息,该配置消息携带根密钥,相应地,IAB节点2可以接收到该配置消息。
该根密钥与上述步骤802b中的根密钥相同。
该配置消息可以是RRC消息,由AS层安全保护。或者该配置消息也可以是F1消息,在IPsec建立后由IPsec保护。
可选的,当IAB节点2切换到新的IAB宿主节点后,新的IAB宿主节点也可以向IAB节点2发送新的根密钥。
步骤807b,IAB节点2接收并校验IAB宿主节点发送的根密钥,在校验成功后存储根密钥。
步骤808b,IAB节点2向IAB宿主节点发送应答消息。相应地,IAB宿主节点可以接收到该应答消息。
该应答消息用于告知IAB宿主节点,已经接收到根密钥。
该步骤808b为可选步骤。
以IAB1节点是父节点,IAB节点2是子节点为例,当IAB节点1需要向IAB节点2发送下行消息时,执行以下步骤809b至步骤811b。当IAB节点2需要向IAB节点1发送上行消息时,执行以下步骤812b至步骤814b。
步骤809b,IAB节点1使用根密钥计算共享密钥K BH-int,并使用K BH-int计算完整性保护值DL-MAC-I。
比如,IAB节点1使用根密钥计和共享参数算K BH-int,这里的共享参数包括但不限于以下一项或多项:IAB节点1的BAP层参数(如UE-bearer-ID,BAP-ID等)、IAB节点2的BAP层参数(如UE-bearer-ID,BAP-ID等)、IAB节点1与IAB节点2之间的RLC层共享参数(如LCID等)、IAB节点1的DU与IAB节点2的MT之间的共享参数(如SDAP-config等)。
DL-MAC-I是根据K BH-int、下行顺序值、方向编号、待保护的下行消息(如BAP消息等)计算得到的。其中,K BH-int是输入密钥,下行顺序值、方向编号、待保护的下行消息是输入参数。下行顺序值的作用是为了防止重放攻击。下行方向编号为0,上行方向编号为1。
步骤810b,IAB节点1向IAB节点2发送控制消息,其中携带DL-MAC-I和下行消息。相应地,IAB节点2可以接收到该控制消息。
步骤811b,IAB节点2使用K BH-int校验DL-MAC-I。
具体的,IAB节点2使用下行消息和K BH-int校验DL-MAC-I,如果IAB节点2对DL-MAC-I校验成功,表明接收到的下行消息是正确的。
步骤812b,IAB节点2使用K BH-int计算完整性保护值UL-MAC-I。
比如,IAB节点2使用根密钥计和共享参数算K BH-int,这里的共享参数可以参考前述描述,不再赘述。
UL-MAC-I是根据K BH-int、上行顺序值、方向编号、待保护的上行消息(如BAP消息等)计算得到的。其中,K BH-int是输入密钥,上行顺序值、方向编号、待保护的上行消息是输入参数。上行顺序值的作用是为了防止重放攻击。下行方向编号为0,上行方向编号为1。
步骤813b,IAB节点2向IAB节点1发送控制消息,其中携带UL-MAC-I和上行消息。相应地,IAB节点1可以接收到该控制消息。
步骤814b,IAB节点1使用K BH-int校验UL-MAC-I。
具体的,IAB节点1使用上行消息和K BH-int校验UL-MAC-I,如果IAB节点1对UL-MAC-I校验成功,表明接收到的上行消息是正确的。
作为一种实现方法,IAB宿主节点确定离开该IAB宿主节点的IAB节点的个数超过预设阈值时,IAB宿主节点删除该根密钥。可选的,IAB宿主节点还可以通过该IAB宿主节点下的IAB节点删除根密钥。
作为又一种实现方法,IAB节点离开旧的IAB宿主节点(也即断开与IAB宿主节点的连接)后,该IAB节点删除该IAB节点中存储的根密钥。
上述方案,实现了IAB节点间的共享密钥的配置过程,该共享密钥可用于对IAB节点间传输的信息(如信号传输异常指示)进行加密,从而可以保障IAB节点间数据传输的安全性,有助于提升通信质量。
上述主要从各个网元之间交互的角度对本申请提供的方案进行了介绍。可以理解的是,上述实现各网元为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。
可以理解的是,上述各个方法实施例中,对应由IAB节点实现的步骤或者操作,也可以由配置于IAB节点的部件(例如芯片或者电路)实现,对应由IAB宿主节点实现的步骤或者操作,也可以由配置于IAB宿主节点的部件(例如芯片或者电路)实现。
本申请实施例还提供用于实现以上任一种方法的装置,例如,提供一种装置包括用以实现以上任一种方法中IAB节点所执行的各个步骤的单元(或手段)。再如,还提供另一种装置,包括用以实现以上任一种方法中IAB宿主节点所执行的各个步骤的单元(或手段)。
参考图9,为本申请实施例提供的一种通信装置的示意图。该装置用于实现上述方法实施例中对应第一节点所执行的各个步骤,如图9所示,该装置900包括接收单元910和发送单元920。可选的,还包括推演单元930、删除单元940。
方案一:
接收单元910,用于从第二节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息未受到安全保护,所述第一节点和所述第二节点均为接入回传一体化IAB节点; 发送单元920,用于向IAB宿主节点发送第二消息,所述第二消息用于指示所述第一节点收到了所述第一指示信息,所述第二消息受到安全保护;接收单元910,还用于从所述IAB宿主节点接收第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
