WO2021180051A1 - Information reporting method, information receiving method, terminal, and network side divice - Google Patents

Information reporting method, information receiving method, terminal, and network side divice Download PDF

Info

Publication number
WO2021180051A1
WO2021180051A1 PCT/CN2021/079650 CN2021079650W WO2021180051A1 WO 2021180051 A1 WO2021180051 A1 WO 2021180051A1 CN 2021079650 W CN2021079650 W CN 2021079650W WO 2021180051 A1 WO2021180051 A1 WO 2021180051A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
supported
user plane
subkey
related information
Prior art date
Application number
PCT/CN2021/079650
Other languages
French (fr)
Chinese (zh)
Inventor
杨晓东
谢振华
鲍炜
柯小婉
刘佳敏
Original Assignee
维沃移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 维沃移动通信有限公司 filed Critical 维沃移动通信有限公司
Publication of WO2021180051A1 publication Critical patent/WO2021180051A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of communication technology, in particular to an information reporting method, information receiving method, terminal and network side equipment.
  • LTE Long Term Evolution
  • NR New Radio
  • NAS Non-Access Stratum
  • AS Access Stratum
  • K gNB used by the AS layer for security is generated based on the key K AMF of the NAS layer. And the network terminal generates K gNB also generates K gNB
  • K RRCenc is the key to encrypt RRC.
  • K RRCint is the key for RRC integrity protection.
  • K UPenc is the key for encrypting data on DRB.
  • K UPint is the key to protect the integrity of the data on the DRB.
  • a centralized unit Centralized Unit, CU
  • a user plane User Plane, UP
  • the CU and the UP may belong to different security domains.
  • UP1 and CU-CP Centralized Unit-Control Plane
  • UP1 belongs to one security domain
  • UP2 and CU-DU Centralized Unit-Distributed Unit
  • UP2 belongs to another security domain.
  • UP1 and UP2 and CU-UP are deployed together, but UP1 and UP2 are open to different third-party applications, so UP1 and UP2 also belong to different security domains.
  • NR allows integrity protection of UP data, but the current integrity protection capabilities of NR support for UP are hierarchical and are based on the data rate. For example, the terminal only supports the 64Kbit/S rate for integrity protection. If the UP transmission rate exceeds this rate, the terminal will not be able to perform integrity protection on the UP data.
  • the embodiments of the present invention provide an information reporting method, an information receiving method, a terminal, and a network side device to solve the problem that the network cannot configure reasonable security domain related parameters for the terminal in the prior art.
  • an information reporting method applied to a terminal, includes:
  • the embodiment of the present invention also provides an information receiving method, which is applied to a network side device, and includes:
  • a user plane security domain is configured for the terminal.
  • the embodiment of the present invention also provides a terminal, including:
  • the sending module is used to send security related information supported by the terminal to the network side device.
  • the embodiment of the present invention also provides a network side device, including:
  • the receiving module is used to receive the security related information supported by the terminal and sent by the terminal;
  • the configuration module is used to configure the user plane security domain for the terminal according to the security related information supported by the terminal.
  • the embodiment of the present invention also provides a communication device, including a processor, a memory, and a computer program stored on the memory and capable of running on the processor.
  • a communication device including a processor, a memory, and a computer program stored on the memory and capable of running on the processor.
  • the embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the information reporting method as described above are realized; or, When the computer program is executed by the processor, the steps of the information receiving method described above are realized.
  • the terminal reports the security related information supported by the terminal to the network side device, so that the network side device configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain.
  • the reasonable configuration is possible.
  • FIG. 1 shows a schematic diagram of the steps of an information reporting method provided by an embodiment of the present invention
  • FIG. 2 shows a flowchart of the steps of an information receiving method provided by an embodiment of the present invention
  • FIG. 3 shows one of the schematic structural diagrams of a terminal provided by an embodiment of the present invention
  • FIG. 4 shows one of the schematic structural diagrams of a network side device provided by an embodiment of the present invention
  • FIG. 5 shows the second structural diagram of a terminal provided by an embodiment of the present invention
  • FIG. 6 shows the second structural diagram of a network side device provided by an embodiment of the present invention.
  • words such as “exemplary” or “for example” are used to represent examples, illustrations, or illustrations. Any embodiment or design solution described as “exemplary” or “for example” in the embodiments of the present invention should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, words such as “exemplary” or “for example” are used to present related concepts in a specific manner.
  • the terminal provided by the embodiment of the present invention may be a mobile phone, a tablet computer, a notebook computer, an Ultra-Mobile Personal Computer (UMPC), a netbook, a wearable device (Wearable Device), a vehicle-mounted device, or a personal digital assistant (Personal Digital Assistant). Digital Assistant, PDA) etc. It should be noted that the specific type of the terminal is not limited in the embodiment of the present invention.
  • the network-side equipment may be a base station, where the base station may be a commonly used base station, an evolved node base station (eNB), or a network-side equipment in a 5G system (such as a next generation base station). Node base station (gNB) or transmission and reception point (TRP)) or cell and other equipment.
  • gNB Node base station
  • TRP transmission and reception point
  • an embodiment of the present invention provides an information reporting method, which is applied to a terminal, and includes:
  • Step 101 Send security related information supported by the terminal to the network side device.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains supported by the terminal is the number of user plane security domains supported by the terminal.
  • the level of the user plane security domain supported by the terminal is the level of the user plane security domain supported by the terminal.
  • the DRB configured by the network for the terminal does not exceed a maximum of 3 security domains.
  • the types of user plane security domains reported by the terminal are type 1 and type 2, where type 1 security domains correspond to low-latency and high-reliability URLLC services, and type 2 security domains correspond to enhanced mobile broadband eMBB services.
  • the terminal reports a security domain that supports level 3 or lower, or the terminal reports a security domain that supports level 5 or higher.
  • the security-related information includes at least one of the following:
  • the number of subkeys supported by the terminal is the number of subkeys supported by the terminal.
  • the terminal reports that the number of non-access layer keys supported by it is 5 and the number of access layer keys is 8; if a security domain corresponds to 1 non-access layer key and 2 access layer keys Key, the network can configure up to 4 security domains that require security keys for the terminal.
  • the network side device after the network side device knows the number of keys or subkeys supported by the terminal, it can configure the security domain reasonably according to whether the security domain needs integrity protection. For example, configure more security domains that only need to be encrypted.
  • the subkey includes at least one of the following:
  • the subkey for RRC integrity protection is the subkey for RRC integrity protection
  • the subkey for data encryption on the data radio bearer DRB is the subkey for data encryption on the data radio bearer DRB
  • the subkey to protect the integrity of the data on the DRB.
  • the network can reasonably configure security domains according to the number of subkeys; for example, the network side configures 6 security domains, of which 5 security domains require 4 subkeys. Key, there can be only 2 sub-keys if there is 1 security domain.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains that support the target integrity protection data rate is the number of user plane security domains that support the target integrity protection data rate.
  • the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 128 kbit/S rate is two. For another example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 64 kbit/S rate is 5.
  • the network side device can configure different security domains for the terminal according to the attributes of different security domains.
  • the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
  • an embodiment of the present invention also provides an information receiving method, which is applied to a network side device, and includes:
  • Step 201 Receive security related information supported by the terminal and sent by the terminal;
  • Step 202 Configure a user plane security domain for the terminal according to the security related information supported by the terminal.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains supported by the terminal is the number of user plane security domains supported by the terminal.
  • the level of the user plane security domain supported by the terminal is the level of the user plane security domain supported by the terminal.
  • the DRB configured by the network for the terminal does not exceed a maximum of 3 security domains.
  • the types of user plane security domains reported by the terminal are type 1 and type 2, where type 1 security domains correspond to low-latency and high-reliability URLLC services, and type 2 security domains correspond to enhanced mobile broadband eMBB services.
  • the terminal reports a security domain that supports level 3 or lower, or the terminal reports a security domain that supports level 5 or higher.
  • the security-related information includes at least one of the following:
  • the number of subkeys supported by the terminal is the number of subkeys supported by the terminal.
  • the terminal reports that the number of non-access layer keys supported by it is 5 and the number of access layer keys is 8; if a security domain corresponds to 1 non-access layer key and 2 access layer keys Key, the network can configure up to 4 security domains that require security keys for the terminal.
  • the network side device after the network side device knows the number of keys or subkeys supported by the terminal, it can configure the security domain reasonably according to whether the security domain needs integrity protection. For example, configure more security domains that only need to be encrypted.
  • the subkey includes at least one of the following:
  • the subkey for RRC integrity protection is the subkey for RRC integrity protection
  • the subkey for data encryption on the data radio bearer DRB is the subkey for data encryption on the data radio bearer DRB
  • the subkey to protect the integrity of the data on the DRB.
  • the network can reasonably configure security domains according to the number of subkeys; for example, the network side configures 6 security domains, of which 5 security domains require 4 subkeys. Key, there can be only 2 sub-keys if there is 1 security domain.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains that support the target integrity protection data rate is the number of user plane security domains that support the target integrity protection data rate.
  • the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 128 kbit/S rate is two. For another example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 64 kbit/S rate is 5.
  • the network side device can configure different security domains for the terminal according to the attributes of different security domains.
  • the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
  • an embodiment of the present invention also provides a terminal 300, including:
  • the sending module 301 is used to send security related information supported by the terminal to the network side device.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains supported by the terminal is the number of user plane security domains supported by the terminal.
  • the level of the user plane security domain supported by the terminal is the level of the user plane security domain supported by the terminal.
  • the security-related information includes at least one of the following:
  • the number of subkeys supported by the terminal is the number of subkeys supported by the terminal.
  • the subkey includes at least one of the following:
  • the subkey for RRC integrity protection is the subkey for RRC integrity protection
  • the subkey for data encryption on the data radio bearer DRB is the subkey for data encryption on the data radio bearer DRB
  • the subkey to protect the integrity of the data on the DRB.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains that support the target integrity protection data rate is the number of user plane security domains that support the target integrity protection data rate.
  • the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
  • the terminal provided in the above-mentioned embodiment of the present invention is a terminal capable of executing the above-mentioned information reporting method, and all embodiments of the above-mentioned information reporting method are applicable to the terminal and can achieve the same or similar beneficial effects.
