WO2021192059A1 - Terminal and communication method - Google Patents

Terminal and communication method Download PDF

Info

Publication number
WO2021192059A1
WO2021192059A1 PCT/JP2020/013116 JP2020013116W WO2021192059A1 WO 2021192059 A1 WO2021192059 A1 WO 2021192059A1 JP 2020013116 W JP2020013116 W JP 2020013116W WO 2021192059 A1 WO2021192059 A1 WO 2021192059A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
base station
packets
count value
unit
Prior art date
Application number
PCT/JP2020/013116
Other languages
French (fr)
Japanese (ja)
Inventor
高橋 秀明
アルフ ツーゲンマイヤー
Original Assignee
株式会社Nttドコモ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Nttドコモ filed Critical 株式会社Nttドコモ
Priority to PCT/JP2020/013116 priority Critical patent/WO2021192059A1/en
Publication of WO2021192059A1 publication Critical patent/WO2021192059A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present invention relates to a terminal and a communication method in a wireless communication system.
  • NR New Radio
  • LTE Long Term Evolution
  • XOR exclusive OR
  • NEA New Radio Encryption Algorithms
  • Key change on-the-fly includes updating the key to the latest key (key refresh) or regenerating the key (re-keying). It is possible to apply "key refresh", which is a procedure for updating a key to the latest key, to KgNB, KRRC-enc, KRRC-int, KUP-enc, and KUP-int.
  • key refresh is started by gNB / ng-eNB.
  • the base station will use the same COUNT value again when it is about to be used. Perform "key refresh”. However, if the same COUNT value is about to be used again and the base station does not perform "key refresh", the terminal may use the same COUNT value again.
  • a bearer for transmitting one or more data units is set in the base station, and each data unit of the one or more data units is divided into one or a plurality of packets.
  • a count value for sequentially counting the number of transmitted data units is maintained, and each data unit of the one or a plurality of data units is supported.
  • a specific algorithm with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters for the one or more packets.
  • a control unit that encrypts the one or more packets by applying the key stream calculated by the above, and a transmission unit that transmits the encrypted one or more packets to the base station by the bearer.
  • the control unit is the first of the one or more data units to have a specific count value assigned to the first transmitted data unit of the one or more data units.
  • a terminal is provided that, when detected to apply to a data unit other than the transmitted data unit, initiates a reconnection procedure for a connection with the base station.
  • a method for reducing the possibility that the same COUNT value is reused for the transmission of encrypted data in the same bearer is provided.
  • the wireless communication system in the following embodiments is basically assumed to be LTE compliant, which is an example, and the wireless communication system in the present embodiment is a part or all of the radios other than LTE. It may be compliant with a communication system (eg LTE-A, NR).
  • a communication system eg LTE-A, NR.
  • FIG. 1 is a diagram showing an example of a configuration of a wireless communication system according to the present embodiment.
  • the wireless communication system according to the present embodiment includes a terminal 10 and a base station 20 (which may be a base station simulator).
  • FIG. 1 shows one terminal 10 and one base station 20, this is an example, and there may be a plurality of each.
  • a base station simulator is used instead of the base station 20, instead of forming a cell as shown in FIG. 1, a fading simulator and an attenuator are used between the base station simulator and the terminal 10.
  • the test environment may be configured by connecting the base station simulator and the terminal 10 with a coaxial cable or the like after interposing such as.
  • the terminal 10 is a communication device having a wireless communication function such as a smartphone, a mobile phone, a tablet, a wearable terminal, and a communication module for M2M (Machine-to-Machine), and is wirelessly connected to the base station 20 by a wireless communication system. Use the various communication services provided.
  • the base station 20 is a communication device that provides one or more cells and wirelessly communicates with the terminal 10.
  • the duplex system may be a TDD (Time Division Duplex) system or an FDD (Frequency Division Duplex) system.
  • a predetermined value is pre-configured in the base station 20 or the terminal 10. This may be the case, or it may be assumed that the base station 20 or the terminal 10 is pre-configured, or the radio parameter notified from the base station 20 or the terminal 10 is set. It may be set.
  • the base station 20 is a communication device that provides one or more cells and performs wireless communication with the terminal 10.
  • the physical resources of the radio signal are defined in the time domain and the frequency domain, the time domain may be defined by the number of OFDM symbols (slots, subframes, symbols, time resources shorter than the symbols, etc.), and the frequency domain may be. It may be defined by the number of subcarriers or the number of resource blocks.
  • the base station 20 transmits a synchronization signal and system information to the terminal 10. Synchronous signals are, for example, NR-PSS and NR-SSS. A part of the system information is transmitted by, for example, NR-PBCH, and is also referred to as broadcast information.
  • the synchronization signal and the broadcast information may be periodically transmitted as an SS block (SS / PBCH block) composed of a predetermined number of OFDM symbols.
  • the base station 20 transmits a control signal or data to the terminal 10 by DL (Downlink), and receives the control signal or data from the terminal 10 by UL (Uplink). Both the base station 20 and the terminal 10 can perform beamforming to transmit and receive signals.
  • the reference signal transmitted from the base station 20 includes CSI-RS (Channel State Information Reference Signal), and the channels transmitted from the base station 20 are PDCCH (Physical Downlink Control Channel) and PDSCH (Physical Digital). including.
  • RRC security mechanisms The outline of the RRC security procedure will be described below.
  • RRC integrity mechanisms The integrity protection of the RRC is provided by the PDCP layer between the terminal 10 and the base station 20. Integrity protection is not applied to layers below PDCP.
  • replay protection is activated.
  • the receiver can accept each received PDCP COUNT value only once when using the same AS security context.
  • NIA New Radio Integrity algorithms
  • MESSAGE as an RRC message
  • K RRCint which is a 128-bit integrity key
  • BEARER which is a 5-bit bearer identifier
  • BEARER which indicates the transmission direction with 1 bit.
  • DIRECTION and "COUNT” (corresponding to 32-bit "PDCP COUNT”), which is a 32-bit input that depends on the bearer-specific direction.
  • the integrity check of RRC is performed on the base station 20 side and the terminal 10 side. If the integrity check detects an error, the associated message is discarded.
  • RRC confidentiality mechanisms The RRC's confidentiality protection is provided by the PDCP layer between the terminal 10 and the base station 20.
  • NEA New Radio Encryption Algorithms
  • KRRCen the 128-bit encryption key
  • BEARER the 5-bit bearer identifier
  • DOORER the 1-bit “DIRECTION” indicating the transmission direction
  • DEVICE the 1-bit "DIRECTION” indicating the transmission direction
  • DEVICE the 1-bit "DIRECTION” indicating the transmission direction
  • DEVICE the 1-bit "DIRECTION” indicating the transmission direction
  • DEVICE 1-bit “DIRECTION” indicating the transmission direction
  • LENGTH” and COUNT (corresponding to 32-bit "PDCP COUNT”) which is a 32-bit input depending on the direction peculiar to the bearer.
  • FIG. 2 is a diagram showing an example of layering of keys used in NR. Keys associated with authentication include K, CK / IK.
  • the key hierarchy includes KAUSF, KSEAF, KAMF, KNASint, KNASenc, KN3IWF, KgNB, KRRCint, KRRCenc, KUPint, and KUPenc.
  • KAUSF and KSEAF are the keys for AUSF (Authentication Server Function) in the home network.
  • KAUSF is derived from CK and IK.
  • KSEA is an anchor key derived from KAUSF.
  • KAMF is a key for AMF (Access and Mobility Management Function) of the serving network.
  • KAMF is derived from KSEAF.
  • KNASint and KNASenc are the keys for NAS (Non Access Stratum) signaling.
  • KNASint and KNASenc are derived from KAMF.
  • KgNB is a key for NG-RAN (Next Generation-Radio Access Network). KgNB is derived from KAMF. KgNB is used between the terminal 10 and the base station 20.
  • KUPenc and KUPint are the keys for uplink traffic.
  • KUPenc and KUPint are derived from KgNB.
  • KUPenc is only used to protect uplink traffic with cryptographic algorithms.
  • KUPint is used only to protect the uplink traffic between the terminal 10 and the base station 20 by the integrity algorithm.
  • KRRCint and KRRCenc are the keys for RRC (Radio Resource Control) signaling.
  • KRRCint and KRRCenc are derived from KgNB.
  • KRRCint is only used to protect RRC signaling through integrity algorithms.
  • KRRCenc is only used to protect RRC signaling by cryptographic algorithms.
  • FIG. 3 is a diagram showing an operation example of an encryption algorithm (ciphering algorithm).
  • the input parameters for the encryption algorithm are 128-bit encryption key "KEY”, 32-bit “COUNT”, 5-bit bearer identifier "BEARER”, 1-bit transmission direction “DIRECTION”, and key stream. Includes “LENGTH” indicating the length of. In the case of uplink transmission, the bit of "DIRECTION” is 0, and in the case of downlink transmission, the bit of "DIRECTION" is 1.
  • FIG. 3 shows an example of an encryption algorithm NEA that encrypts plaintext by applying a keystream using bit-by-bit addition of plaintext and keystream.
  • the plaintext can be restored by generating the same keystream with the same input parameters and applying bit-by-bit binary addition to the ciphertext.