在一种可能的实现方法中,所述第一消息还包含第三节点的标识,所述第一指示信息用于指示所述第三节点发生信号传输异常,所述第三节点为IAB节点;所述第二消息还包括所述第三节点的标识;所述第二消息用于指示所述第一节点接收到了所述第一指示信息,包括:所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
在一种可能的实现方法中,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点。
在一种可能的实现方法中,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
在一种可能的实现方法中,所述第一消息为互联网协议IP层消息、适配Adapt层消息、无线链路控制RLC消息、媒体接入控制MAC消息、或物理PHY层消息,所述第二消息为F1应用协议F1AP层消息、流控制传输协议SCTP层消息、或互联网安全协议IPsec层消息,所述第三消息为F1AP层消息、SCTP层消息、或IPsec层消息。
方案二:
接收单元910,用于从IAB宿主节点接收第一推演参数,所述第一推演参数包含以下一项或多项:所述第一节点的C-RNTI、第二节点的DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为与所述第一节点相连的IAB节点,所述第一节点通过所述第二节点接入所述IAB宿主节点;推演单元930,用于根据根密钥和所述第一推演参数,推演得到所述第一节点与第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
在一种可能的实现方法中,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
在一种可能的实现方法中,接收单元910,还用于从所述IAB宿主节点接收第一指示信息,所述第一指示信息用于指示删除所述第一节点与所述第二节点之间的所述共享密钥;删除单元940,用于根据所述第一指示信息删除所述共享密钥。
在一种可能的实现方法中,删除单元940,用于在接收单元910接收到来自所述IAB宿主节点的连接重配置消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置消息用于指示所述第一节点建立与第三节点之间的连接,所述第三节点与所述第二节点不同;或者,删除单元940,用于在发送单元920向所述IAB宿主节点发送连接重配置完成消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置完成消息用于指示所述第一节点完成建立与所述第三节点之间的连接。
方案三:
接收单元910,用于从IAB宿主节点接收根密钥,所述根密钥是IAB宿主节点粒度或接入与移动性管理功能AMF粒度的根密钥,所述第一节点为IAB节点;推演单元930,用于根据根密钥和所述第一节点与第二节点之间的共享参数,推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密,所述第一节点与所述第二节点相连。
在一种可能的实现方法中,所述共享参数包括以下一项或多项:所述第一节点的回传适配协议BAP层参数、所述第二节点的BAP层参数、所述第一节点与所述第二节点之间的无线链路控制RLC层共享参数、所述第一节点的DU与所述第二节点的MT之间的共享参数。
在一种可能的实现方法中,删除单元940,用于在断开与所述IAB宿主节点的连接后,删除所述根密钥。
可以理解的是,上述各个单元也可以称为模块或者电路等,并且上述各个单元可以独立设置,也可以全部或者部分集成。
在一种可能的实现方式中,上述发送单元920和接收单元910也可以通过收发单元实现,或者说发送单元920和接收单元910也可以统称为收发单元。上述推演单元930和删除单940也可以通过处理单元实现,或者说推演单元930和删除单940也可以统称为处理单元。
上述发送单元920。接收单元910或者收发单元也可称为通信接口,上述处理单元也可以称为处理器。
可选的,上述通信装置900还可以包括存储单元,该存储单元用于存储数据或者指令(也可以称为代码或者程序),上述各个单元可以和存储单元交互或者耦合,以实现对应的方法或者功能。例如,处理单元可以读取存储单元中的数据或者指令,使得通信装置实现上述实施例中的方法。
参考图10,为本申请实施例提供的一种通信装置的示意图。该装置用于实现上述方法实施例中对应IAB宿主节点所执行的各个步骤,如图10所示,该装置1000包括接收单元1010和发送单元1020。可选的,还包括判断单元1030、确定单元1040、推演单元1050。
方案一:
接收单元1010,用于从第一节点接收第二消息,所述第二消息用于指示所述第一节点收到了第一指示信息,所述第二消息受到安全保护,所述第一节点为IAB节点;判断单元1030,用于判断所述第一指示信息是否可信;发送单元1020,用于向所述第一节点发送第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
在一种可能的实现方法中,所述第二消息还包括第三节点的标识,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点;所述第二消息用于指示所述第一节点接收到了第一指示信息,包括:所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