  • the embodiment of the present invention also provides a communication device, the communication device is a terminal, including a processor, a memory, a computer program stored in the memory and running on the processor, and the computer program is executed by the processor
  • a communication device is a terminal, including a processor, a memory, a computer program stored in the memory and running on the processor, and the computer program is executed by the processor
  • the embodiment of the present invention also provides a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium.
  • a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, each process of the above-mentioned information reporting method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here.
  • the computer-readable storage medium such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
  • an embodiment of the present invention also provides a network side device 400, including:
  • the receiving module 401 is configured to receive security related information supported by the terminal and sent by the terminal;
  • the configuration module 402 is configured to configure a user plane security domain for the terminal according to the security related information supported by the terminal.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains supported by the terminal is the number of user plane security domains supported by the terminal.
  • the level of the user plane security domain supported by the terminal is the level of the user plane security domain supported by the terminal.
  • the security-related information includes at least one of the following:
  • the number of subkeys supported by the terminal is the number of subkeys supported by the terminal.
  • the subkey includes at least one of the following:
  • the subkey for RRC integrity protection is the subkey for RRC integrity protection
  • the subkey for data encryption on the data radio bearer DRB is the subkey for data encryption on the data radio bearer DRB
  • the subkey to protect the integrity of the data on the DRB.
  • the security-related information includes at least one of the following:
  • the number of user plane security domains that support the target integrity protection data rate is the number of user plane security domains that support the target integrity protection data rate.
  • the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
  • the network-side device provided by the above-mentioned embodiment of the present invention is a network-side device capable of executing the above-mentioned information receiving method, and all the embodiments of the above-mentioned information receiving method are applicable to the network-side device, and can achieve the same Or similar beneficial effects.
  • the embodiment of the present invention further provides a communication device
  • the communication device is a network side device, including a processor, a memory, a computer program stored in the memory and running on the processor, and the computer program is processed
  • the device is executed, each process of the above-mentioned information receiving method embodiment is realized, and the same technical effect can be achieved. In order to avoid repetition, details are not repeated here.
  • the embodiment of the present invention also provides a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium.
  • a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, each process of the above-mentioned information receiving method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here.
  • the computer-readable storage medium such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
  • the terminal 500 includes but is not limited to: a radio frequency unit 501, a network module 502, an audio output unit 503, an input unit 504, a sensor 505, a display unit 506, User input unit 507, interface unit 508, memory 509, processor 510, power supply 511 and other components.
  • a radio frequency unit 501 includes but is not limited to: a radio frequency unit 501, a network module 502, an audio output unit 503, an input unit 504, a sensor 505, a display unit 506, User input unit 507, interface unit 508, memory 509, processor 510, power supply 511 and other components.
  • the terminal structure shown in FIG. 5 does not constitute a limitation on the terminal, and the terminal may include more or fewer components than shown in the figure, or combine certain components, or arrange different components.
  • the terminal includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.
  • the radio frequency unit 501 is configured to send security related information supported by the terminal to the network side device.
  • the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
  • the terminal provided in the foregoing embodiment of the present invention is a terminal capable of executing the foregoing information reporting method, and all the foregoing embodiments of the information reporting method are applicable to the terminal, and can achieve the same or similar beneficial effects.
  • the radio frequency unit 501 can be used for receiving and sending signals in the process of sending and receiving information or talking. Specifically, after receiving the downlink data from the base station, it is processed by the processor 510; Uplink data is sent to the base station.
  • the radio frequency unit 501 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
  • the radio frequency unit 501 can also communicate with the network and other devices through a wireless communication system.
  • the terminal provides users with wireless broadband Internet access through the network module 502, such as helping users to send and receive emails, browse web pages, and access streaming media.
  • the audio output unit 503 can convert the audio data received by the radio frequency unit 501 or the network module 502 or stored in the memory 509 into an audio signal and output it as sound. Moreover, the audio output unit 503 may also provide audio output related to a specific function performed by the terminal 500 (for example, call signal reception sound, message reception sound, etc.).
  • the audio output unit 503 includes a speaker, a buzzer, a receiver, and the like.
  • the input unit 504 is used to receive audio or video signals.
  • the input unit 504 may include a graphics processing unit (GPU) 5041 and a microphone 5042.
  • the graphics processor 5041 is configured to monitor images of still pictures or videos obtained by an image capture device (such as a camera) in a video capture mode or an image capture mode. Data is processed.
  • the processed image frame may be displayed on the display unit 506.
  • the image frame processed by the graphics processor 5041 may be stored in the memory 509 (or other storage medium) or sent via the radio frequency unit 501 or the network module 502.
  • the microphone 5042 can receive sound, and can process such sound into audio data.
  • the processed audio data can be converted into a format that can be sent to a mobile communication base station via the radio frequency unit 501 for output in the case of a telephone call mode.
  • the terminal 500 further includes at least one sensor 505, such as a light sensor, a motion sensor, and other sensors.
  • the light sensor includes an ambient light sensor and a proximity sensor.
  • the ambient light sensor can adjust the brightness of the display panel 5061 according to the brightness of the ambient light.
  • the proximity sensor can close the display panel 5061 and/or when the terminal 500 is moved to the ear. Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three-axis), and can detect the magnitude and direction of gravity when stationary, and can be used to identify terminal gestures (such as horizontal and vertical screen switching, related games, Magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; sensor 505 can also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared Sensors, etc., will not be repeated here.
  • the display unit 506 is used to display information input by the user or information provided to the user.
  • the display unit 506 may include a display panel 5061, and the display panel 5061 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), etc.
  • LCD liquid crystal display
  • OLED organic light-emitting diode
  • the user input unit 507 can be used to receive inputted number or character information, and generate key signal input related to user settings and function control of the terminal.
  • the user input unit 507 includes a touch panel 5071 and other input devices 5072.
  • the touch panel 5071 also known as a touch screen, can collect the user's touch operations on or near it (for example, the user uses any suitable objects or accessories such as fingers, stylus, etc.) on the touch panel 5071 or near the touch panel 5071. operate).
  • the touch panel 5071 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the user's touch position, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it To the processor 510, the command sent by the processor 510 is received and executed.
  • the touch panel 5071 can be implemented in multiple types such as resistive, capacitive, infrared, and surface acoustic wave.
  • the user input unit 507 may also include other input devices 5072.
  • other input devices 5072 may include, but are not limited to, a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, and joystick, which will not be repeated here.
  • the touch panel 5071 can be overlaid on the display panel 5061.
  • the touch panel 5071 detects a touch operation on or near it, it is transmitted to the processor 510 to determine the type of touch event, and then the processor 510 determines the type of the touch event according to the touch.
  • the type of event provides corresponding visual output on the display panel 5061.
  • the touch panel 5071 and the display panel 5061 are used as two independent components to implement the input and output functions of the terminal, in some embodiments, the touch panel 5071 and the display panel 5061 can be integrated. Realize the input and output functions of the terminal, the specifics are not limited here.
  • the interface unit 508 is an interface for connecting an external device to the terminal 500.
  • the external device may include a wired or wireless headset port, an external power source (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device with an identification module, audio input/output (I/O) port, video I/O port, headphone port, etc.
  • the interface unit 508 may be used to receive input (for example, data information, power, etc.) from an external device and transmit the received input to one or more elements in the terminal 500 or may be used to communicate between the terminal 500 and the external device. Transfer data between.
  • the memory 509 can be used to store software programs and various data.
  • the memory 509 may mainly include a storage program area and a storage data area.
  • the storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; Data created by the use of mobile phones (such as audio data, phone book, etc.), etc.
  • the memory 509 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
  • the processor 510 is the control center of the terminal. It uses various interfaces and lines to connect various parts of the entire terminal. Various functions of the terminal and processing data, so as to monitor the terminal as a whole.
  • the processor 510 may include one or more processing units; preferably, the processor 510 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, application programs, etc., and the modem
  • the processor mainly deals with wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 510.
  • the terminal 500 may also include a power source 511 (such as a battery) for supplying power to various components.
  • a power source 511 such as a battery
  • the power source 511 may be logically connected to the processor 510 through a power management system, so as to manage charging, discharging, and power consumption management through the power management system. Function.
  • the terminal 500 includes some functional modules not shown, which will not be repeated here.
  • Fig. 6 is a structural diagram of a network side device according to an embodiment of the present invention, which can realize the details of the above-mentioned information receiving method and achieve the same effect.
  • the network side device 1200 includes: a processor 1201, a transceiver 1202, a memory 1203, and a bus interface, where:
  • the processor 1201 is configured to read a program in the memory 1203 and execute the following process:
  • a user plane security domain is configured for the terminal.
  • the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
  • the network-side device provided by the above-mentioned embodiment of the present invention is a network-side device capable of executing the above-mentioned information receiving method, and all the embodiments of the above-mentioned information receiving method are applicable to the network-side device, and can achieve the same Or similar beneficial effects.
  • the bus architecture may include any number of interconnected buses and bridges. Specifically, one or more processors represented by the processor 1201 and various circuits of the memory represented by the memory 1203 are linked together.
  • the bus architecture can also link various other circuits such as peripherals, voltage regulators, power management circuits, etc., which are all known in the art, and therefore, will not be further described herein.
  • the bus interface provides the interface.
  • the transceiver 1202 may be a plurality of elements, that is, including a transmitter and a receiver, and provide a unit for communicating with various other devices on the transmission medium.
  • the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to make a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present invention.
  • a terminal which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided in the embodiments of the present invention are an information reporting method, an information receiving method, a terminal, and a network side device, the method comprising: sending to a network side device security-related information supported by a terminal.