  • the algorithm Based on the input parameters, the algorithm generates an output keystream block KEYSTREAM, which is used to encrypt the input plaintext block PLAINIT, which produces the ciphertext block CIPHERTEXT.
  • the input parameter "LENGTH" is used to adjust the length of the KEYSTREAM BLOCK.
  • FIG. 4 is a diagram showing an operation example of the integrity algorithm.
  • the input parameters for the integrity algorithm are the 128-bit encryption key "KEY”, the 32-bit “COUNT”, the 5-bit bearer identifier "BEARER”, the 1-bit transmission direction "DIRECTION", and the message itself. Includes “MESSAGE”. In the case of uplink transmission, the bit of "DIRECTION” is 0, and in the case of downlink transmission, the bit of "DIRECTION” is 1. The bit length of "MESSAGE” is "LENGTH”.
  • FIG. 4 shows an example of using the integrity algorithm NIA to authenticate the integrity of a message.
  • the sender uses the integrity algorithm NIA to calculate a 32-bit message authentication code (MAC-I / NAS-MAC).
  • MAC-I / NAS-MAC 32-bit message authentication code
  • the message verification code is added to the message.
  • the receiver calculates the expected message authentication code (XMAC-I / XNAS-) based on the received message in the same way that the sender calculates the message authentication code based on the message sent by the sender.
  • MAC is calculated and the data integrity of the message is verified by comparing the expected message authentication code (XMAC-I / XNAS-MAC) with the received authentication code (MAC-I / NAS-MAC).
  • NR in the case of LTE, a stream encryption method is adopted for data encryption, in which the data and the key stream are encrypted by exclusive OR (XOR). In this method, it is important that the key stream is not reused.
  • NEA the NR encryption algorithm, only produces a finite length key stream. Therefore, in order to avoid reuse of the key stream, it is conceivable to change the key used for generating the key stream at an arbitrary timing, for example, at the time of handover.
  • Key change on-the-fly includes updating the key to the latest key (key refresh) or regenerating the key (re-keying). It is possible to apply "key refresh", which is a procedure for updating a key to the latest key, to KgNB, KRRC-enc, KRRC-int, KUP-enc, and KUP-int.
  • key refresh is started by gNB / ng-eNB.
  • FIG. 5 is a diagram showing an example of a procedure in which the terminal 10 autonomously prevents the reuse of the same COUNT value.
  • step S101 the terminal 10 starts the data transmission procedure.
  • step S102 the terminal 10 sets the encryption key as an input parameter for the encryption algorithm applied to the transmission of data in a bearer, and sets the count value TX_NEXT to 0.
  • step S103 the terminal 10 receives the PDU (Packet Data Convergence Protocol) SDU (Service Data Unit) from the upper layer as the data to be transmitted.
  • PDU Packet Data Convergence Protocol
  • SDU Service Data Unit
  • step S104 the terminal 10 associates the count value TX_NEXT with the PDCP SDU.
  • step S105 the terminal 10 generates one or a plurality of PDCP PDUs (Protocol Data Units) corresponding to the PDCU SDU.
  • step S106 the terminal 10 applies the encryption key and the count value TX_NEXT to the encryption algorithm to encrypt one or more PDCP PDUs.
  • PDCP PDUs Protocol Data Units
  • step S107 the terminal 10 increments the count value TX_NEXT by 1.
  • step S108 the terminal 10 determines whether or not the count value TX_NEXT is 0. If the terminal 10 determines in step S108 that the count value TX_NEXT is not 0, the process proceeds to step S109. The terminal 10 transmits one or more PDCP PDUs encrypted in step S109. If the terminal 10 determines in step S108 that the count value TX_NEXT is 0, the process proceeds to step S111. That is, even if the base station 20 side does not activate the encryption key update process, the terminal 10 autonomously advances the process to step S111.
  • step S111 the terminal 10 activates the RRC connection re-establishment procedure. Specifically, the terminal 10 transmits an RRC Request request message to the base station 20. The base station 20 transmits an RRCRestation message to the terminal 10 in response to receiving the RRCReestivalRequest message from the terminal 10. When the terminal 10 receives the RRC Recovery message, the terminal 10 updates the encryption key used for transmitting the data.
  • step S110 the terminal 10 determines whether or not the next PDCP SDU has been received from the upper layer. If it is determined by the terminal 10 that the next PDCP SDU has been received from the upper layer in step S110, the process proceeds to step S104. After that, the terminal 10 performs the above-mentioned processing on the next PDCP SDU. If the terminal 10 determines in step S110 that the next PDCP SDU has not been received from the upper layer, the process proceeds to step S112, and the data transmission process ends.
  • the terminal 10 can update the encryption key by activating the procedure of RRC connection re-station. Even if the network does not perform security key refresh and the same COUNT value may be reused for the transmission of data to which the same encryption key is applied by the same bearer, the terminal 10 performs the reconnection process. By autonomously executing the above, it is possible to prevent the reuse of the COUNT value by closing the terminal 10 regardless of the operation of the network.
  • the terminal 10 manages the COUNT value and transmits (or receives) data using the same cipher key and the same bearer.
  • the terminal 10 may activate the procedure of RRC connection re-establishment.
  • COUNTER An independent counter
  • COUNTER is maintained at the terminal 10 for each radio bearer and each transmission direction.
  • COUNTER is used as an input parameter for encryption and integrity algorithms. It is not permissible for the same COUNT value to be used twice for the same bearer and the same encryption key.
  • the procedure for updating the encryption key is applied.
  • the terminal 10 activates the RRC connection re-establishment.
  • the terminal 10 may activate the procedure of RRC connection re-establishment.
  • the terminal 10 When data is transmitted (or data is received) using the same encryption key and the same bearer, when the COUNT value reaches the maximum value, the terminal 10 is set to the RRC connection re-establishment. You may initiate the procedure.
  • the COUNT value may be represented by 32 bits, and the maximum value of the COUNT value may be 2 ⁇ 32-1.
  • the COUNT value When the COUNT value is represented by another number of bits, the COUNT value may be the maximum value among the numerical values that can be represented by the other number of bits.
  • the terminal when the COUNT value first reaches the specific COUNT value specified in the specifications. 10 may activate the procedure of RRC connection re-establishment.
  • the COUNT value is set by the base station 20 (for example, by RRC signaling).
  • the terminal 10 may activate the RRC connection re-establishment procedure.
  • the terminal 10 When data is transmitted (or data is received) using the same encryption key and with the same bearer, and the COUNT value is wrapped around the number of times specified in the specifications, the terminal 10 May initiate the RRC connection re-establishment procedure.
  • the COUNT value goes around the number of times set by the base station 20 (for example, by RRC signaling).
  • the terminal 10 may activate the procedure of RRC connection re-establishment.
  • a cipher algorithm and a cipher key are mainly used.
  • the examples are not limited to the above-mentioned examples.
  • the integrity algorithm may be used instead of the encryption algorithm, and the integrity key may be used instead of the encryption key.
  • the terminal 10 and the base station 20 have all the functions described in the present embodiment. However, the terminal 10 and the base station 20 may have only a part of all the functions described in the present embodiment.
  • FIG. 6 is a diagram showing an example of the functional configuration of the terminal 10. As shown in FIG. 6, the terminal 10 has a transmitting unit 110, a receiving unit 120, and a control unit 130.
  • the functional configuration shown in FIG. 6 is only an example. Any function classification and name of the functional unit may be used as long as the operation according to the present embodiment can be executed.
  • the transmission unit 110 creates a transmission signal from the transmission data and wirelessly transmits the transmission signal.
  • the receiving unit 120 wirelessly receives various signals and acquires a signal of a higher layer from the received signal of the physical layer. Further, the receiving unit 120 includes a measuring unit that measures the received signal and acquires the received power and the like.
  • the control unit 130 controls the terminal 10.
  • the function of the control unit 130 related to transmission may be included in the transmission unit 110, and the function of the control unit 130 related to reception may be included in the reception unit 120.
  • the control unit 130 of the terminal 10 sets a bearer for transmitting one or a plurality of data units to the base station 20, and converts each data unit of the one or a plurality of data units into one or a plurality of packets.
  • a count value for sequentially counting the number of transmitted data units is maintained, and each data unit among the one or a plurality of data units is subjected to.
  • the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key are specified as input parameters for the one or more packets.
  • the key stream calculated by the algorithm of may be applied to encrypt the one or more packets.
  • the transmission unit 110 of the terminal 10 may transmit one or more packets to the base station 20 by the bearer described above.
  • the control unit 130 is the data to be transmitted first among the data units whose specific count value is one or more assigned to the data unit to be transmitted first among one or a plurality of data units.
  • the reconnection procedure regarding the connection with the base station 20 may be activated.
  • the reconnection procedure may be an RRC connection re-establishment procedure.
  • the receiving unit 120 of the terminal 10 when the receiving unit 120 of the terminal 10 is sequentially transmitted from the base station in a bearer in which each data unit of one or a plurality of data units is divided into one or a plurality of packets, the receiving unit 120 is said to be the same from the base station 20. Each data unit of one or more data units transmitted in the bearer may be received.
  • the control unit 130 of the terminal 10 maintains a count value for counting the number of received data units and receives one or a plurality of packets corresponding to each data unit among the one or a plurality of data units.