在一种可能的实现方法中,判断单元1030,具体用于确定所述第一路径发生信号传输异常,确定所述第一指示信息可信。
在一种可能的实现方法中,接收单元1010,还用于从所述第三节点接收第四指示信息,所述第四指示信息用于指示所述第一路径发生信号传输异常。
在一种可能的实现方法中,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
方案二:
接收单元1010,用于从第一节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息受到安全保护,所述第一节点为IAB节点;确定单元1040,用于根据所述第一指示信息,确定第二节点,所述第二节点为IAB节点;发送单元1020,用于向所述第二节点发送第二消息,所述第二消息包含第二指示信息,所述第二消息受到安全保护,所述第二指示信息与所述第一指示信息对应。
在一种可能的实现方法中,所述第一消息还包含第一路径的信息,所述第一指示信息用于指示所述第一路径发生信号传输异常,所述第一路径包括所述第一节点;确定单元1040,具体用于根据所述第一指示信息、网络拓扑的信息和所述第一路径的信息,确定所述网络拓扑中受到所述信号传输异常影响的所述第二节点,所述网络拓扑的信息包含所述IAB宿主节点及至少两个IAB节点之间的连接关系,所述网络拓扑包含所述第一路径。
在一种可能的实现方法中,所述第一路径还包括第三节点,所述第一路径的信息包括所述第三节点的地址和所述第一节点的地址;或者,所述第一路径的信息包括所述第一路径的标识。
方案三:
确定单元1040,用于确定第一推演参数,所述第一推演参数包含以下一项或多项:第一节点的小区无线网络临时标识C-RNTI、第二节点的分布式单元DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为IAB节点,所述第二节点与所述第一节点相连,所述第一节点通过所述第二节点接入所述IAB宿主节点;发送单元1020,用于向所述第一节点发送所述第一推演参数,所述第一推演参数用于推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
在一种可能的实现方法中,推演单元1050,用于根据根密钥和第一推演参数,推演得到所述共享密钥;发送单元1020,还用于向所述第二节点发送所述共享密钥;或者,发送单元1020,还用于向所述第二节点发送所述第一推演参数,所述第一推演参数用于推演得到所述共享密钥;或者,发送单元1020,还用于向所述第二节点发送中间密钥和所述第一推演参数中的第二推演参数,所述中间密钥和所述第二推演参数用于推演得到所述共享密钥,所述中间密钥是根据所述根密钥和所述第一推演参数中的第三推演参数推演得到的,所述第三推演参数是所述第一推演参数中的除所述第二推演参数之外的推演参数。
在一种可能的实现方法中,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
可以理解的是,上述各个单元也可以称为模块或者电路等,并且上述各个单元可以独立设置,也可以全部或者部分集成。
一些可能的实现方式中,上述发送单元1020和接收单元1010也可以通过收发单元实现,或者说发送单元1020和接收单元1010也可以统称为收发单元。上述判断单元1030、确定单元1040和推演单元1050也可以通过处理单元实现,或者说判断单元1030、确定单元1040和推演单元1050也可以统称为处理单元。
上述发送单元1020、接收单元1010或者收发单元也可称为通信接口,上述处理单元也可以称为处理器。
可选的,上述通信装置1000还可以包括存储单元,该存储单元用于存储数据或者指令(也可以称为代码或者程序),上述各个单元可以和存储单元交互或者耦合,以实现对应的方法或者功能。例如,处理单元可以读取存储单元中的数据或者指令,使得通信装置实现上述实施例中的方法。
应理解以上装置中单元的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。且装置中的单元可以全部以软件通过处理元件调用的形式实现;也可以全部以硬件的形式实现;还可以部分单元以软件通过处理元件调用的形式实现,部分单元以硬件的形式实现。例如,各个单元可以为单独设立的处理元件,也可以集成在装置的某一个芯片中实现,此外,也可以以程序的形式存储于存储器中,由装置的某一个处理元件调用并执行该单元的功能。此外这些单元全部或部分可以集成在一起,也可以独立实现。这里所述的处理元件又可以成为处理器,可以是一种具有信号的处理能力的集成电路。在实现过程中,上述方法的各步骤或以上各个单元可以通过处理器元件中的硬件的集成逻辑电路实现或者以软件通过处理元件调用的形式实现。
在一个例子中,以上任一装置中的单元可以是被配置成实施以上方法的一个或多个集成电路,例如:一个或多个特定集成电路(Application Specific Integrated Circuit,ASIC),或,一个或多个微处理器(digital singnal processor,DSP),或,一个或者多个现场可编程门阵列(Field Programmable Gate Array,FPGA),或这些集成电路形式中至少两种的组合。再如,当装置中的单元可以通过处理元件调度程序的形式实现时,该处理元件可以是通用处理器,例如中央处理器(Central Processing Unit,CPU)或其它可以调用程序的处理器。再如,这些单元可以集成在一起,以片上系统(system-on-a-chip,SOC)的形式实现。