Description

信息上报方法、信息接收方法、终端及网络侧设备Information reporting method, information receiving method, terminal and network side equipment
相关申请的交叉引用Cross-references to related applications
本申请主张在2020年3月9日在中国提交的中国专利申请号No.202010157851.2的优先权,其全部内容通过引用包含于此。This application claims the priority of Chinese Patent Application No. 202010157851.2 filed in China on March 9, 2020, the entire content of which is incorporated herein by reference.
技术领域Technical field
本发明涉及通信技术领域,尤其是指一种信息上报方法、信息接收方法、终端及网络侧设备。The present invention relates to the field of communication technology, in particular to an information reporting method, information receiving method, terminal and network side equipment.
背景技术Background technique
长期演进(Long Term Evolution,LTE)和新空口(New Radio,NR)系统中网络和终端会对发送的数据做加密和完整性保护。In the Long Term Evolution (LTE) and New Radio (NR) systems, the network and terminals will encrypt and protect the integrity of the data sent.
LTE和NR系统的安全是通过两层保护的,一层是非接入层(Non-Access Stratum,NAS)的加密,一层是接入层(Access Stratum,AS)的加密。The security of the LTE and NR systems is protected by two layers, one is the encryption of the Non-Access Stratum (NAS), and the other is the encryption of the Access Stratum (AS).
AS层应用于安全的密钥K gNB是根据NAS层的密钥K AMF生成的。网络和终端都生成K gNB后还会根据K gNB生成对无线资源控制(Radio Resource Control,RRC)消息和AS层数据无线承载(DataRadioBearer,DRB)上的数据加密和完整性保护的密钥。K RRCenc是对RRC加密的密钥。K RRCint是对RRC完整性保护的密钥。K UPenc是对DRB上数据加密的密钥。K UPint是对DRB上数据完整性保护的密钥。 The key K gNB used by the AS layer for security is generated based on the key K AMF of the NAS layer. And the network terminal generates K gNB also generates K gNB The RRC (Radio Resource Control, RRC) key data encryption and integrity protection on the message and the AS layer data radio bearer (DataRadioBearer, DRB). K RRCenc is the key to encrypt RRC. K RRCint is the key for RRC integrity protection. K UPenc is the key for encrypting data on DRB. K UPint is the key to protect the integrity of the data on the DRB.
现有技术中集中单元(Centralized Unit,CU)和用户面(User Plane,UP)分离的情况下,CU和UP可以属于不同的安全域。例如,UP1和CU-CP(集中单元-控制面)部署在一起,UP1属于一个安全域;UP2和CU-DU(集中单元-分布单元)部署在一起,UP2属于另外一个安全域。再例如,UP1和UP2和CU-UP部署在一起,但是UP1和UP2开放给不同的第三方应用,因此UP1和UP2也属于不同的安全域。In the case where a centralized unit (Centralized Unit, CU) and a user plane (User Plane, UP) are separated in the prior art, the CU and the UP may belong to different security domains. For example, UP1 and CU-CP (Centralized Unit-Control Plane) are deployed together, UP1 belongs to one security domain; UP2 and CU-DU (Centralized Unit-Distributed Unit) are deployed together, and UP2 belongs to another security domain. For another example, UP1 and UP2 and CU-UP are deployed together, but UP1 and UP2 are open to different third-party applications, so UP1 and UP2 also belong to different security domains.
目前NR允许对UP的数据也做完整性保护,但是目前NR支持对UP的完整性保护能力是分等级的,是按照数据的速率来的。比如,终端只支持 64Kbit/S的速率做完整性保护,如果UP传输的速率超过这个速率,终端就没有能力对该UP数据做完整性保护。At present, NR allows integrity protection of UP data, but the current integrity protection capabilities of NR support for UP are hierarchical and are based on the data rate. For example, the terminal only supports the 64Kbit/S rate for integrity protection. If the UP transmission rate exceeds this rate, the terminal will not be able to perform integrity protection on the UP data.
综上,现有机制中由于不同的终端支持不同的安全域能力,而网络不清楚,导致网络无法为终端配置合理的安全相关参数。In summary, in the existing mechanism, because different terminals support different security domain capabilities, and the network is not clear, the network cannot configure reasonable security-related parameters for the terminal.
发明内容Summary of the invention
本发明实施例提供一种信息上报方法、信息接收方法、终端及网络侧设备,以解决现有技术中网络无法为终端配置合理的安全域相关参数的问题。The embodiments of the present invention provide an information reporting method, an information receiving method, a terminal, and a network side device to solve the problem that the network cannot configure reasonable security domain related parameters for the terminal in the prior art.
为了解决上述技术问题,本发明实施例是这样实现的:一种信息上报方法,应用于终端,包括:In order to solve the above technical problems, the embodiments of the present invention are implemented as follows: an information reporting method, applied to a terminal, includes:
向网络侧设备发送终端支持的安全相关信息。Send security-related information supported by the terminal to the network side device.
本发明实施例还提供了一种信息接收方法,应用于网络侧设备,包括:The embodiment of the present invention also provides an information receiving method, which is applied to a network side device, and includes:
接收终端发送的所述终端支持的安全相关信息;Receiving the security related information supported by the terminal and sent by the terminal;
根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。According to the security related information supported by the terminal, a user plane security domain is configured for the terminal.
本发明实施例还提供了一种终端,包括:The embodiment of the present invention also provides a terminal, including:
发送模块,用于向网络侧设备发送终端支持的安全相关信息。The sending module is used to send security related information supported by the terminal to the network side device.
本发明实施例还提供了一种网络侧设备,包括:The embodiment of the present invention also provides a network side device, including:
接收模块,用于接收终端发送的所述终端支持的安全相关信息;The receiving module is used to receive the security related information supported by the terminal and sent by the terminal;
配置模块,用于根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。The configuration module is used to configure the user plane security domain for the terminal according to the security related information supported by the terminal.
本发明实施例还提供了一种通信设备,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如上所述的信息上报方法的步骤;或者,所述计算机程序被所述处理器执行时实现如上所述的信息接收方法的步骤。The embodiment of the present invention also provides a communication device, including a processor, a memory, and a computer program stored on the memory and capable of running on the processor. When the computer program is executed by the processor, the above is achieved. The steps of the information reporting method; or, when the computer program is executed by the processor, the steps of the information receiving method described above are implemented.
本发明实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如上所述的信息上报方法的步骤;或者,所述计算机程序被处理器执行时实现如上所述的信息接收方法的步骤。The embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the information reporting method as described above are realized; or, When the computer program is executed by the processor, the steps of the information receiving method described above are realized.
在本发明实施例中,终端向网络侧设备上报终端支持的安全相关信息, 使得网络侧设备根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。In the embodiment of the present invention, the terminal reports the security related information supported by the terminal to the network side device, so that the network side device configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. The reasonable configuration.
附图说明Description of the drawings
为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present invention more clearly, the following will briefly introduce the drawings that need to be used in the description of the embodiments of the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.
图1表示本发明实施例提供的信息上报方法的步骤示意图;FIG. 1 shows a schematic diagram of the steps of an information reporting method provided by an embodiment of the present invention;
图2表示本发明实施例提供的信息接收方法的步骤流程图;Figure 2 shows a flowchart of the steps of an information receiving method provided by an embodiment of the present invention;
图3表示本发明实施例提供的终端的结构示意图之一;FIG. 3 shows one of the schematic structural diagrams of a terminal provided by an embodiment of the present invention;
图4表示本发明实施例提供的网络侧设备的结构示意图之一;FIG. 4 shows one of the schematic structural diagrams of a network side device provided by an embodiment of the present invention;
图5表示本发明实施例提供的终端的结构示意图之二;FIG. 5 shows the second structural diagram of a terminal provided by an embodiment of the present invention;
图6表示本发明实施例提供的网络侧设备的结构示意图之二。FIG. 6 shows the second structural diagram of a network side device provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
在本发明实施例中,“示例性的”或者“例如”等词用于表示作例子、例证或说明。本发明实施例中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。In the embodiments of the present invention, words such as "exemplary" or "for example" are used to represent examples, illustrations, or illustrations. Any embodiment or design solution described as "exemplary" or "for example" in the embodiments of the present invention should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, words such as "exemplary" or "for example" are used to present related concepts in a specific manner.
本发明实施例提供的终端可以为手机、平板电脑、笔记本电脑、超级移动个人计算机(Ultra-Mobile Personal Computer,UMPC)、上网本、可穿戴式设备(Wearable Device)、车载设备或者个人数字助理(Personal Digital Assistant,PDA)等。需要说明的是,在本发明实施例中并不限定终端的具体类型。网络侧设备可以为基站,其中,基站可以为通常所用的基站,也可以为演进型 基站(evolved node base station,eNB),还可以为5G系统中的网络侧设备(例如下一代基站(next generation node base station,gNB)或发送和接收点(transmission and reception point,TRP))或者小区cell等设备。The terminal provided by the embodiment of the present invention may be a mobile phone, a tablet computer, a notebook computer, an Ultra-Mobile Personal Computer (UMPC), a netbook, a wearable device (Wearable Device), a vehicle-mounted device, or a personal digital assistant (Personal Digital Assistant). Digital Assistant, PDA) etc. It should be noted that the specific type of the terminal is not limited in the embodiment of the present invention. The network-side equipment may be a base station, where the base station may be a commonly used base station, an evolved node base station (eNB), or a network-side equipment in a 5G system (such as a next generation base station). Node base station (gNB) or transmission and reception point (TRP)) or cell and other equipment.
如图1所示,本发明实施例提供一种信息上报方法,应用于终端,包括:As shown in FIG. 1, an embodiment of the present invention provides an information reporting method, which is applied to a terminal, and includes:
步骤101,向网络侧设备发送终端支持的安全相关信息。Step 101: Send security related information supported by the terminal to the network side device.
作为一个可选实施例,所述安全相关信息包括下述至少一项:As an optional embodiment, the security-related information includes at least one of the following:
终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
例如,终端上报支持的用户面安全域的数量为3,那么网络在配置终端的数据承载DRB时,网络为终端配置的DRB不超过最大3个安全域。For example, if the number of user plane security domains reported by the terminal is 3, then when the network configures the terminal's data bearer DRB, the DRB configured by the network for the terminal does not exceed a maximum of 3 security domains.
再例如,终端上报支持的用户面安全域的类型为类型1和类型2,其中,类型1的安全域对应低时延高可靠URLLC业务,类型2的安全域对应增强移动宽带eMBB业务。For another example, the types of user plane security domains reported by the terminal are type 1 and type 2, where type 1 security domains correspond to low-latency and high-reliability URLLC services, and type 2 security domains correspond to enhanced mobile broadband eMBB services.
又例如,终端上报其支持等级3以下的安全域,或者,终端上报其支持等级5以上的安全域。For another example, the terminal reports a security domain that supports level 3 or lower, or the terminal reports a security domain that supports level 5 or higher.
作为又一个可选实施例,所述安全相关信息包括下述至少一项:As yet another optional embodiment, the security-related information includes at least one of the following:
终端支持的密钥的数量;The number of keys supported by the terminal;
终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
终端支持的子密钥的数量。The number of subkeys supported by the terminal.
例如,终端上报其支持的非接入层密钥的数量为5个,接入层密钥的数量为8个;如果一个安全域对应1个非接入层密钥、2个接入层密钥,那么网络可最多给终端配置4个需要安全密钥的安全域。For example, the terminal reports that the number of non-access layer keys supported by it is 5 and the number of access layer keys is 8; if a security domain corresponds to 1 non-access layer key and 2 access layer keys Key, the network can configure up to 4 security domains that require security keys for the terminal.
本发明实施例中,网络侧设备获知终端支持的密钥或子密钥的数量之后,则可根据安全域是否需要进行完整性保护来对安全域进行合理配置。例如,配置更多的仅需要进行加密保护的安全域。In the embodiment of the present invention, after the network side device knows the number of keys or subkeys supported by the terminal, it can configure the security domain reasonably according to whether the security domain needs integrity protection. For example, configure more security domains that only need to be encrypted.
可选的,本发明的上述实施例中,所述子密钥包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the subkey includes at least one of the following:
对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
例如,终端上报其支持的子密钥的数量为22个,那么网络可以根据子密钥的数量合理的配置安全域;如网络侧配置6个安全域,其中有5个安全域需要4个子密钥,有1个安全域可以只有2个子密钥。For example, if the terminal reports that the number of subkeys it supports is 22, the network can reasonably configure security domains according to the number of subkeys; for example, the network side configures 6 security domains, of which 5 security domains require 4 subkeys. Key, there can be only 2 sub-keys if there is 1 security domain.
作为另一个可选实施例,所述安全相关信息包括下述至少一项:As another optional embodiment, the security-related information includes at least one of the following:
所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
例如,终端上报支持最大128kbit/S速率的完整性保护能力的安全域的数量为2个。再例如,终端上报支持最大64kbit/S速率的完整性保护能力的安全域的数量为5个。从而使得网络侧设备可以根据不同安全域的属性给终端配置不同的安全域。For example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 128 kbit/S rate is two. For another example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 64 kbit/S rate is 5. Thus, the network side device can configure different security domains for the terminal according to the attributes of different security domains.
综上,本发明实施例中终端向网络侧设备上报终端支持的安全相关信息,使得网络侧设备根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。In summary, in the embodiment of the present invention, the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
如图2所示,本发明实施例还提供一种信息接收方法,应用于网络侧设备,包括:As shown in FIG. 2, an embodiment of the present invention also provides an information receiving method, which is applied to a network side device, and includes:
步骤201,接收终端发送的所述终端支持的安全相关信息;Step 201: Receive security related information supported by the terminal and sent by the terminal;
步骤202,根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。Step 202: Configure a user plane security domain for the terminal according to the security related information supported by the terminal.
作为一个可选实施例,所述安全相关信息包括下述至少一项:As an optional embodiment, the security-related information includes at least one of the following:
终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
例如,终端上报支持的用户面安全域的数量为3,那么网络在配置终端的数据承载DRB时,网络为终端配置的DRB不超过最大3个安全域。For example, if the number of user plane security domains reported by the terminal is 3, then when the network configures the terminal's data bearer DRB, the DRB configured by the network for the terminal does not exceed a maximum of 3 security domains.
再例如,终端上报支持的用户面安全域的类型为类型1和类型2,其中,类型1的安全域对应低时延高可靠URLLC业务,类型2的安全域对应增强 移动宽带eMBB业务。For another example, the types of user plane security domains reported by the terminal are type 1 and type 2, where type 1 security domains correspond to low-latency and high-reliability URLLC services, and type 2 security domains correspond to enhanced mobile broadband eMBB services.
又例如,终端上报其支持等级3以下的安全域,或者,终端上报其支持等级5以上的安全域。For another example, the terminal reports a security domain that supports level 3 or lower, or the terminal reports a security domain that supports level 5 or higher.
作为又一个可选实施例,所述安全相关信息包括下述至少一项:As yet another optional embodiment, the security-related information includes at least one of the following:
终端支持的密钥的数量;The number of keys supported by the terminal;
终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
终端支持的子密钥的数量。The number of subkeys supported by the terminal.
例如,终端上报其支持的非接入层密钥的数量为5个,接入层密钥的数量为8个;如果一个安全域对应1个非接入层密钥、2个接入层密钥,那么网络可最多给终端配置4个需要安全密钥的安全域。For example, the terminal reports that the number of non-access layer keys supported by it is 5 and the number of access layer keys is 8; if a security domain corresponds to 1 non-access layer key and 2 access layer keys Key, the network can configure up to 4 security domains that require security keys for the terminal.
本发明实施例中,网络侧设备获知终端支持的密钥或子密钥的数量之后,则可根据安全域是否需要进行完整性保护来对安全域进行合理配置。例如,配置更多的仅需要进行加密保护的安全域。In the embodiment of the present invention, after the network side device knows the number of keys or subkeys supported by the terminal, it can configure the security domain reasonably according to whether the security domain needs integrity protection. For example, configure more security domains that only need to be encrypted.
可选的,本发明的上述实施例中,所述子密钥包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the subkey includes at least one of the following:
对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
例如,终端上报其支持的子密钥的数量为22个,那么网络可以根据子密钥的数量合理的配置安全域;如网络侧配置6个安全域,其中有5个安全域需要4个子密钥,有1个安全域可以只有2个子密钥。For example, if the terminal reports that the number of subkeys it supports is 22, the network can reasonably configure security domains according to the number of subkeys; for example, the network side configures 6 security domains, of which 5 security domains require 4 subkeys. Key, there can be only 2 sub-keys if there is 1 security domain.
作为另一个可选实施例,所述安全相关信息包括下述至少一项:As another optional embodiment, the security-related information includes at least one of the following:
所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
例如,终端上报支持最大128kbit/S速率的完整性保护能力的安全域的数量为2个。再例如,终端上报支持最大64kbit/S速率的完整性保护能力的安全域的数量为5个。从而使得网络侧设备可以根据不同安全域的属性给终端配置不同的安全域。For example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 128 kbit/S rate is two. For another example, the terminal reports that the number of security domains supporting the integrity protection capability of the maximum 64 kbit/S rate is 5. Thus, the network side device can configure different security domains for the terminal according to the attributes of different security domains.
综上,本发明实施例中网络侧设备接收终端上报的其支持的安全相关信息,并根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。To sum up, in the embodiment of the present invention, the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
如图3所示,本发明实施例还提供一种终端300,包括:As shown in FIG. 3, an embodiment of the present invention also provides a terminal 300, including:
发送模块301,用于向网络侧设备发送终端支持的安全相关信息。The sending module 301 is used to send security related information supported by the terminal to the network side device.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
终端支持的密钥的数量;The number of keys supported by the terminal;
终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
终端支持的子密钥的数量。The number of subkeys supported by the terminal.
可选的,本发明的上述实施例中,所述子密钥包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the subkey includes at least one of the following:
对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
综上,本发明实施例中终端向网络侧设备上报终端支持的安全相关信息,使得网络侧设备根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。In summary, in the embodiment of the present invention, the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
需要说明的是,本发明的上述实施例提供的终端是能够执行上述信息上报方法的终端,则上述信息上报方法的所有实施例均适用于该终端,且均能达到相同或相似的有益效果。It should be noted that the terminal provided in the above-mentioned embodiment of the present invention is a terminal capable of executing the above-mentioned information reporting method, and all embodiments of the above-mentioned information reporting method are applicable to the terminal and can achieve the same or similar beneficial effects.
优选的,本发明实施例还提供一种通信设备,该通信设备为终端,包括 处理器,存储器,存储在存储器上并可在所述处理器上运行的计算机程序,该计算机程序被处理器执行时实现上述信息上报方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Preferably, the embodiment of the present invention also provides a communication device, the communication device is a terminal, including a processor, a memory, a computer program stored in the memory and running on the processor, and the computer program is executed by the processor Each process of the above-mentioned information reporting method embodiment is realized at a time, and the same technical effect can be achieved. In order to avoid repetition, details are not repeated here.