  • At least the bearer's identifier, the count value corresponding to the data unit, and the key stream calculated by the specific algorithm are applied to the one or more packets as input parameters.
  • the one or more packets may be decrypted.
  • the control unit 130 has a specific count value assigned to the first received data unit among the one or more data units other than the first received data unit among the one or more data units.
  • the reconnection procedure regarding the connection with the base station 20 may be activated.
  • the reconnection procedure may be an RRC connection re-establishment procedure.
  • FIG. 7 is a diagram showing an example of the functional configuration of the base station 20.
  • the base station 20 includes a transmission unit 210, a reception unit 220, and a control unit 230.
  • the functional configuration shown in FIG. 7 is only an example. Any function classification and name of the functional unit may be used as long as the operation according to the present embodiment can be executed.
  • the transmission unit 210 includes a function of generating a signal to be transmitted to the terminal 10 side and transmitting the signal wirelessly.
  • the receiving unit 220 includes a function of receiving various signals transmitted from the terminal 10 and acquiring information of, for example, a higher layer from the received signals. Further, the receiving unit 220 includes a measuring unit that measures the received signal and acquires the received power and the like.
  • the control unit 230 controls the base station 20.
  • the function of the control unit 230 related to transmission may be included in the transmission unit 210, and the function of the control unit 230 related to reception may be included in the reception unit 220.
  • the receiving unit 220 of the base station 20 when the receiving unit 220 of the base station 20 is sequentially transmitted from the terminal 10 in a bearer in which each data unit of one or a plurality of data units is divided into one or a plurality of packets, the receiving unit 220 is said to be the same from the terminal 10. Each data unit of one or more data units transmitted in the bearer may be received.
  • the control unit 230 of the base station 20 maintains a count value for counting the number of received data units and receives one or a plurality of packets corresponding to each data unit among the one or a plurality of data units.
  • At least the bearer's identifier, the count value corresponding to the data unit, and the key stream calculated by the specific algorithm are applied to the one or more packets as input parameters.
  • the one or more packets may be decrypted.
  • the control unit 230 may execute the reconnection procedure.
  • the reconnection procedure may be an RRC connection re-establishment procedure.
  • the control unit 230 of the base station 20 sets a bearer for transmitting one or a plurality of data units to the terminal 10, and each data unit of the one or a plurality of data units is converted into one or a plurality of packets.
  • the count value for sequentially counting the number of transmitted data units is maintained, and each data unit of the one or a plurality of data units is supported.
  • the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key are used as input parameters for the one or more packets.
  • the key stream calculated by the algorithm may be applied to encrypt the one or more packets.
  • the transmission unit 210 of the base station 20 may transmit one or a plurality of encrypted packets to the terminal 10 by the bearer described above.
  • the control unit 230 may execute the reconnection procedure.
  • the reconnection procedure may be an RRC connection re-establishment procedure.
  • each functional block may be realized by using one device that is physically or logically connected, or directly or indirectly (for example, by two or more devices that are physically or logically separated). , Wired, wireless, etc.) and may be realized using these plurality of devices.
  • the functional block may be realized by combining the software with the one device or the plurality of devices.
  • Functions include judgment, decision, judgment, calculation, calculation, processing, derivation, investigation, search, confirmation, reception, transmission, output, access, solution, selection, selection, establishment, comparison, assumption, expectation, and assumption. Broadcasting, notifying, communicating, forwarding, configuring, reconfiguring, allocating, mapping, assigning, etc., but limited to these I can't.
  • a functional block (component) that functions transmission is called a transmitting unit or a transmitter.
  • the method of realizing each of them is not particularly limited.
  • the terminal 10 and the base station 20 in one embodiment of the present invention may both function as computers that perform processing according to the present embodiment.
  • FIG. 8 is a diagram showing an example of the hardware configuration of the terminal 10 and the base station 20 according to the present embodiment.
  • the terminal 10 and the base station 20 may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like. ..
  • the word “device” can be read as a circuit, device, unit, etc.
  • the hardware configuration of the terminal 10 and the base station 20 may be configured to include one or more of the devices shown in 1001 to 1006 shown in the figure, or may be configured not to include some of the devices. May be good.
  • the processor 1001 For each function of the terminal 10 and the base station 20, the processor 1001 performs calculations by loading predetermined software (programs) on hardware such as the processor 1001 and the memory 1002, and controls communication by the communication device 1004. It is realized by controlling at least one of reading and writing of data in the memory 1002 and the storage 1003.
  • Processor 1001 operates, for example, an operating system to control the entire computer.
  • the processor 1001 may be configured by a central processing unit (CPU: Central Processing Unit) including an interface with a peripheral device, a control device, an arithmetic unit, a register, and the like.
  • CPU Central Processing Unit
  • the processor 1001 reads a program (program code), a software module, data, etc. from at least one of the storage 1003 and the communication device 1004 into the memory 1002, and executes various processes according to these.
  • a program program code
  • the control unit 130 of the terminal 10 may be realized by a control program stored in the memory 1002 and operating in the processor 1001, and may be realized in the same manner for other functional blocks.
  • the above-mentioned various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001.
  • Processor 1001 may be implemented by one or more chips.
  • the program may be transmitted from the network via a telecommunication line.
  • the memory 1002 is a computer-readable recording medium, and is composed of at least one such as a ROM (Read Only Memory), an EPROM (Erasable Programmable ROM), an EEPROM (Electrically Erasable Programmable ROM), and a RAM (Random Access Memory). May be done.
  • the memory 1002 may be referred to as a register, a cache, a main memory (main storage device), or the like.
  • the memory 1002 can store a program (program code), a software module, or the like that can be executed to implement the wireless communication method according to the embodiment of the present disclosure.
  • the storage 1003 is a computer-readable recording medium, and is, for example, an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, an optical magnetic disk (for example, a compact disk, a digital versatile disk, or a Blu-ray). It may consist of at least one (registered trademark) disk), smart card, flash memory (eg, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like.
  • the storage 1003 may be referred to as an auxiliary storage device.
  • the storage medium described above may be, for example, a database, server or other suitable medium containing at least one of the memory 1002 and the storage 1003.
  • the communication device 1004 is hardware (transmission / reception device) for communicating between computers via at least one of a wired network and a wireless network, and is also referred to as, for example, a network device, a network controller, a network card, a communication module, or the like.
  • the communication device 1004 includes, for example, a high frequency switch, a duplexer, a filter, a frequency synthesizer, and the like in order to realize at least one of frequency division duplex (FDD: Frequency Division Duplex) and time division duplex (TDD: Time Division Duplex). It may be composed of.
  • FDD Frequency Division Duplex
  • TDD Time Division Duplex
  • the transmission unit 110, the reception unit 120, and the like described above may be realized by the communication device 1004. Further, the transmitting unit 110 and the receiving unit 120 may be physically or logically separated from each other.
  • the input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that receives an input from the outside.
  • the output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that outputs to the outside.
  • the input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).
  • each device such as the processor 1001 and the memory 1002 is connected by the bus 1007 for communicating information.
  • the bus 1007 may be configured by using a single bus, or may be configured by using a different bus for each device.
  • the terminal 10 and the base station 20 are hardware such as a microprocessor, a digital signal processor (DSP: Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), a PLD (Programmable Logic Device), and an FPGA (Field Programmable Gate Array), respectively. It may be configured to include hardware, and a part or all of each functional block may be realized by the hardware. For example, processor 1001 may be implemented using at least one of these hardware.
  • a bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or a plurality of packets, and the divided one or a plurality of data units are divided.
  • sequentially transmitting packets maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units.
  • a key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters.
  • the control unit includes a control unit that encrypts the one or more packets, and a transmission unit that transmits the encrypted one or more packets to the base station by the bearer.
  • the specific count value assigned to the first transmitted data unit is the data unit other than the first transmitted data unit of the one or more data units.
  • the terminal when data is transmitted by the same bearer, when the COUNT value 0 is about to be reused, the terminal can be used even if the base station does not update the encryption key. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
  • each data unit of one or a plurality of data units is sequentially transmitted from a base station in a bearer divided into one or a plurality of packets, one or a plurality of data transmitted from the base station in the bearer.
  • a receiving unit that receives each data unit among the units and a count value that sequentially counts the number of the received data units are maintained, and one or one corresponding to each data unit among the one or a plurality of data units.
  • the control unit includes a control unit that applies the key stream to be decrypted and decodes the one or more packets, and the control unit receives the first data unit among the one or a plurality of data units.
  • the control unit receives the first data unit among the one or a plurality of data units.
  • the terminal when data is received by the same bearer, the terminal can be used even if the base station does not update the encryption key when the COUNT value 0 is about to be reused. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
  • the control unit transmits the specific count value assigned to the first transmitted data unit of the one or more data units to the first of the one or more data units.
  • the reconnection procedure regarding the connection with the base station is activated. You may.
  • the COUNT value 0 when data is received by the same bearer, the COUNT value 0 is about to be reused, and the base station does not start the encryption key update process. Perform the reconnect procedure.
  • the base station activates the encryption key update process, the terminal can update the encryption key by the update process.
  • the control unit may update the encryption key when it receives a signal from the base station instructing reconnection related to the connection.
  • the terminal can autonomously update the encryption key.
  • the control unit may activate the reconnection procedure when the count value reaches the maximum value or the minimum value.