以上用于接收的单元(例如接收单元)是一种该装置的接口电路,用于从其它装置接收信号。例如,当该装置以芯片的方式实现时,该接收单元是该芯片用于从其它芯片或装置接收信号的接口电路。以上用于发送的单元(例如发送单元)是一种该装置的接口电路,用于向其它装置发送信号。例如,当该装置以芯片的方式实现时,该发送单元是该芯片用于向其它芯片或装置发送信号的接口电路。
参考图11,为本申请实施例提供的一种IAB节点的结构示意图,用于实现以上实施例中IAB节点的操作。如图11所示,该IAB节点包括:处理器1110和接口1130,可选的,还包括存储器1120。该接口1130用于实现与其他设备进行通信。
以上实施例中IAB节点执行的方法可以通过处理器1110调用存储器(可以是IAB节点中的存储器1120,也可以是外部存储器)中存储的程序来实现。即,用于IAB节点的装置可以包括处理器1110,该处理器1110通过调用存储器中的程序,以执行以上方法实施例中的IAB节点执行的方法。这里的处理器可以是一种具有信号的处理能力的集成电路,例如CPU。用于IAB节点的装置可以通过配置成实施以上方法的一个或多个集成电路来实 现。例如:一个或多个ASIC,或,一个或多个微处理器DSP,或,一个或者多个FPGA等,或这些集成电路形式中至少两种的组合。或者,可以结合以上实现方式。
参考图12,为本申请实施例提供的一种IAB宿主节点的结构示意图,用于实现以上实施例中IAB宿主节点的操作。如图12所示,该IAB宿主节点包括:处理器1210和接口1230,可选的,还包括存储器1220。该接口1230用于实现与其他设备进行通信。
以上实施例中IAB宿主节点执行的方法可以通过处理器1210调用存储器(可以是IAB宿主节点中的存储器1220,也可以是外部存储器)中存储的程序来实现。即,用于IAB宿主节点的装置可以包括处理器1210,该处理器1210通过调用存储器中的程序,以执行以上方法实施例中的IAB宿主节点执行的方法。这里的处理器可以是一种具有信号的处理能力的集成电路,例如CPU。用于IAB宿主节点的装置可以通过配置成实施以上方法的一个或多个集成电路来实现。例如:一个或多个ASIC,或,一个或多个微处理器DSP,或,一个或者多个FPGA等,或这些集成电路形式中至少两种的组合。或者,可以结合以上实现方式。
本申请一实施例还提供一种通信系统,包括如图9所示的通信装置和如图10所示的通信装置。
本申请又一实施例提供一种通信系统,包括如图11所示的IAB节点和如图12所示的IAB宿主节点。
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包括一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。
本申请实施例中所描述的各种说明性的逻辑单元和电路可以通过通用处理器,数字信号处理器,专用集成电路(ASIC),现场可编程门阵列(FPGA)或其它可编程逻辑装置,离散门或晶体管逻辑,离散硬件部件,或上述任何组合的设计来实现或操作所描述的功能。通用处理器可以为微处理器,可选地,该通用处理器也可以为任何传统的处理器、控制器、微控制器或状态机。处理器也可以通过计算装置的组合来实现,例如数字信号处理器和微处理器,多个微处理器,一个或多个微处理器联合一个数字信号处理器核,或任何其它类似的配置来实现。
在一个或多个示例性的设计中,本申请所描述的上述功能可以在硬件、软件、固件或这三者的任意组合来实现。如果在软件中实现,这些功能可以存储与电脑可读的媒介上,或以一个或多个指令或代码形式传输于电脑可读的媒介上。电脑可读媒介包括电脑存储媒 介和便于使得让电脑程序从一个地方转移到其它地方的通信媒介。存储媒介可以是任何通用或特殊电脑可以接入访问的可用媒体。例如,这样的电脑可读媒体可以包括但不限于RAM、ROM、EEPROM、CD-ROM或其它光盘存储、磁盘存储或其它磁性存储装置,或其它任何可以用于承载或存储以指令或数据结构和其它可被通用或特殊电脑、或通用或特殊处理器读取形式的程序代码的媒介。此外,任何连接都可以被适当地定义为电脑可读媒介,例如,如果软件是从一个网站站点、服务器或其它远程资源通过一个同轴电缆、光纤电脑、双绞线、数字用户线(DSL)或以例如红外、无线和微波等无线方式传输的也被包含在所定义的电脑可读媒介中。所述的碟片(disk)和磁盘(disc)包括压缩磁盘、镭射盘、光盘、数字通用光盘(英文:Digital Versatile Disc,简称:DVD)、软盘和蓝光光盘,磁盘通常以磁性复制数据,而碟片通常以激光进行光学复制数据。上述的组合也可以包含在电脑可读媒介中。
本领域技术人员应该可以意识到,在上述一个或多个示例中,本申请所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。
尽管结合具体特征及其实施例对本申请进行了描述,显而易见的,在不脱离本申请的精神和范围的情况下,可对其进行各种修改和组合。相应地,本说明书和附图仅仅是所附权利要求所界定的本申请的示例性说明,且视为已覆盖本申请范围内的任意和所有修改、变化、组合或等同物。显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包括这些改动和变型在内。