本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述信息上报方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。The embodiment of the present invention also provides a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above-mentioned information reporting method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here. Wherein, the computer-readable storage medium, such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
如图4所示,本发明实施例还提供一种网络侧设备400,包括:As shown in FIG. 4, an embodiment of the present invention also provides a network side device 400, including:
接收模块401,用于接收终端发送的所述终端支持的安全相关信息;The receiving module 401 is configured to receive security related information supported by the terminal and sent by the terminal;
配置模块402,用于根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。The configuration module 402 is configured to configure a user plane security domain for the terminal according to the security related information supported by the terminal.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
终端支持的密钥的数量;The number of keys supported by the terminal;
终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
终端支持的子密钥的数量。The number of subkeys supported by the terminal.
可选的,本发明的上述实施例中,所述子密钥包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the subkey includes at least one of the following:
对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
可选的,本发明的上述实施例中,所述安全相关信息包括下述至少一项:Optionally, in the foregoing embodiment of the present invention, the security-related information includes at least one of the following:
所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
综上,本发明实施例中网络侧设备接收终端上报的其支持的安全相关信息,并根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。To sum up, in the embodiment of the present invention, the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
需要说明的是,本发明的上述实施例提供的网络侧设备是能够执行上述信息接收方法的网络侧设备,则上述信息接收方法的所有实施例均适用于该网络侧设备,且均能达到相同或相似的有益效果。It should be noted that the network-side device provided by the above-mentioned embodiment of the present invention is a network-side device capable of executing the above-mentioned information receiving method, and all the embodiments of the above-mentioned information receiving method are applicable to the network-side device, and can achieve the same Or similar beneficial effects.
优选的,本发明实施例还提供一种通信设备,该通信设备为网络侧设备,包括处理器,存储器,存储在存储器上并可在所述处理器上运行的计算机程序,该计算机程序被处理器执行时实现上述信息接收方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Preferably, the embodiment of the present invention further provides a communication device, the communication device is a network side device, including a processor, a memory, a computer program stored in the memory and running on the processor, and the computer program is processed When the device is executed, each process of the above-mentioned information receiving method embodiment is realized, and the same technical effect can be achieved. In order to avoid repetition, details are not repeated here.
本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述信息接收方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等。The embodiment of the present invention also provides a computer-readable storage medium, and a computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above-mentioned information receiving method embodiment is realized, and the same technology can be achieved. The effect, in order to avoid repetition, will not be repeated here. Wherein, the computer-readable storage medium, such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk, or optical disk, etc.
图5为实现本发明各个实施例的一种终端的硬件结构示意图,该终端500包括但不限于:射频单元501、网络模块502、音频输出单元503、输入单元504、传感器505、显示单元506、用户输入单元507、接口单元508、存储器509、处理器510、以及电源511等部件。本领域技术人员可以理解,图5中示出的终端结构并不构成对终端的限定,终端可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。在本发明实施例中,终端包括但不限于手机、平板电脑、笔记本电脑、掌上电脑、车载终端、可穿戴设备、以及计步器等。5 is a schematic diagram of the hardware structure of a terminal for implementing various embodiments of the present invention. The terminal 500 includes but is not limited to: a radio frequency unit 501, a network module 502, an audio output unit 503, an input unit 504, a sensor 505, a display unit 506, User input unit 507, interface unit 508, memory 509, processor 510, power supply 511 and other components. Those skilled in the art can understand that the terminal structure shown in FIG. 5 does not constitute a limitation on the terminal, and the terminal may include more or fewer components than shown in the figure, or combine certain components, or arrange different components. In the embodiment of the present invention, the terminal includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.
射频单元501,用于向网络侧设备发送终端支持的安全相关信息。The radio frequency unit 501 is configured to send security related information supported by the terminal to the network side device.
综上,本发明实施例中终端向网络侧设备上报终端支持的安全相关信息,使得网络侧设备根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。In summary, in the embodiment of the present invention, the terminal reports the security-related information supported by the terminal to the network-side device, so that the network-side device configures the user plane security domain for the terminal according to the security-related information supported by the terminal, which can realize user plane security. Reasonable configuration of the domain.
需要说明的是,本发明的上述实施例提供的终端是能够执行上述信息上报方法的终端,则上述信息上报方法的所有实施例均适用于该终端,且均能 达到相同或相似的有益效果。It should be noted that the terminal provided in the foregoing embodiment of the present invention is a terminal capable of executing the foregoing information reporting method, and all the foregoing embodiments of the information reporting method are applicable to the terminal, and can achieve the same or similar beneficial effects.
应理解的是,本发明实施例中,射频单元501可用于收发信息或通话过程中,信号的接收和发送,具体的,将来自基站的下行数据接收后,给处理器510处理;另外,将上行的数据发送给基站。通常,射频单元501包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器、双工器等。此外,射频单元501还可以通过无线通信系统与网络和其他设备通信。It should be understood that, in the embodiment of the present invention, the radio frequency unit 501 can be used for receiving and sending signals in the process of sending and receiving information or talking. Specifically, after receiving the downlink data from the base station, it is processed by the processor 510; Uplink data is sent to the base station. Generally, the radio frequency unit 501 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 501 can also communicate with the network and other devices through a wireless communication system.
终端通过网络模块502为用户提供了无线的宽带互联网访问,如帮助用户收发电子邮件、浏览网页和访问流式媒体等。The terminal provides users with wireless broadband Internet access through the network module 502, such as helping users to send and receive emails, browse web pages, and access streaming media.
音频输出单元503可以将射频单元501或网络模块502接收的或者在存储器509中存储的音频数据转换成音频信号并且输出为声音。而且,音频输出单元503还可以提供与终端500执行的特定功能相关的音频输出(例如,呼叫信号接收声音、消息接收声音等等)。音频输出单元503包括扬声器、蜂鸣器以及受话器等。The audio output unit 503 can convert the audio data received by the radio frequency unit 501 or the network module 502 or stored in the memory 509 into an audio signal and output it as sound. Moreover, the audio output unit 503 may also provide audio output related to a specific function performed by the terminal 500 (for example, call signal reception sound, message reception sound, etc.). The audio output unit 503 includes a speaker, a buzzer, a receiver, and the like.
输入单元504用于接收音频或视频信号。输入单元504可以包括图形处理器(Graphics Processing Unit,GPU)5041和麦克风5042,图形处理器5041对在视频捕获模式或图像捕获模式中由图像捕获装置(如摄像头)获得的静态图片或视频的图像数据进行处理。处理后的图像帧可以显示在显示单元506上。经图形处理器5041处理后的图像帧可以存储在存储器509(或其它存储介质)中或者经由射频单元501或网络模块502进行发送。麦克风5042可以接收声音,并且能够将这样的声音处理为音频数据。处理后的音频数据可以在电话通话模式的情况下转换为可经由射频单元501发送到移动通信基站的格式输出。The input unit 504 is used to receive audio or video signals. The input unit 504 may include a graphics processing unit (GPU) 5041 and a microphone 5042. The graphics processor 5041 is configured to monitor images of still pictures or videos obtained by an image capture device (such as a camera) in a video capture mode or an image capture mode. Data is processed. The processed image frame may be displayed on the display unit 506. The image frame processed by the graphics processor 5041 may be stored in the memory 509 (or other storage medium) or sent via the radio frequency unit 501 or the network module 502. The microphone 5042 can receive sound, and can process such sound into audio data. The processed audio data can be converted into a format that can be sent to a mobile communication base station via the radio frequency unit 501 for output in the case of a telephone call mode.
终端500还包括至少一种传感器505,比如光传感器、运动传感器以及其他传感器。具体地,光传感器包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板5061的亮度,接近传感器可在终端500移动到耳边时,关闭显示面板5061和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别终端姿态(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;传感 器505还可以包括指纹传感器、压力传感器、虹膜传感器、分子传感器、陀螺仪、气压计、湿度计、温度计、红外线传感器等,在此不再赘述。The terminal 500 further includes at least one sensor 505, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor and a proximity sensor. The ambient light sensor can adjust the brightness of the display panel 5061 according to the brightness of the ambient light. The proximity sensor can close the display panel 5061 and/or when the terminal 500 is moved to the ear. Or backlight. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three-axis), and can detect the magnitude and direction of gravity when stationary, and can be used to identify terminal gestures (such as horizontal and vertical screen switching, related games, Magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; sensor 505 can also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared Sensors, etc., will not be repeated here.