  • the terminal can prevent the COUNT value from being reused when transmitting data with the same bearer.
  • a bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or more packets, and the divided one or more data units are divided.
  • When transmitting packets sequentially maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units.
  • a key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters. The step of encrypting the one or more packets and the step of transmitting the encrypted one or more packets to the base station by the bearer.
  • the specific count value assigned to the first transmitted data unit is the data unit other than the first transmitted data unit of the one or more data units.
  • a method of communication by a terminal comprising a step of invoking a reconnection procedure relating to a connection with the base station when it is detected that the application is applied to.
  • the terminal when data is transmitted by the same bearer, when the COUNT value 0 is about to be reused, the terminal can be used even if the base station does not update the encryption key. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
  • the operation of the plurality of functional units may be physically performed by one component, or the operation of one functional unit may be physically performed by a plurality of components.
  • the processing order may be changed as long as there is no contradiction.
  • the terminal 10 and the base station 20 have been described with reference to functional block diagrams, but such devices may be implemented in hardware, software, or a combination thereof.
  • the software operated by the processor of the terminal 10 according to the embodiment of the present invention and the software operated by the processor of the base station 20 according to the embodiment of the present invention are random access memory (RAM), flash memory, and read-only memory, respectively. It may be stored in (ROM), EPROM, EEPROM, registers, hard disk (HDD), removable disk, CD-ROM, database, server or any other suitable storage medium.
  • information notification includes physical layer signaling (for example, DCI (Downlink Control Information), UCI (Uplink Control Information)), higher layer signaling (for example, RRC (Radio Resource Control) signaling, MAC (Medium Access Control) signaling, etc. It may be carried out by notification information (MIB (Master Information Block), SIB (System Information Block)), other signals, or a combination thereof.
  • RRC signaling may be called an RRC message, and may be, for example, an RRC connection setup (RRC Connection Setup) message, an RRC connection reconfiguration (RRC Connection Reconfiguration) message, or the like.
  • Each aspect / embodiment described in the present disclosure includes LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G (4th generation mobile communication system), and 5G (5th generation mobile communication).
  • system FRA (Future Radio Access), NR (new Radio), W-CDMA (registered trademark), GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi (registered trademark)) )), LTE 802.16 (WiMAX®), LTE 802.20, UWB (Ultra-WideBand), Bluetooth®, and other systems that utilize suitable systems and have been extended based on these. It may be applied to at least one of the next generation systems. Further, a plurality of systems may be applied in combination (for example, a combination of at least one of LTE and LTE-A and 5G).
  • the specific operation performed by the base station 20 in the present disclosure may be performed by its upper node.
  • various operations performed for communication with a terminal are performed by the base station 20 and other network nodes other than the base station 20 (for example,). , MME, S-GW, etc., but not limited to these).
  • MME Mobility Management Entity
  • S-GW Packet Control Function
  • the case where there is one network node other than the base station 20 is illustrated above, it may be a combination of a plurality of other network nodes (for example, MME and S-GW).
  • the input / output information and the like may be stored in a specific location (for example, memory) or may be managed using a management table. Input / output information and the like can be overwritten, updated, or added. The output information and the like may be deleted. The input information or the like may be transmitted to another device.
  • the determination may be made by a value represented by 1 bit (0 or 1), by a boolean value (Boolean: true or false), or by comparing numerical values (for example, a predetermined value). It may be done by comparison with the value).
  • the notification of predetermined information (for example, the notification of "being X") is not limited to the explicit one, but is performed implicitly (for example, the notification of the predetermined information is not performed). May be good.
  • Software whether referred to as software, firmware, middleware, microcode, hardware description language, or other names, is an instruction, instruction set, code, code segment, program code, program, subprogram, software module.
  • Applications, software applications, software packages, routines, subroutines, objects, executable files, execution threads, procedures, functions, etc. should be broadly interpreted.
  • software, instructions, information, etc. may be transmitted and received via a transmission medium.
  • the software uses at least one of wired technology (coaxial cable, optical fiber cable, twisted pair, digital subscriber line (DSL: Digital Subscriber Line), etc.) and wireless technology (infrared, microwave, etc.) to create a website.
  • wired technology coaxial cable, optical fiber cable, twisted pair, digital subscriber line (DSL: Digital Subscriber Line), etc.
  • wireless technology infrared, microwave, etc.
  • the information, signals, etc. described in this disclosure may be represented using any of a variety of different techniques.
  • data, instructions, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description are voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields or photons, or any of these. It may be represented by a combination of.
  • a channel and a symbol may be a signal (signaling).
  • the signal may be a message.
  • the component carrier CC: Component Carrier
  • CC Component Carrier
  • system and “network” used in this disclosure are used interchangeably.
  • information, parameters, etc. described in the present disclosure may be expressed using absolute values, relative values from predetermined values, or using other corresponding information. It may be represented.
  • the radio resource may be one indicated by an index.
  • base station Base Station
  • wireless base station fixed station
  • NodeB NodeB
  • eNodeB eNodeB
  • gNodeB gNodeB
  • Base stations are sometimes referred to by terms such as macrocells, small cells, femtocells, and picocells.
  • the base station can accommodate one or more (for example, three) cells.
  • a base station accommodates multiple cells, the entire coverage area of the base station can be divided into multiple smaller areas, each smaller area being a base station subsystem (eg, a small indoor base station (RRH:)).
  • Communication services can also be provided by Remote Radio Head).
  • the term "cell” or “sector” refers to part or all of the coverage area of at least one of the base stations and base station subsystems that provide communication services in this coverage. Point to.
  • MS Mobile Station
  • UE User Equipment
  • Mobile stations can be used by those skilled in the art as subscriber stations, mobile units, subscriber units, wireless units, remote units, mobile devices, wireless devices, wireless communication devices, remote devices, mobile subscriber stations, access terminals, mobile terminals, wireless. It may also be referred to as a terminal, remote terminal, handset, user agent, mobile client, client, or some other suitable term.
  • At least one of the base station and the mobile station may be called a transmitting device, a receiving device, a communication device, or the like. At least one of the base station and the mobile station may be a device mounted on the mobile body, the mobile body itself, or the like.
  • the moving body may be a vehicle (for example, a car, an airplane, etc.), an unmanned moving body (for example, a drone, an autonomous vehicle, etc.), or a robot (manned or unmanned type). ) May be.
  • at least one of the base station and the mobile station includes a device that does not necessarily move during communication operation.
  • at least one of the base station and the mobile station may be an IoT (Internet of Things) device such as a sensor.
  • IoT Internet of Things
  • the base station in the present disclosure may be read by the user terminal.
  • communication between a base station and a user terminal has been replaced with communication between a plurality of user terminals (for example, it may be referred to as D2D (Device-to-Device), V2X (Vehicle-to-Everything), etc.).
  • D2D Device-to-Device
  • V2X Vehicle-to-Everything
  • Each aspect / embodiment of the present disclosure may be applied to the configuration.
  • the terminal 10 may have the function of the base station 20 described above.
  • words such as "up” and “down” may be read as words corresponding to communication between terminals (for example, "side”).
  • the upstream channel, the downstream channel, and the like may be read as a side channel.
  • the user terminal in the present disclosure may be read as a base station.
  • the base station 20 may have the functions of the terminal 10 described above.
  • connection means any direct or indirect connection or connection between two or more elements, and each other. It can include the presence of one or more intermediate elements between two “connected” or “combined” elements.
  • the connections or connections between the elements may be physical, logical, or a combination thereof.
  • connection may be read as "access”.
  • the two elements use at least one of one or more wires, cables and printed electrical connections, and, as some non-limiting and non-comprehensive examples, the radio frequency domain. Can be considered to be “connected” or “coupled” to each other using electromagnetic energy having wavelengths in the microwave and light (both visible and invisible) regions.
  • the reference signal can also be abbreviated as RS (Reference Signal), and may be called a pilot depending on the applicable standard.
  • RS Reference Signal
  • the term "A and B are different” may mean “A and B are different from each other”.
  • the term may mean that "A and B are different from C”.
  • Terms such as “separate” and “combined” may be interpreted in the same way as “different”.
  • Terminal 110 Transmitter 120 Receiver 130 Control 20
  • Base station 210 Transmitter 220 Receiver 230
  • Control 1001 Processor 1002 Memory
  • Storage 1004 Communication device
  • Input device 1006 Output device

Abstract

 Provided is a terminal comprising: a control unit which applies a keystream calculated by a specific algorithm to one or a plurality of packets, with at least a bearer identifier, a count value corresponding to a data unit, and a specific encryption key as input parameters, and which encrypts said one or plurality of packets; and a transmission unit which uses the bearer to transmit the encrypted one or plurality of packets to a base station, wherein if it is detected that a specific count value assigned to the data unit that is transmitted first out of the one or plurality of data units is applied to a data unit other than the data unit that is transmitted first out of the one or plurality of data units, then the control unit starts up a reconnection procedure pertaining to a connection with the base station.

Description

端末及び通信方法Terminal and communication method
 本発明は、無線通信システムにおける端末及び通信方法に関する。 The present invention relates to a terminal and a communication method in a wireless communication system.