Claims (28)

  1. 一种通信方法,其特征在于,包括:
    第一节点从第二节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息未受到安全保护,所述第一节点和所述第二节点均为接入回传一体化IAB节点;
    所述第一节点向IAB宿主节点发送第二消息,所述第二消息用于指示所述第一节点收到了所述第一指示信息,所述第二消息受到安全保护;
    所述第一节点从所述IAB宿主节点接收第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
  2. 如权利要求1所述的方法,其特征在于,所述第一消息还包含第三节点的标识,所述第一指示信息用于指示所述第三节点发生信号传输异常,所述第三节点为IAB节点;
    所述第二消息还包括所述第三节点的标识;所述第二消息用于指示所述第一节点接收到了所述第一指示信息,包括:
    所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
  3. 如权利要求2所述的方法,其特征在于,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点。
  4. 如权利要求1-3任一所述的方法,其特征在于,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:
    所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
  5. 如权利要求1至4任一所述的方法,其特征在于,所述第一消息为互联网协议IP层消息、适配Adapt层消息、无线链路控制RLC消息、媒体接入控制MAC消息、或物理PHY层消息,所述第二消息为F1应用协议F1AP层消息、流控制传输协议SCTP层消息、或互联网安全协议IPsec层消息,所述第三消息为F1AP层消息、SCTP层消息、或IPsec层消息。
  6. 一种通信方法,其特征在于,包括:
    IAB宿主节点从第一节点接收第二消息,所述第二消息用于指示所述第一节点收到了第一指示信息,所述第二消息受到安全保护,所述第一节点为IAB节点;
    所述IAB宿主节点判断所述第一指示信息是否可信;
    所述IAB宿主节点向所述第一节点发送第三消息,所述第三消息包含第二指示信息,所述第二指示信息用于指示所述第一指示信息是否可信,所述第三消息受到安全保护。
  7. 如权利要求6所述的方法,其特征在于,所述第二消息还包括第三节点的标识,所述第三节点的标识为所述第三节点的地址、或所述第三节点对应的第一路径的标识,所述第一路径为发生信号传输异常的路径,所述第一路径包含所述第三节点;
    所述第二消息用于指示所述第一节点接收到了第一指示信息,包括:
    所述第二消息用于指示所述第一节点接收到了来自所述第三节点的所述第一指示信息。
  8. 如权利要求7所述的方法,其特征在于,所述IAB宿主节点判断所述第一指示信 息是否可信,包括:
    所述IAB宿主节点确定所述第一路径发生信号传输异常,确定所述第一指示信息可信。
  9. 如权利要求7或8所述的方法,其特征在于,还包括:
    所述IAB宿主节点从所述第三节点接收第四指示信息,所述第四指示信息用于指示所述第一路径发生信号传输异常。
  10. 如权利要求6-9任一所述的方法,其特征在于,所述第二消息用于指示所述第一节点收到了所述第一指示信息,包括:
    所述第二消息包含第三指示信息,所述第三指示信息用于指示所述第一节点收到了所述第一指示信息。
  11. 一种通信方法,其特征在于,包括:
    IAB宿主节点从第一节点接收第一消息,所述第一消息包含第一指示信息,所述第一消息受到安全保护,所述第一节点为IAB节点;
    所述IAB宿主节点根据所述第一指示信息,确定第二节点,所述第二节点为IAB节点;
    所述IAB宿主节点向所述第二节点发送第二消息,所述第二消息包含第二指示信息,所述第二消息受到安全保护,所述第二指示信息与所述第一指示信息对应。
  12. 如权利要求11所述的方法,其特征在于,所述第一消息还包含第一路径的信息,所述第一指示信息用于指示所述第一路径发生信号传输异常,所述第一路径包括所述第一节点;
    所述IAB宿主节点根据所述第一指示信息,确定第二节点,包括:
    所述IAB宿主节点根据所述第一指示信息、网络拓扑的信息和所述第一路径的信息,确定所述网络拓扑中受到所述信号传输异常影响的所述第二节点,所述网络拓扑的信息包含所述IAB宿主节点及至少两个IAB节点之间的连接关系,所述网络拓扑包含所述第一路径。
  13. 如权利要求12所述的方法,其特征在于,所述第一路径还包括第三节点,所述第一路径的信息包括所述第三节点的地址和所述第一节点的地址;或者,
    所述第一路径的信息包括所述第一路径的标识。
  14. 一种通信方法,其特征在于,包括:
    第一节点从IAB宿主节点接收第一推演参数,所述第一推演参数包含以下一项或多项:所述第一节点的C-RNTI、第二节点的DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为与所述第一节点相连的IAB节点,所述第一节点通过所述第二节点接入所述IAB宿主节点;
    所述第一节点根据根密钥和所述第一推演参数,推演得到所述第一节点与第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
  15. 如权利要求14所述的方法,其特征在于,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
  16. 如权利要求14或15所述的方法,其特征在于,还包括:
    所述第一节点从所述IAB宿主节点接收第一指示信息,所述第一指示信息用于指示删除所述第一节点与所述第二节点之间的所述共享密钥;
    所述第一节点根据所述第一指示信息删除所述共享密钥。
  17. 如权利要求14或15所述的方法,其特征在于,还包括:
    所述第一节点接收到来自所述IAB宿主节点的连接重配置消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置消息用于指示所述第一节点建立与第三节点之间的连接,所述第三节点与所述第二节点不同;或者,
    所述第一节点向所述IAB宿主节点发送连接重配置完成消息后,删除所述第一节点与所述第二节点之间的所述共享密钥,所述连接重配置完成消息用于指示所述第一节点完成建立与所述第三节点之间的连接。
  18. 一种通信方法,其特征在于,包括:
    IAB宿主节点确定第一推演参数,所述第一推演参数包含以下一项或多项:第一节点的小区无线网络临时标识C-RNTI、第二节点的分布式单元DU标识、所述第二节点的DU名字,所述第一节点为IAB节点,所述第二节点为IAB节点,所述第二节点与所述第一节点相连,所述第一节点通过所述第二节点接入所述IAB宿主节点;
    所述IAB宿主节点向所述第一节点发送所述第一推演参数,所述第一推演参数用于推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密。
  19. 如权利要求18所述的方法,其特征在于,还包括:
    所述IAB宿主节点根据根密钥和第一推演参数,推演得到所述共享密钥;所述IAB宿主节点向所述第二节点发送所述共享密钥;或者,
    所述IAB宿主节点向所述第二节点发送所述第一推演参数,所述第一推演参数用于推演得到所述共享密钥;或者,
    所述IAB宿主节点向所述第二节点发送中间密钥和所述第一推演参数中的第二推演参数,所述中间密钥和所述第二推演参数用于推演得到所述共享密钥,所述中间密钥是根据所述根密钥和所述第一推演参数中的第三推演参数推演得到的,所述第三推演参数是所述第一推演参数中的除所述第二推演参数之外的推演参数。
  20. 如权利要求18或19所述的方法,其特征在于,所述根密钥为IAB节点粒度的密钥、或IAB宿主节点粒度的密钥、或接入与移动性管理功能AMF粒度的密钥。
  21. 一种通信方法,其特征在于,包括:
    第一节点从IAB宿主节点接收根密钥,所述根密钥是IAB宿主节点粒度或接入与移动性管理功能AMF粒度的根密钥,所述第一节点为IAB节点;
    所述第一节点根据根密钥和所述第一节点与第二节点之间的共享参数,推演得到所述第一节点与所述第二节点之间的共享密钥,所述共享密钥用于对所述第一节点与所述第二节点之间传输的信息进行加密,所述第一节点与所述第二节点相连。
  22. 如权利要求21所述的方法,其特征在于,所述共享参数包括以下一项或多项:
    所述第一节点的回传适配协议BAP层参数、所述第二节点的BAP层参数、所述第一节点与所述第二节点之间的无线链路控制RLC层共享参数、所述第一节点的DU与所述第二节点的MT之间的共享参数。
  23. 如权利要求21或22所述的方法,其特征在于,还包括:
    所述第一节点在断开与所述IAB宿主节点的连接后,删除所述根密钥。
  24. 一种通信装置,其特征在于,包括:处理器和接口电路,所述接口电路用于与其它装置通信,所述处理器用于执行权利要求1-23任一所述的方法。
  25. 一种通信系统,其特征在于,包括用于执行权利要求1-5任一所述的方法的第一节点,和用于执行权利要求6-10任一所述的方法的IAB宿主节点。
  26. 一种通信系统,其特征在于,包括用于执行权利要求14-17任一所述的方法的第一节点,和用于执行权利要求18-20任一所述的方法的IAB宿主节点。
  27. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储程序,所述程序被处理器调用时,权利要求1-23任一所述的方法被执行。
  28. 一种计算机程序,其特征在于,当所述程序被处理器调用时,权利要求1-23任一所述的方法被执行。
PCT/CN2019/125373 2019-12-13 2019-12-13 通信方法、装置及系统 WO2021114283A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP19955938.6A EP4064748A4 (en) 2019-12-13 2019-12-13 COMMUNICATION METHOD, DEVICE AND SYSTEM
CN201980102740.7A CN114762372A (zh) 2019-12-13 2019-12-13 通信方法、装置及系统
PCT/CN2019/125373 WO2021114283A1 (zh) 2019-12-13 2019-12-13 通信方法、装置及系统
US17/837,476 US20220303763A1 (en) 2019-12-13 2022-06-10 Communication method, apparatus, and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/125373 WO2021114283A1 (zh) 2019-12-13 2019-12-13 通信方法、装置及系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/837,476 Continuation US20220303763A1 (en) 2019-12-13 2022-06-10 Communication method, apparatus, and system