显示单元506用于显示由用户输入的信息或提供给用户的信息。显示单元506可包括显示面板5061,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板5061。The display unit 506 is used to display information input by the user or information provided to the user. The display unit 506 may include a display panel 5061, and the display panel 5061 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), etc.
用户输入单元507可用于接收输入的数字或字符信息,以及产生与终端的用户设置以及功能控制有关的键信号输入。具体地,用户输入单元507包括触控面板5071以及其他输入设备5072。触控面板5071,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板5071上或在触控面板5071附近的操作)。触控面板5071可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器510,接收处理器510发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板5071。除了触控面板5071,用户输入单元507还可以包括其他输入设备5072。具体地,其他输入设备5072可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆,在此不再赘述。The user input unit 507 can be used to receive inputted number or character information, and generate key signal input related to user settings and function control of the terminal. Specifically, the user input unit 507 includes a touch panel 5071 and other input devices 5072. The touch panel 5071, also known as a touch screen, can collect the user's touch operations on or near it (for example, the user uses any suitable objects or accessories such as fingers, stylus, etc.) on the touch panel 5071 or near the touch panel 5071. operate). The touch panel 5071 may include two parts: a touch detection device and a touch controller. Among them, the touch detection device detects the user's touch position, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it To the processor 510, the command sent by the processor 510 is received and executed. In addition, the touch panel 5071 can be implemented in multiple types such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the touch panel 5071, the user input unit 507 may also include other input devices 5072. Specifically, other input devices 5072 may include, but are not limited to, a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, and joystick, which will not be repeated here.
进一步的,触控面板5071可覆盖在显示面板5061上,当触控面板5071检测到在其上或附近的触摸操作后,传送给处理器510以确定触摸事件的类型,随后处理器510根据触摸事件的类型在显示面板5061上提供相应的视觉输出。虽然在图5中,触控面板5071与显示面板5061是作为两个独立的部件来实现终端的输入和输出功能,但是在某些实施例中,可以将触控面板5071与显示面板5061集成而实现终端的输入和输出功能,具体此处不做限定。Further, the touch panel 5071 can be overlaid on the display panel 5061. When the touch panel 5071 detects a touch operation on or near it, it is transmitted to the processor 510 to determine the type of touch event, and then the processor 510 determines the type of the touch event according to the touch. The type of event provides corresponding visual output on the display panel 5061. Although in FIG. 5, the touch panel 5071 and the display panel 5061 are used as two independent components to implement the input and output functions of the terminal, in some embodiments, the touch panel 5071 and the display panel 5061 can be integrated. Realize the input and output functions of the terminal, the specifics are not limited here.
接口单元508为外部装置与终端500连接的接口。例如,外部装置可以包括有线或无线头戴式耳机端口、外部电源(或电池充电器)端口、有线或无线数据端口、存储卡端口、用于连接具有识别模块的装置的端口、音频输入/输出(I/O)端口、视频I/O端口、耳机端口等等。接口单元508可以用于接收来 自外部装置的输入(例如,数据信息、电力等等)并且将接收到的输入传输到终端500内的一个或多个元件或者可以用于在终端500和外部装置之间传输数据。The interface unit 508 is an interface for connecting an external device to the terminal 500. For example, the external device may include a wired or wireless headset port, an external power source (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device with an identification module, audio input/output (I/O) port, video I/O port, headphone port, etc. The interface unit 508 may be used to receive input (for example, data information, power, etc.) from an external device and transmit the received input to one or more elements in the terminal 500 or may be used to communicate between the terminal 500 and the external device. Transfer data between.
存储器509可用于存储软件程序以及各种数据。存储器509可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器509可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 509 can be used to store software programs and various data. The memory 509 may mainly include a storage program area and a storage data area. The storage program area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; Data created by the use of mobile phones (such as audio data, phone book, etc.), etc. In addition, the memory 509 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
处理器510是终端的控制中心,利用各种接口和线路连接整个终端的各个部分,通过运行或执行存储在存储器509内的软件程序和/或模块,以及调用存储在存储器509内的数据,执行终端的各种功能和处理数据,从而对终端进行整体监控。处理器510可包括一个或多个处理单元;优选的,处理器510可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器510中。The processor 510 is the control center of the terminal. It uses various interfaces and lines to connect various parts of the entire terminal. Various functions of the terminal and processing data, so as to monitor the terminal as a whole. The processor 510 may include one or more processing units; preferably, the processor 510 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, application programs, etc., and the modem The processor mainly deals with wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 510.
终端500还可以包括给各个部件供电的电源511(比如电池),优选的,电源511可以通过电源管理系统与处理器510逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。The terminal 500 may also include a power source 511 (such as a battery) for supplying power to various components. Preferably, the power source 511 may be logically connected to the processor 510 through a power management system, so as to manage charging, discharging, and power consumption management through the power management system. Function.
另外,终端500包括一些未示出的功能模块,在此不再赘述。In addition, the terminal 500 includes some functional modules not shown, which will not be repeated here.
图6是本发明一实施例的网络侧设备的结构图,能够实现上述的信息接收方法的细节,并达到相同的效果。如图6所示,网络侧设备1200包括:处理器1201、收发机1202、存储器1203和总线接口,其中:Fig. 6 is a structural diagram of a network side device according to an embodiment of the present invention, which can realize the details of the above-mentioned information receiving method and achieve the same effect. As shown in FIG. 6, the network side device 1200 includes: a processor 1201, a transceiver 1202, a memory 1203, and a bus interface, where:
处理器1201,用于读取存储器1203中的程序,执行下列过程:The processor 1201 is configured to read a program in the memory 1203 and execute the following process:
接收终端发送的所述终端支持的安全相关信息;Receiving the security related information supported by the terminal and sent by the terminal;
根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。According to the security related information supported by the terminal, a user plane security domain is configured for the terminal.
综上,本发明实施例中网络侧设备接收终端上报的其支持的安全相关信息,并根据所述终端支持的安全相关信息,为所述终端配置用户面安全域,能够实现用户面安全域的合理配置。To sum up, in the embodiment of the present invention, the network side device receives the security related information reported by the terminal and configures the user plane security domain for the terminal according to the security related information supported by the terminal, which can realize the user plane security domain. Reasonable configuration.
需要说明的是,本发明的上述实施例提供的网络侧设备是能够执行上述信息接收方法的网络侧设备,则上述信息接收方法的所有实施例均适用于该网络侧设备,且均能达到相同或相似的有益效果。It should be noted that the network-side device provided by the above-mentioned embodiment of the present invention is a network-side device capable of executing the above-mentioned information receiving method, and all the embodiments of the above-mentioned information receiving method are applicable to the network-side device, and can achieve the same Or similar beneficial effects.
在图6中,总线架构可以包括任意数量的互联的总线和桥,具体由处理器1201代表的一个或多个处理器和存储器1203代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口提供接口。收发机1202可以是多个元件,即包括发送机和接收机,提供用于在传输介质上与各种其他装置通信的单元。In FIG. 6, the bus architecture may include any number of interconnected buses and bridges. Specifically, one or more processors represented by the processor 1201 and various circuits of the memory represented by the memory 1203 are linked together. The bus architecture can also link various other circuits such as peripherals, voltage regulators, power management circuits, etc., which are all known in the art, and therefore, will not be further described herein. The bus interface provides the interface. The transceiver 1202 may be a plurality of elements, that is, including a transmitter and a receiver, and provide a unit for communicating with various other devices on the transmission medium.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that in this article, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, It also includes other elements that are not explicitly listed, or elements inherent to the process, method, article, or device. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article, or device that includes the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to make a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present invention.
上面结合附图对本发明的实施例进行了描述,但是本发明并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本发明的启示下,在不脱离本发明宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本发明的保护之内。The embodiments of the present invention are described above with reference to the accompanying drawings, but the present invention is not limited to the above-mentioned specific embodiments. The above-mentioned specific embodiments are only illustrative and not restrictive. Those of ordinary skill in the art are Under the enlightenment of the present invention, many forms can be made without departing from the purpose of the present invention and the scope of protection of the claims, and they all fall within the protection of the present invention.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护 范围应以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. It should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (24)