 NR(New Radio)の場合、LTE(Long Term Evolution)の場合と同様に、データの暗号化については、データとキーストリームを排他的論理和(XOR)することにより暗号化するストリーム暗号方式が採用されている。この方式では、キーストリームが再利用されないことが重要である。NRのエンクリプションアルゴリズムであるNEA(New Radio Encryption Algorithms)は、有限長のキーストリームを生成するだけである。そこで、キーストリームの再利用を避けるためには、キーストリームを生成するのに使われる鍵を、例えば、ハンドオーバ時など、任意のタイミングで変更できるようにすることが考えられる。 In the case of NR (New Radio), as in the case of LTE (Long Term Evolution), a stream encryption method that encrypts data and key stream by exclusive OR (XOR) is adopted for data encryption. Has been done. In this method, it is important that the key stream is not reused. NEA (New Radio Encryption Algorithms), which is an NR encryption algorithm, only generates a key stream of a finite length. Therefore, in order to avoid reuse of the key stream, it is conceivable to change the key used for generating the key stream at an arbitrary timing, for example, at the time of handover.
 「key change on-the-fly」は、鍵を最新の鍵に更新すること(key refresh)、又は鍵を再生成すること(re-keying)を含む。KgNB、KRRC-enc、KRRC-int、KUP-enc、及びKUP-intに対して、鍵を最新の鍵に更新する手順である「key refresh」を適用することが可能である。ここで、特定のPDCP COUNTの値が、同一のベアラ識別子及び同一のKgNBに対して再度使用され掛けた場合には、gNB/ng-eNBにより、「key refresh」が起動される。 "Key change on-the-fly" includes updating the key to the latest key (key refresh) or regenerating the key (re-keying). It is possible to apply "key refresh", which is a procedure for updating a key to the latest key, to KgNB, KRRC-enc, KRRC-int, KUP-enc, and KUP-int. Here, when a specific PDCP COUNT value is used again for the same bearer identifier and the same KgNB, "key refresh" is started by gNB / ng-eNB.
 同じCOUNT値(すなわち、同じキーストリーム)が同一のベアラでのデータの送信に対して2回使用されることを防止するために、基地局は、同じCOUNT値が再度使用され掛けた場合に、「key refresh」を行う。しかしながら、同じCOUNT値が再度使用され掛けた場合に、基地局が「key refresh」を行わない場合には、端末は同じCOUNT値を再度使用する可能性がある。 To prevent the same COUNT value (ie, the same key stream) from being used twice for the transmission of data in the same bearer, the base station will use the same COUNT value again when it is about to be used. Perform "key refresh". However, if the same COUNT value is about to be used again and the base station does not perform "key refresh", the terminal may use the same COUNT value again.
 同一のベアラでの暗号化されたデータの送信に対して、同じCOUNT値が再利用される可能性を低減する方法が必要とされている。 There is a need for a method to reduce the possibility that the same COUNT value will be reused for the transmission of encrypted data with the same bearer.
 本発明の一態様によれば、基地局に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化する制御部と、前記暗号化された1又は複数のパケットを前記ベアラで前記基地局に対して送信する送信部と、を備え、前記制御部は、前記1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動する、端末、が提供される。 According to one aspect of the present invention, a bearer for transmitting one or more data units is set in the base station, and each data unit of the one or more data units is divided into one or a plurality of packets. , In the case of sequentially transmitting the divided one or a plurality of packets, a count value for sequentially counting the number of transmitted data units is maintained, and each data unit of the one or a plurality of data units is supported. When transmitting one or more packets, a specific algorithm with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters for the one or more packets. A control unit that encrypts the one or more packets by applying the key stream calculated by the above, and a transmission unit that transmits the encrypted one or more packets to the base station by the bearer. , The control unit is the first of the one or more data units to have a specific count value assigned to the first transmitted data unit of the one or more data units. A terminal is provided that, when detected to apply to a data unit other than the transmitted data unit, initiates a reconnection procedure for a connection with the base station.
 実施例によれば、同一のベアラでの暗号化されたデータの送信に対して、同じCOUNT値が再利用される可能性を低減する方法が提供される。 According to the embodiment, a method for reducing the possibility that the same COUNT value is reused for the transmission of encrypted data in the same bearer is provided.
本実施の形態における通信システムの構成の例を示す図である。It is a figure which shows the example of the structure of the communication system in this embodiment. NRで使用される鍵の階層化の例を示す図である。It is a figure which shows the example of the layering of the key used in NR. 暗号化アルゴリズム(ciphering algorithm)の動作例を示す図である。It is a figure which shows the operation example of the encryption algorithm (ciphering algorithm). インテグリティアルゴリズム(integrity algorithm)の動作例を示す図である。It is a figure which shows the operation example of the integrity algorithm. 端末が自律的に同じCOUNT値の再利用を防止する手順の例を示す図である。It is a figure which shows the example of the procedure which the terminal autonomously prevents the reuse of the same COUNT value. 端末の機能構成の一例を示す図である。It is a figure which shows an example of the functional structure of a terminal. 基地局の機能構成の一例を示す図である。It is a figure which shows an example of the functional structure of a base station. 端末及び基地局のハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware composition of a terminal and a base station.
 以下、図面を参照して本発明の実施の形態を説明する。なお、以下で説明する実施の形態は一例に過ぎず、本発明が適用される実施の形態は、以下の実施の形態には限定されない。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. The embodiments described below are merely examples, and the embodiments to which the present invention is applied are not limited to the following embodiments.
 以下の実施の形態における無線通信システムは基本的にLTEに準拠することを想定しているが、それは一例であり、本実施の形態における無線通信システムはその一部又は全部において、LTE以外の無線通信システム(例:LTE-A、NR)に準拠していてもよい。 The wireless communication system in the following embodiments is basically assumed to be LTE compliant, which is an example, and the wireless communication system in the present embodiment is a part or all of the radios other than LTE. It may be compliant with a communication system (eg LTE-A, NR).
 (システム全体構成)
 図1は、本実施の形態に係る無線通信システムの構成の例を示す図である。本実施の形態に係る無線通信システムは、図1に示すように、端末10及び基地局20(基地局シミュレータであってもよい)を含む。図1には、端末10及び基地局20が1つずつ示されているが、これは例であり、それぞれ複数であってもよい。なお、基地局20に代えて、基地局シミュレータを使用する場合には、図1に示されるようなセルを構成することに代えて、基地局シミュレータと端末10との間にフェージングシミュレータ、減衰器等を介在させた上で、基地局シミュレータと端末10とを同軸ケーブル等で接続することで、試験環境を構成してもよい。 (Overall system configuration)
FIG. 1 is a diagram showing an example of a configuration of a wireless communication system according to the present embodiment. As shown in FIG. 1, the wireless communication system according to the present embodiment includes a terminal 10 and a base station 20 (which may be a base station simulator). Although FIG. 1 shows one terminal 10 and one base station 20, this is an example, and there may be a plurality of each. When a base station simulator is used instead of the base station 20, instead of forming a cell as shown in FIG. 1, a fading simulator and an attenuator are used between the base station simulator and the terminal 10. The test environment may be configured by connecting the base station simulator and the terminal 10 with a coaxial cable or the like after interposing such as.
 端末10は、スマートフォン、携帯電話機、タブレット、ウェアラブル端末、M2M(Machine-to-Machine)用通信モジュール等の無線通信機能を備えた通信装置であり、基地局20に無線接続し、無線通信システムにより提供される各種通信サービスを利用する。基地局20は、1つ以上のセルを提供し、端末10と無線通信する通信装置である。 The terminal 10 is a communication device having a wireless communication function such as a smartphone, a mobile phone, a tablet, a wearable terminal, and a communication module for M2M (Machine-to-Machine), and is wirelessly connected to the base station 20 by a wireless communication system. Use the various communication services provided. The base station 20 is a communication device that provides one or more cells and wirelessly communicates with the terminal 10.
 本実施の形態において、複信(Duplex)方式は、TDD(Time Division Duplex)方式でもよいし、FDD(Frequency Division Duplex)方式でもよい。 In the present embodiment, the duplex system may be a TDD (Time Division Duplex) system or an FDD (Frequency Division Duplex) system.
 また、本発明の実施の形態において、無線パラメータ等が「設定される(Configure)」又は「規定される」とは、所定の値が基地局20又は端末10に予め設定(Pre-configure)されることであってもよいし、基地局20又は端末10に予め設定(Pre-configure)されることを想定することであってもよいし、基地局20又は端末10から通知される無線パラメータが設定されることであってもよい。 Further, in the embodiment of the present invention, when the radio parameter or the like is "configured" or "defined", a predetermined value is pre-configured in the base station 20 or the terminal 10. This may be the case, or it may be assumed that the base station 20 or the terminal 10 is pre-configured, or the radio parameter notified from the base station 20 or the terminal 10 is set. It may be set.