Publications (1)

Publication Number Publication Date
WO2021114283A1 true WO2021114283A1 (zh) 2021-06-17

Family

ID=76329169

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/125373 WO2021114283A1 (zh) 2019-12-13 2019-12-13 通信方法、装置及系统

Country Status (4)

Country Link
US (1) US20220303763A1 (zh)
EP (1) EP4064748A4 (zh)
CN (1) CN114762372A (zh)
WO (1) WO2021114283A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117812697A (zh) * 2022-09-23 2024-04-02 大唐移动通信设备有限公司 网络注册、信息传输方法、装置及通信设备
CN115996465B (zh) * 2023-03-23 2023-06-06 广州世炬网络科技有限公司 基于节点数据进行节点连接分配的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019162489A1 (en) * 2018-02-23 2019-08-29 Nokia Technologies Oy Multi-destination control message for integrated access and backhaul nodes
US20190349079A1 (en) * 2018-05-11 2019-11-14 At&T Intellectual Property I, L.P. Resource coordination for integrated access and backhaul
CN110475267A (zh) * 2018-05-11 2019-11-19 华为技术有限公司 一种配置方法、数据传输方法和装置
CN110536350A (zh) * 2019-02-14 2019-12-03 中兴通讯股份有限公司 Iab链路控制方法、通信单元、计算机可读存储介质