  1. 一种信息上报方法,应用于终端,包括:An information reporting method, applied to a terminal, includes:
    向网络侧设备发送终端支持的安全相关信息。Send security-related information supported by the terminal to the network side device.
  2. 根据权利要求1所述的方法,其特征在于,所述安全相关信息包括下述至少一项:The method according to claim 1, wherein the safety-related information includes at least one of the following:
    终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
    终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
    终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
  3. 根据权利要求1所述的方法,其中,所述安全相关信息包括下述至少一项:The method according to claim 1, wherein the safety-related information includes at least one of the following:
    终端支持的密钥的数量;The number of keys supported by the terminal;
    终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
    终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
    终端支持的子密钥的数量。The number of subkeys supported by the terminal.
  4. 根据权利要求3所述的方法,其中,所述子密钥包括下述至少一项:The method according to claim 3, wherein the subkey includes at least one of the following:
    对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
    对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
    对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
    对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
  5. 根据权利要求1所述的方法,其中,所述安全相关信息包括下述至少一项:The method according to claim 1, wherein the safety-related information includes at least one of the following:
    所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
    支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
  6. 一种信息接收方法,应用于网络侧设备,包括:An information receiving method, applied to a network side device, includes:
    接收终端发送的所述终端支持的安全相关信息;Receiving the security related information supported by the terminal and sent by the terminal;
    根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。According to the security related information supported by the terminal, a user plane security domain is configured for the terminal.
  7. 根据权利要求6所述的方法,其中,所述安全相关信息包括下述至少一项:The method according to claim 6, wherein the safety-related information includes at least one of the following:
    终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
    终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
    终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
  8. 根据权利要求6所述的方法,其中,所述安全相关信息包括下述至少一项:The method according to claim 6, wherein the safety-related information includes at least one of the following:
    终端支持的密钥的数量;The number of keys supported by the terminal;
    终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
    终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
    终端支持的子密钥的数量。The number of subkeys supported by the terminal.
  9. 根据权利要求8所述的方法,其中,所述子密钥包括下述至少一项:The method according to claim 8, wherein the subkey includes at least one of the following:
    对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
    对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
    对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
    对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
  10. 根据权利要求6所述的方法,其中,所述安全相关信息包括下述至少一项:The method according to claim 6, wherein the safety-related information includes at least one of the following:
    所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
    支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
  11. 一种终端,包括:A terminal including:
    发送模块,用于向网络侧设备发送终端支持的安全相关信息。The sending module is used to send security related information supported by the terminal to the network side device.
  12. 根据权利要求11所述的终端,其中,所述安全相关信息包括下述至少一项:The terminal according to claim 11, wherein the security-related information includes at least one of the following:
    终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
    终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
    终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
  13. 根据权利要求11所述的终端,其中,所述安全相关信息包括下述至少一项:The terminal according to claim 11, wherein the security-related information includes at least one of the following:
    终端支持的密钥的数量;The number of keys supported by the terminal;
    终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
    终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
    终端支持的子密钥的数量。The number of subkeys supported by the terminal.
  14. 根据权利要求13所述的终端,其中,所述子密钥包括下述至少一项:The terminal according to claim 13, wherein the subkey includes at least one of the following:
    对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
    对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
    对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
    对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
  15. 根据权利要求11所述的终端,其中,所述安全相关信息包括下述至少一项:The terminal according to claim 11, wherein the security-related information includes at least one of the following:
    所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
    支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
  16. 一种网络侧设备,包括:A network side device, including:
    接收模块,用于接收终端发送的所述终端支持的安全相关信息;The receiving module is used to receive the security related information supported by the terminal and sent by the terminal;
    配置模块,用于根据所述终端支持的安全相关信息,为所述终端配置用户面安全域。The configuration module is used to configure the user plane security domain for the terminal according to the security related information supported by the terminal.
  17. 根据权利要求16所述的网络侧设备,其中,所述安全相关信息包括下述至少一项:The network side device according to claim 16, wherein the security related information includes at least one of the following:
    终端支持的用户面安全域的数量;The number of user plane security domains supported by the terminal;
    终端支持的用户面安全域的类型;The type of user plane security domain supported by the terminal;
    终端支持的用户面安全域的等级。The level of the user plane security domain supported by the terminal.
  18. 根据权利要求16所述的网络侧设备,其中,所述安全相关信息包括下述至少一项:The network side device according to claim 16, wherein the security related information includes at least one of the following:
    终端支持的密钥的数量;The number of keys supported by the terminal;
    终端支持的非接入层密钥的数量;The number of non-access layer keys supported by the terminal;
    终端支持的接入层密钥的数量;The number of access layer keys supported by the terminal;
    终端支持的子密钥的数量。The number of subkeys supported by the terminal.
  19. 根据权利要求18所述的网络侧设备,其中,所述子密钥包括下述至少一项:The network side device according to claim 18, wherein the subkey includes at least one of the following:
    对无线资源控制RRC加密的子密钥;The subkey for RRC encryption of radio resource control;
    对RRC完整性保护的子密钥;The subkey for RRC integrity protection;
    对数据无线承载DRB上的数据加密的子密钥;The subkey for data encryption on the data radio bearer DRB;
    对DRB上数据完整性保护的子密钥。The subkey to protect the integrity of the data on the DRB.
  20. 根据权利要求16所述的网络侧设备,其中,所述安全相关信息包括下述至少一项:The network side device according to claim 16, wherein the security related information includes at least one of the following:
    所述终端支持的每个用户面安全域支持的最大完整性保护数据速率;The maximum integrity protection data rate supported by each user plane security domain supported by the terminal;
    支持目标完整性保护数据速率的用户面安全域的数量。The number of user plane security domains that support the target integrity protection data rate.
  21. 一种通信设备,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求1至5中任一项所述的信息上报方法的步骤;或者,所述计算机程序被所述处理器执行时实现如权利要求6至10中任一项所述的信息接收方法的步骤。A communication device comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor. The computer program is executed by the processor to implement any of claims 1 to 5 One of the steps of the information reporting method; or, when the computer program is executed by the processor, the steps of the information receiving method according to any one of claims 6 to 10 are implemented.
  22. 一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如权利要求1至5中任一项所述的信息上报方法的步骤;或者,所述计算机程序被处理器执行时实现如权利要求6至10中任一项所述的信息接收方法的步骤。A computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the information reporting method according to any one of claims 1 to 5 are realized; or When the computer program is executed by a processor, the steps of the information receiving method according to any one of claims 6 to 10 are implemented.
  23. 一种计算机程序产品,所述计算机程序产品被至少一个处理器执行以实现如权利要求1至5中任一项所述的信息上报方法,或者,如权利要求6至10中任一项所述的信息接收方法。A computer program product that is executed by at least one processor to implement the information reporting method according to any one of claims 1 to 5, or, as described in any one of claims 6 to 10 Method of receiving information.
  24. 一种通信设备,用于执行如权利要求1至5中任一项所述的信息上报方法,或者,如权利要求6至10中任一项所述的信息接收方法。A communication device for executing the information reporting method according to any one of claims 1 to 5, or the information receiving method according to any one of claims 6 to 10.
PCT/CN2021/079650 2020-03-09 2021-03-09 Information reporting method, information receiving method, terminal, and network side divice WO2021180051A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010157851.2 2020-03-09
CN202010157851.2A CN113381966B (en) 2020-03-09 2020-03-09 Information reporting method, information receiving method, terminal and network side equipment