 基地局20は、1つ以上のセルを提供し、端末10と無線通信を行う通信装置である。無線信号の物理リソースは、時間領域及び周波数領域で定義され、時間領域はOFDMシンボル数(スロット、サブフレーム、シンボル、シンボルより短い時間リソース等でもよい)で定義されてもよいし、周波数領域はサブキャリア数又はリソースブロック数で定義されてもよい。基地局20は、同期信号及びシステム情報を端末10に送信する。同期信号は、例えば、NR-PSS及びNR-SSSである。システム情報の一部は、例えば、NR-PBCHにて送信され、報知情報ともいう。同期信号及び報知情報は、所定数のOFDMシンボルから構成されるSSブロック(SS/PBCH block)として周期的に送信されてもよい。例えば、基地局20は、DL(Downlink)で制御信号又はデータを端末10に送信し、UL(Uplink)で制御信号又はデータを端末10から受信する。基地局20及び端末10はいずれも、ビームフォーミングを行って信号の送受信を行うことが可能である。例えば、基地局20から送信される参照信号はCSI-RS(Channel State Information Reference Signal)を含み、基地局20から送信されるチャネルは、PDCCH(Physical Downlink Control Channel)及びPDSCH(Physical Downlink Shared Channel)を含む。 The base station 20 is a communication device that provides one or more cells and performs wireless communication with the terminal 10. The physical resources of the radio signal are defined in the time domain and the frequency domain, the time domain may be defined by the number of OFDM symbols (slots, subframes, symbols, time resources shorter than the symbols, etc.), and the frequency domain may be. It may be defined by the number of subcarriers or the number of resource blocks. The base station 20 transmits a synchronization signal and system information to the terminal 10. Synchronous signals are, for example, NR-PSS and NR-SSS. A part of the system information is transmitted by, for example, NR-PBCH, and is also referred to as broadcast information. The synchronization signal and the broadcast information may be periodically transmitted as an SS block (SS / PBCH block) composed of a predetermined number of OFDM symbols. For example, the base station 20 transmits a control signal or data to the terminal 10 by DL (Downlink), and receives the control signal or data from the terminal 10 by UL (Uplink). Both the base station 20 and the terminal 10 can perform beamforming to transmit and receive signals. For example, the reference signal transmitted from the base station 20 includes CSI-RS (Channel State Information Reference Signal), and the channels transmitted from the base station 20 are PDCCH (Physical Downlink Control Channel) and PDSCH (Physical Digital). including.
 (RRC security mechanisms)
 以下において、RRCセキュリティ手順の概要を説明する。 (RRC security mechanisms)
The outline of the RRC security procedure will be described below.
 (RRC integrity mechanisms)
 RRCのインテグリティプロテクション(integrity protection)は、端末10と基地局20との間のPDCPレイヤにより提供される。PDCPより下のレイヤに対して、インテグリティプロテクションは適用されない。 (RRC integrity mechanisms)
The integrity protection of the RRC is provided by the PDCP layer between the terminal 10 and the base station 20. Integrity protection is not applied to layers below PDCP.
 インテグリティプロテクションがアクティベートされると、リプレイプロテクション(replay protection)がアクティベートされる。リプレイプロテクションでは、受信機は、同じASセキュリティコンテクストを使用する場合には、受信される各PDCP COUNT値を一度だけ受け入れることができる。 When integrity protection is activated, replay protection is activated. In replay protection, the receiver can accept each received PDCP COUNT value only once when using the same AS security context.
 NIA(New Radio Integrity protection Algorithms)は、5Gのインテグリティアルゴリズムである。128ビットNIAアルゴリズムへの入力パラメータは、RRCメッセージとしての「MESSAGE」、128ビットのインテグリティキーである「KRRCint」、5ビットのベアラ識別子である「BEARER」、1ビットで送信の方向を示す「DIRECTION」、及びベアラ固有の方向に依存する32ビットのインプットである「COUNT」(32ビットの「PDCP COUNT」に対応する)である。 NIA (New Radio Integrity algorithms) is a 5G integrity algorithm. The input parameters to the 128-bit NIA algorithm are "MESSAGE" as an RRC message, "K RRCint " which is a 128-bit integrity key, "BEARER" which is a 5-bit bearer identifier, and "BEARER" which indicates the transmission direction with 1 bit. "DIRECTION" and "COUNT" (corresponding to 32-bit "PDCP COUNT"), which is a 32-bit input that depends on the bearer-specific direction.
 RRCのインテグリティチェックは、基地局20側及び端末10側で行われる。インテグリティチェックで誤りが検出された場合、関連するメッセージは破棄される。 The integrity check of RRC is performed on the base station 20 side and the terminal 10 side. If the integrity check detects an error, the associated message is discarded.
 (RRC confidentiality mechanisms)
 RRCのコンフィデンシャリティプロテクション(confidentiality protection)は、端末10と基地局20との間のPDCPレイヤにより提供される。 (RRC confidentiality mechanisms)
The RRC's confidentiality protection is provided by the PDCP layer between the terminal 10 and the base station 20.
 NEA(New Radio Encryption Algorithms)は、5Gのエンクリプションアルゴリズムである。128ビットNEAアルゴリズムへの入力パラメータは、128ビットの暗号鍵「KRRCenc」、5ビットのベアラ識別子である「BEARER」、1ビットで送信の方向を示す「DIRECTION」、必要なキーストリームの長さである「LENGTH」、及びベアラ固有の方向に依存する32ビットのインプットである「COUNT」(32ビットの「PDCP COUNT」に対応する)である。 NEA (New Radio Encryption Algorithms) is a 5G encryption algorithm. The input parameters to the 128-bit NEA algorithm are the 128-bit encryption key " KRRCen ", the 5-bit bearer identifier "BEARER", the 1-bit "DIRECTION" indicating the transmission direction, and the required key stream length. "LENGTH" and "COUNT" (corresponding to 32-bit "PDCP COUNT") which is a 32-bit input depending on the direction peculiar to the bearer.
 (鍵の階層化)
 図2は、NRで使用される鍵の階層化の例を示す図である。認証に関連する鍵は、K、CK/IKを含む。図2に示される例において、鍵の階層は、KAUSF、KSEAF、KAMF、KNASint、KNASenc、KN3IWF、KgNB、KRRCint、KRRCenc、KUPint、及びKUPencを含む。 (Key layering)
FIG. 2 is a diagram showing an example of layering of keys used in NR. Keys associated with authentication include K, CK / IK. In the example shown in FIG. 2, the key hierarchy includes KAUSF, KSEAF, KAMF, KNASint, KNASenc, KN3IWF, KgNB, KRRCint, KRRCenc, KUPint, and KUPenc.
 ここで、KAUSF及びKSEAFは、ホームネットワーク内のAUSF(Authentication Server Function)のための鍵である。KAUSFは、CK、IKから導出される。KSEAは、KAUSFから導出されるアンカーキーである。 Here, KAUSF and KSEAF are the keys for AUSF (Authentication Server Function) in the home network. KAUSF is derived from CK and IK. KSEA is an anchor key derived from KAUSF.
 KAMFは、サービングネットワークのAMF(Access and Mobility Management Function)のための鍵である。KAMFは、KSEAFから導出される。 KAMF is a key for AMF (Access and Mobility Management Function) of the serving network. KAMF is derived from KSEAF.
 KNASint及びKNASencは、NAS(Non Access Stratum)シグナリングのための鍵である。KNASint及びKNASencはKAMFから導出される。 KNASint and KNASenc are the keys for NAS (Non Access Stratum) signaling. KNASint and KNASenc are derived from KAMF.
 KgNBは、NG-RAN(Next Generation-Radio Access Network)のための鍵である。KgNBは、KAMFから導出される。KgNBは、端末10と基地局20との間で使用される。 KgNB is a key for NG-RAN (Next Generation-Radio Access Network). KgNB is derived from KAMF. KgNB is used between the terminal 10 and the base station 20.
 KUPenc及びKUPintは、アップリンクのトラフィックのための鍵である。KUPenc及びKUPintは、KgNBから導出される。KUPencは、暗号化アルゴリズムによりアップリンクのトラフィックを保護するためにのみ使用される。KUPintは、インテグリティアルゴリズムにより端末10と基地局20との間のアップリンクのトラフィックを保護するためにのみ使用される。 KUPenc and KUPint are the keys for uplink traffic. KUPenc and KUPint are derived from KgNB. KUPenc is only used to protect uplink traffic with cryptographic algorithms. KUPint is used only to protect the uplink traffic between the terminal 10 and the base station 20 by the integrity algorithm.
 KRRCint及びKRRCencは、RRC(Radio Resource Control)シグナリングのための鍵である。KRRCint及びKRRCencは、KgNBから導出される。KRRCintは、インテグリティアルゴリズムによりRRCシグナリングを保護するためにのみ使用される。KRRCencは、暗号化アルゴリズムによりRRCシグナリングを保護するためにのみ使用される。 KRRCint and KRRCenc are the keys for RRC (Radio Resource Control) signaling. KRRCint and KRRCenc are derived from KgNB. KRRCint is only used to protect RRC signaling through integrity algorithms. KRRCenc is only used to protect RRC signaling by cryptographic algorithms.
 図3は、暗号化アルゴリズム(ciphering algorithm)の動作例を示す図である。暗号化アルゴリズムに対する入力パラメータは、128ビットの暗号鍵である「KEY」、32ビットの「COUNT」、5ビットのベアラ識別子である「BEARER」、1ビットの送信方向を示す「DIRECTION」、キーストリームの長さを示す「LENGTH」を含む。アップリンクの送信の場合、「DIRECTION」のビットは0であり、ダウンリンクの送信の場合、「DIRECTION」のビットは1である。 FIG. 3 is a diagram showing an operation example of an encryption algorithm (ciphering algorithm). The input parameters for the encryption algorithm are 128-bit encryption key "KEY", 32-bit "COUNT", 5-bit bearer identifier "BEARER", 1-bit transmission direction "DIRECTION", and key stream. Includes "LENGTH" indicating the length of. In the case of uplink transmission, the bit of "DIRECTION" is 0, and in the case of downlink transmission, the bit of "DIRECTION" is 1.