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010019020A2 (ko) * 2008-08-15 2010-02-18 삼성전자주식회사 이동 통신 시스템의 보안화된 비계층 프로토콜 처리 방법
US10512005B2 (en) * 2017-09-29 2019-12-17 Nokia Technologies Oy Security in intersystem mobility
CN110099382B (zh) * 2018-01-30 2020-12-18 华为技术有限公司 一种消息保护方法及装置
CN110351109B (zh) * 2018-04-04 2022-04-29 中兴通讯股份有限公司 拓扑信息的管理方法及装置、系统、存储介质、电子装置
CN110381608B (zh) * 2018-04-13 2021-06-15 华为技术有限公司 一种中继网络的数据传输方法及装置
CN110475368B (zh) * 2018-05-10 2022-12-20 中兴通讯股份有限公司 信息传输方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019162489A1 (en) * 2018-02-23 2019-08-29 Nokia Technologies Oy Multi-destination control message for integrated access and backhaul nodes
US20190349079A1 (en) * 2018-05-11 2019-11-14 At&T Intellectual Property I, L.P. Resource coordination for integrated access and backhaul
CN110475267A (zh) * 2018-05-11 2019-11-19 华为技术有限公司 一种配置方法、数据传输方法和装置
CN110536350A (zh) * 2019-02-14 2019-12-03 中兴通讯股份有限公司 Iab链路控制方法、通信单元、计算机可读存储介质

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Study on Integrated Access and Backhaul; (Release 15)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 38.874, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. RAN WG2, no. V0.6.2, 7 November 2018 (2018-11-07), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 91, XP051487780 *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Security for NR Integrated Access and Backhaul; (Release 16)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 33.824, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V0.3.0, 9 July 2019 (2019-07-09), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, pages 1 - 21, XP051754611 *
3GPP TR 38.874
See also references of EP4064748A4

Also Published As

Publication number Publication date
EP4064748A1 (en) 2022-09-28
CN114762372A (zh) 2022-07-15
US20220303763A1 (en) 2022-09-22
EP4064748A4 (en) 2022-11-16

Similar Documents

Publication Publication Date Title
US11695742B2 (en) Security implementation method, device, and system
US20220272620A1 (en) Apparatus, system and method for enhancements to network slicing and the policy framework of a 5g network
US20170156098A1 (en) METHOD AND APPARATUS FOR SELF CONFIGURATION OF LTE E-NODE Bs
EP3691316B1 (en) Parameter protection method, device and system
JP2022502908A (ja) Nasメッセージのセキュリティ保護のためのシステム及び方法
WO2019096075A1 (zh) 一种消息保护的方法及装置
US20120297474A1 (en) Relay node authentication method, apparatus, and system
US20230239686A1 (en) Secure communication method, apparatus, and system
US20220303763A1 (en) Communication method, apparatus, and system
WO2020207156A1 (zh) 认证方法、装置及设备
US20220174761A1 (en) Communications method and apparatus
US8606228B2 (en) Method, user network equipment and management system thereof for secure data transmission
US20220345452A1 (en) Authentication system when authentication is not functioning
WO2020220862A1 (zh) 一种通信方法及装置
CN114208240B (zh) 数据传输方法、装置及系统
US20240179529A1 (en) Message transmission method and communication apparatus
WO2023213181A1 (zh) 一种通信方法及装置
WO2021249325A1 (zh) 切片服务验证方法及其装置
WO2023142102A1 (en) Security configuration update in communication networks
WO2024060626A1 (zh) 鉴权方法、通信装置及通信系统
KR100654441B1 (ko) 무선 네트워크 접근 제어방법 및 장치
CN117728880A (zh) 一种接入验证方法、卫星、信关站及存储介质
NZ755869B2 (en) Security implementation method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19955938

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2019955938

Country of ref document: EP

Effective date: 20220624

NENP Non-entry into the national phase

Ref country code: DE