Publications (1)

Publication Number Publication Date
WO2021180051A1 true WO2021180051A1 (en) 2021-09-16

Family

ID=77568478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/079650 WO2021180051A1 (en) 2020-03-09 2021-03-09 Information reporting method, information receiving method, terminal, and network side divice

Country Status (2)

Country Link
CN (1) CN113381966B (en)
WO (1) WO2021180051A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023151586A1 (en) * 2022-02-11 2023-08-17 维沃移动通信有限公司 Method for reporting target plane capability of network function instance or network element, method for acquiring target plane capability of network function instance or network element, and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023216035A1 (en) * 2022-05-07 2023-11-16 Oppo广东移动通信有限公司 Security domain management method and apparatus, device, storage medium and program product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108307389A (en) * 2016-09-26 2018-07-20 中兴通讯股份有限公司 Data security protection method, network access equipment and terminal
WO2018196852A1 (en) * 2017-04-28 2018-11-01 维沃移动通信有限公司 Integrity detection method, terminal and network device
CN109618335A (en) * 2017-05-05 2019-04-12 华为技术有限公司 A kind of communication means and relevant apparatus
CN110830988A (en) * 2018-08-08 2020-02-21 维沃移动通信有限公司 Security updating method, network device and terminal

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1172775A1 (en) * 2000-07-10 2002-01-16 Proton World International (Pwi) Method for protecting an access to a secured domain
KR100580844B1 (en) * 2003-12-17 2006-05-16 한국전자통신연구원 Data security and apply device in wireless local area network system and method thereof
CN101001252A (en) * 2006-06-25 2007-07-18 华为技术有限公司 Registration method and consultation method and device of user safety algorithmic
FR2911023B1 (en) * 2006-12-29 2009-04-17 Radiotelephone Sfr METHOD FOR SECURING A DATA STREAM
CN101378591B (en) * 2007-08-31 2010-10-27 华为技术有限公司 Method, system and device for negotiating safety capability when terminal is moving
CN101582882B (en) * 2008-10-10 2011-04-20 华为技术有限公司 Access method, network system and device
CN102056157B (en) * 2009-11-04 2013-09-11 电信科学技术研究院 Method, system and device for determining keys and ciphertexts
CN102215511B (en) * 2010-04-02 2015-07-22 电信科学技术研究院 Method, system and equipment for reporting MDT (Mean Down Time) measuring result
CN102487503B (en) * 2010-12-06 2014-04-16 中国航空工业集团公司第六三一研究所 Method for managing multi-stage security dynamic group security keys
CN105306406A (en) * 2014-05-26 2016-02-03 中国移动通信集团公司 Negotiation method of authentication and key negotiation algorithm, network side equipment and user equipment
WO2017180068A1 (en) * 2016-04-11 2017-10-19 Phientharntham Suthirak Key storage device which be accessed by biometric key storage system and support several users
CN108810874B (en) * 2017-05-05 2021-04-09 中国移动通信有限公司研究院 Terminal capability information reporting and receiving method, terminal and network side equipment
CN109413005A (en) * 2017-08-17 2019-03-01 中兴通讯股份有限公司 Data stream transmitting method of controlling security and device
CN117979378A (en) * 2017-09-30 2024-05-03 华为技术有限公司 Security protection method, device and system
AU2017439057A1 (en) * 2017-11-10 2020-06-18 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Information transmission method, network device and terminal device
CN109361655B (en) * 2017-11-17 2019-08-16 华为技术有限公司 A kind of method and device of safeguard protection
CN110035431A (en) * 2018-01-12 2019-07-19 中国移动通信有限公司研究院 Information processing method and device, network entity and storage medium
CN110121168B (en) * 2018-02-06 2021-09-21 华为技术有限公司 Security negotiation method and device
CN112616145B (en) * 2018-04-04 2022-09-13 中兴通讯股份有限公司 Techniques for managing integrity protection
AU2019249939B2 (en) * 2018-04-06 2021-09-30 Telefonaktiebolaget Lm Ericsson (Publ) UE controlled handling of the security policy for user plane protection in 5G systems
CN110769418B (en) * 2018-07-26 2022-06-28 维沃移动通信有限公司 Key updating method, terminal and network side equipment
GB2581392A (en) * 2019-02-15 2020-08-19 Nec Corp Communications systems
GB2582827A (en) * 2019-04-05 2020-10-07 Nec Corp Communication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108307389A (en) * 2016-09-26 2018-07-20 中兴通讯股份有限公司 Data security protection method, network access equipment and terminal
WO2018196852A1 (en) * 2017-04-28 2018-11-01 维沃移动通信有限公司 Integrity detection method, terminal and network device
CN109618335A (en) * 2017-05-05 2019-04-12 华为技术有限公司 A kind of communication means and relevant apparatus
CN110830988A (en) * 2018-08-08 2020-02-21 维沃移动通信有限公司 Security updating method, network device and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "Security for split CU", 3GPP DRAFT; R3-180437 SECURITY FOR SPLIT CU, vol. RAN WG3, 12 January 2018 (2018-01-12), Sophia Antipolis, France, pages 1 - 4, XP051387461 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023151586A1 (en) * 2022-02-11 2023-08-17 维沃移动通信有限公司 Method for reporting target plane capability of network function instance or network element, method for acquiring target plane capability of network function instance or network element, and device

Also Published As

Publication number Publication date
CN113381966B (en) 2023-09-26
CN113381966A (en) 2021-09-10

Similar Documents

Publication Publication Date Title
WO2020216243A1 (en) Method for transmitting indication information and communication device
WO2021004317A1 (en) Transmission antenna switching method and terminal device
US11617219B2 (en) Bearer configuration method for RRC connection reestablishment, terminal, and network device
WO2020216209A1 (en) Method and apparatus for indicating spatial relation information, and communication device
US11800431B2 (en) Access control method, message broadcasting method, and related devices
WO2021121180A1 (en) Information processing method and electronic device
WO2021057965A1 (en) Capability parameter determination method, uplink scheduling method, terminal and network side device
WO2021180051A1 (en) Information reporting method, information receiving method, terminal, and network side divice
US11910235B2 (en) Data processing method, information configuration method, terminal, and network device
WO2021129835A1 (en) Volume control method and device, and computer-readable storage medium
WO2021204056A1 (en) Gateway access method and electronic device
WO2020228537A1 (en) Resource determination method, resource indication method, terminal and network side device
US20210105651A1 (en) Measurement gap processing method, terminal, and network node
WO2020228529A1 (en) Configuration method, device and system for semi-static scheduling configuration
US11375497B2 (en) Power configuration method and terminal
WO2020020029A1 (en) Key update method, terminal, and network side device
WO2021155806A1 (en) Reference time information acquisition method, information send/receive method, and related device
WO2021175244A1 (en) Authorization and policy parameter configuration method, terminal, and network functions
WO2021027681A1 (en) Auxiliary information report method and configuration method, terminal, and network side device
WO2021083108A1 (en) File compression method, file decompression method, and electronic device
WO2020249116A1 (en) Measurement method, device and system
CN114765755A (en) Information transmission method, terminal and network equipment
WO2020244477A1 (en) Sending method and receiving method for network identification information, and communication device
WO2021164681A1 (en) Decoding method, decoding configuration method, terminal, and network-side device
WO2021185325A1 (en) Call processing method and electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21768808

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 22/02/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21768808

Country of ref document: EP

Kind code of ref document: A1