 図3は、平文とキーストリームのビットごとのビット加算を使用してキーストリームを適用することにより平文を暗号化する暗号化アルゴリズムNEAの例を示している。暗号化された後、平文は、同じ入力パラメータを使用して同じキーストリームを生成し、暗号文にビットごとのバイナリ加算を適用することにより復元することができる。入力パラメータに基づき、アルゴリズムは、出力キーストリームブロックKEYSTREAMを生成し、KEYSTREAMは、入力平文ブロックPLAINTEXTを暗号化するために使用され、これにより暗号文ブロックCIPHERTEXTが生成される。入力パラメータ「LENGTH」は、KEYSTREAM BLOCKの長さを調整するために使用される。 FIG. 3 shows an example of an encryption algorithm NEA that encrypts plaintext by applying a keystream using bit-by-bit addition of plaintext and keystream. After being encrypted, the plaintext can be restored by generating the same keystream with the same input parameters and applying bit-by-bit binary addition to the ciphertext. Based on the input parameters, the algorithm generates an output keystream block KEYSTREAM, which is used to encrypt the input plaintext block PLAINIT, which produces the ciphertext block CIPHERTEXT. The input parameter "LENGTH" is used to adjust the length of the KEYSTREAM BLOCK.
 図4は、インテグリティアルゴリズム(integrity algorithm)の動作例を示す図である。インテグリティアルゴリズムに対する入力パラメータは、128ビットの暗号鍵である「KEY」、32ビットの「COUNT」、5ビットのベアラ識別子である「BEARER」、1ビットの送信方向を示す「DIRECTION」、及びメッセージそのものである「MESSAGE」を含む。アップリンクの送信の場合、「DIRECTION」のビットは0であり、ダウンリンクの送信の場合、「DIRECTION」のビットは1である。「MESSAGE」のビット長は、「LENGTH」である。 FIG. 4 is a diagram showing an operation example of the integrity algorithm. The input parameters for the integrity algorithm are the 128-bit encryption key "KEY", the 32-bit "COUNT", the 5-bit bearer identifier "BEARER", the 1-bit transmission direction "DIRECTION", and the message itself. Includes "MESSAGE". In the case of uplink transmission, the bit of "DIRECTION" is 0, and in the case of downlink transmission, the bit of "DIRECTION" is 1. The bit length of "MESSAGE" is "LENGTH".
 図4は、メッセージの整合性(integrity)を認証するためのインテグリティアルゴリズムNIAを使用する例を示している。これらの入力パラメータに基づき、送信側では、インテグリティアルゴリズムNIAを使用して、32ビットのメッセージ認証コード(MAC-I/NAS-MAC)を計算する。メッセージを送信する際に、メッセージ認証コードがメッセージに追加される。インテグリティ保護アルゴリズムの場合、受信側は、送信側で送信するメッセージに基づいてメッセージ認証コードを計算した方法と同じ方法により、受信したメッセージに基づき、予期されるメッセージ認証コード(XMAC-I/XNAS-MAC)を計算し、予期されるメッセージ認証コード(XMAC-I/XNAS-MAC)と受信した認証コード(MAC-I/NAS-MAC)とを比較することにより、メッセージのデータインテグリティを検証する。 FIG. 4 shows an example of using the integrity algorithm NIA to authenticate the integrity of a message. Based on these input parameters, the sender uses the integrity algorithm NIA to calculate a 32-bit message authentication code (MAC-I / NAS-MAC). When sending a message, the message verification code is added to the message. In the case of the integrity protection algorithm, the receiver calculates the expected message authentication code (XMAC-I / XNAS-) based on the received message in the same way that the sender calculates the message authentication code based on the message sent by the sender. MAC) is calculated and the data integrity of the message is verified by comparing the expected message authentication code (XMAC-I / XNAS-MAC) with the received authentication code (MAC-I / NAS-MAC).
 NRの場合、LTEの場合と同様に、データの暗号化については、データとキーストリームを排他的論理和(XOR)することにより暗号化する、ストリーム暗号方式が採用されている。この方式では、キーストリームが再利用されないことが重要である。NRのエンクリプションアルゴリズムであるNEAは、有限長のキーストリームを生成するだけである。そこで、キーストリームの再利用を避けるためには、キーストリームを生成するのに使われる鍵を、例えば、ハンドオーバ時など、任意のタイミングで変更できるようにすることが考えられる。 In the case of NR, as in the case of LTE, a stream encryption method is adopted for data encryption, in which the data and the key stream are encrypted by exclusive OR (XOR). In this method, it is important that the key stream is not reused. NEA, the NR encryption algorithm, only produces a finite length key stream. Therefore, in order to avoid reuse of the key stream, it is conceivable to change the key used for generating the key stream at an arbitrary timing, for example, at the time of handover.
 (key change on the fly)
 「key change on-the-fly」は、鍵を最新の鍵に更新すること(key refresh)、又は鍵を再生成すること(re-keying)を含む。KgNB、KRRC-enc、KRRC-int、KUP-enc、及びKUP-intに対して、鍵を最新の鍵に更新する手順である「key refresh」を適用することが可能である。ここで、特定のPDCP COUNTの値が、同一のベアラ識別子及び同一のKgNBに対して再度使用され掛けた場合には、gNB/ng-eNBにより、「key refresh」が開始される。 (Key change on the fly)
"Key change on-the-fly" includes updating the key to the latest key (key refresh) or regenerating the key (re-keying). It is possible to apply "key refresh", which is a procedure for updating a key to the latest key, to KgNB, KRRC-enc, KRRC-int, KUP-enc, and KUP-int. Here, when a specific PDCP COUNT value is used again for the same bearer identifier and the same KgNB, "key refresh" is started by gNB / ng-eNB.
 (課題について)
 つまり、同じCOUNT値(すなわち、同じキーストリーム)が同一のベアラでのデータの送信に対して2回使用されることを防止するために、基地局20は、同じCOUNT値が再度使用され掛けた場合に、「key refresh」を行う。しかしながら、同じCOUNT値が再度使用され掛けた場合に、基地局20が「key refresh」を行わない場合には、端末10は同じCOUNT値を再度使用する可能性がある。同一のベアラでのデータの送信に対して同じCOUNT値(同じキーストリーム)が2回以上使用されると、暗号化されたデータが第三者により解読される可能性が高くなると考えられる。つまり、第三者がキーストリームを解読する可能性が高くなる。 (About issues)
That is, in order to prevent the same COUNT value (that is, the same key stream) from being used twice for the transmission of data in the same bearer, the base station 20 is about to use the same COUNT value again. In this case, "key refresh" is performed. However, if the same COUNT value is about to be used again and the base station 20 does not perform "key refresh", the terminal 10 may use the same COUNT value again. If the same COUNT value (same key stream) is used more than once for the transmission of data in the same bearer, it is considered that the encrypted data is more likely to be decrypted by a third party. In other words, there is a high possibility that a third party will decrypt the key stream.
 同一のベアラでの暗号化されたデータの送信に対して、同じCOUNT値が再利用される可能性を低減する方法が必要とされている。 There is a need for a method to reduce the possibility that the same COUNT value will be reused for the transmission of encrypted data with the same bearer.
 1つの方法として、基地局20による「key refresh」の実行に依存せず、端末10が自律的に同じCOUNT値の再利用を防止する手順を規定することが考えられる。 As one method, it is conceivable to specify a procedure for the terminal 10 to autonomously prevent the reuse of the same COUNT value without depending on the execution of "key refresh" by the base station 20.
 図5は、端末10が自律的に同じCOUNT値の再利用を防止する手順の例を示す図である。 FIG. 5 is a diagram showing an example of a procedure in which the terminal 10 autonomously prevents the reuse of the same COUNT value.
 まず、ステップS101で、端末10は、データの送信手順を開始する。ステップS102で、端末10は、あるベアラでのデータの送信に適用する暗号アルゴリズムに対する入力パラメータとして、暗号鍵を設定し、カウント値TX_NEXTを0に設定する。ステップS103で、端末10は、送信対象のデータとして、上位レイヤからPDCP(Packet Data Convergence Protocol) SDU(Service Data Unit)を受け取る。 First, in step S101, the terminal 10 starts the data transmission procedure. In step S102, the terminal 10 sets the encryption key as an input parameter for the encryption algorithm applied to the transmission of data in a bearer, and sets the count value TX_NEXT to 0. In step S103, the terminal 10 receives the PDU (Packet Data Convergence Protocol) SDU (Service Data Unit) from the upper layer as the data to be transmitted.
 ステップS104で、端末10は、PDCP SDUに対してカウント値TX_NEXTを対応付ける。 In step S104, the terminal 10 associates the count value TX_NEXT with the PDCP SDU.
 ステップS105で、端末10は、PDCU SDUに対応する1又は複数のPDCP PDU(Protocol Data Unit)を生成する。ステップS106で、端末10は、暗号鍵及びカウント値TX_NEXTを暗号アルゴリズムに適用して、1又は複数のPDCP PDUを暗号化する。 In step S105, the terminal 10 generates one or a plurality of PDCP PDUs (Protocol Data Units) corresponding to the PDCU SDU. In step S106, the terminal 10 applies the encryption key and the count value TX_NEXT to the encryption algorithm to encrypt one or more PDCP PDUs.
 ステップS107で、端末10は、カウント値TX_NEXTを1増加させる。 In step S107, the terminal 10 increments the count value TX_NEXT by 1.
 ステップS108で、端末10は、カウント値TX_NEXTが0であるか否かを判定する。ステップS108で、カウント値TX_NEXTが0でないと端末10により判定された場合、処理は、ステップS109に進む。端末10は、ステップS109で暗号化した1又は複数のPDCP PDUを送信する。ステップS108で、カウント値TX_NEXTが0であると端末10により判定された場合、処理は、ステップS111に進む。つまり、基地局20側で暗号鍵の更新処理を起動しない場合であっても、端末10は自律的に処理をステップS111に進める。 In step S108, the terminal 10 determines whether or not the count value TX_NEXT is 0. If the terminal 10 determines in step S108 that the count value TX_NEXT is not 0, the process proceeds to step S109. The terminal 10 transmits one or more PDCP PDUs encrypted in step S109. If the terminal 10 determines in step S108 that the count value TX_NEXT is 0, the process proceeds to step S111. That is, even if the base station 20 side does not activate the encryption key update process, the terminal 10 autonomously advances the process to step S111.
 ステップS111で、端末10は、RRC connection re-establishmentの手順を起動する。具体的には、端末10は、基地局20に対して、RRCReestablishmentRequestメッセージを送信する。基地局20は、端末10からRRCReestablishmentRequestメッセージを受信したことに応答して、端末10にRRCReestablishmentメッセージを送信する。端末10は、RRCReestablishmentメッセージを受信すると、データの送信に使用する暗号鍵を更新する。 In step S111, the terminal 10 activates the RRC connection re-establishment procedure. Specifically, the terminal 10 transmits an RRC Request request message to the base station 20. The base station 20 transmits an RRCRestation message to the terminal 10 in response to receiving the RRCReestivalRequest message from the terminal 10. When the terminal 10 receives the RRC Recovery message, the terminal 10 updates the encryption key used for transmitting the data.
 端末10が暗号鍵を更新した後、処理はステップS102に進む。ステップS102で、端末10は、データの送信に適用する暗号アルゴリズムに対する入力パラメータとして、更新された暗号鍵及びカウント値TX_NEXT=0を入力する。 After the terminal 10 updates the encryption key, the process proceeds to step S102. In step S102, the terminal 10 inputs the updated encryption key and the count value TX_NEXT = 0 as input parameters for the encryption algorithm applied to the transmission of data.
 ステップS109で暗号化した1又は複数のPDCP PDUを送信した後、処理は、ステップS110に進む。ステップS110では、端末10は、上位レイヤから次のPDCP SDUを受け取ったか否かを判定する。ステップS110で、上位レイヤから次のPDCP SDUを受け取ったと端末10により判定された場合、処理は、ステップS104に進む。その後、端末10は、上述の処理を次のPDCP SDUに対して行う。ステップS110で、上位レイヤから次のPDCP SDUを受け取っていないと端末10により判定された場合、処理は、ステップS112に進み、データの送信処理が終了する。 After transmitting one or more PDCP PDUs encrypted in step S109, the process proceeds to step S110. In step S110, the terminal 10 determines whether or not the next PDCP SDU has been received from the upper layer. If it is determined by the terminal 10 that the next PDCP SDU has been received from the upper layer in step S110, the process proceeds to step S104. After that, the terminal 10 performs the above-mentioned processing on the next PDCP SDU. If the terminal 10 determines in step S110 that the next PDCP SDU has not been received from the upper layer, the process proceeds to step S112, and the data transmission process ends.
 上記の処理によれば、同一のベアラでデータを送信する場合に、カウント値TX_NEXT=0が再利用され掛かった場合に、基地局20側で暗号鍵の更新処理を起動しない場合であっても、端末10は、RRC connection re-establishmentの手順を起動することで、暗号鍵の更新を行うことが可能となる。ネットワークがsecurity key refreshを行わず、同一のベアラでの同一の暗号鍵を適用したデータの送信に対して、同じCOUNT値が再利用される可能性があっても、端末10は、再接続処理を自律的に実行することで、ネットワークの動作によらず、端末10に閉じてCOUNT値の再利用を防ぐことができる。 According to the above processing, when data is transmitted by the same bearer, even if the base station 20 side does not start the encryption key update processing when the count value TX_NEXT = 0 is about to be reused. , The terminal 10 can update the encryption key by activating the procedure of RRC connection re-station. Even if the network does not perform security key refresh and the same COUNT value may be reused for the transmission of data to which the same encryption key is applied by the same bearer, the terminal 10 performs the reconnection process. By autonomously executing the above, it is possible to prevent the reuse of the COUNT value by closing the terminal 10 regardless of the operation of the network.
 (Alt.1)
 図5に示す場合のように、端末10は、COUNT値を管理し、同一の暗号鍵(cipher kay)を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う。この場合において、COUNT値が一巡(wrap around)、すなわち、同じCOUNT値が再利用され掛けた場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.1)
As shown in FIG. 5, the terminal 10 manages the COUNT value and transmits (or receives) data using the same cipher key and the same bearer. In this case, when the COUNT value is wrapped around, that is, when the same COUNT value is about to be reused, the terminal 10 may activate the procedure of RRC connection re-establishment.
 Alt.1の場合において以下の内容が仕様において規定されてもよい。各無線ベアラ及び各送信方向に対して、端末10において、独立したカウンタ(COUNTER)が維持される。各無線ベアラに対して、COUNTERは、暗号化及びインテグリティアルゴリズムの入力パラメータとして使用される。同一のベアラ及び同一の暗号鍵に対して、同一のCOUNT値が2回使用されることは許容されない。暗号鍵の更新が必要な場合、例えば、KgNBの変更を伴うMaster Nodeの変更、又はCOUNTが一巡することを防止する場合において、暗号鍵の更新手順が適用される。同一のベアラ及び同一の暗号鍵に対して、COUNT値が一巡した際に、端末10は、RRC connection re-establishmentを起動する。 Alt. In the case of 1, the following contents may be specified in the specifications. An independent counter (COUNTER) is maintained at the terminal 10 for each radio bearer and each transmission direction. For each radio bearer, COUNTER is used as an input parameter for encryption and integrity algorithms. It is not permissible for the same COUNT value to be used twice for the same bearer and the same encryption key. When it is necessary to update the encryption key, for example, when changing the Master Node accompanied by the change of KgNB, or when preventing the COUNT from going around, the procedure for updating the encryption key is applied. When the COUNT value has cycled for the same bearer and the same encryption key, the terminal 10 activates the RRC connection re-establishment.
 (Alt.2)
 COUNT値は、0から始まるため、同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行うことにより、COUNT値が一巡(wrap around)し、COUNT値「0」が再利用され掛けた場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.2)
Since the COUNT value starts from 0, by transmitting data (or receiving data) using the same encryption key and using the same bearer, the COUNT value is wrapped around and the COUNT value is rounded. When "0" is about to be reused, the terminal 10 may activate the procedure of RRC connection re-establishment.
 (Alt.3)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、COUNT値が最大値に達した場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。ここで、COUNT値は、32ビットで表現されてもよく、COUNT値の最大値は、2∧32-1であってもよい。なお、COUNT値が他のビット数で表現される場合には、COUNT値は、当該他のビット数で表現できる数値のうちの最大値であってもよい。 (Alt.3)
When data is transmitted (or data is received) using the same encryption key and the same bearer, when the COUNT value reaches the maximum value, the terminal 10 is set to the RRC connection re-establishment. You may initiate the procedure. Here, the COUNT value may be represented by 32 bits, and the maximum value of the COUNT value may be 2∧32-1. When the COUNT value is represented by another number of bits, the COUNT value may be the maximum value among the numerical values that can be represented by the other number of bits.
 (Alt.4)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、COUNT値が、仕様で規定した特定のCOUNT値に最初に達した場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.4)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, the terminal when the COUNT value first reaches the specific COUNT value specified in the specifications. 10 may activate the procedure of RRC connection re-establishment.
 (Alt.5)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、COUNT値が、基地局20により(例えば、RRCシグナリングで)設定された特定のCOUNT値に最初に達した場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.5)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, the COUNT value is set by the base station 20 (for example, by RRC signaling). When the value is first reached, the terminal 10 may activate the RRC connection re-establishment procedure.
 (Alt.6)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、COUNT値が、仕様で規定した回数だけ一巡(wrap around)した場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.6)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, and the COUNT value is wrapped around the number of times specified in the specifications, the terminal 10 May initiate the RRC connection re-establishment procedure.
(Alt.7)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、COUNT値が、基地局20により(例えば、RRCシグナリングで)設定された回数だけ一巡(wrap around)した場合に、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.7)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, the COUNT value goes around the number of times set by the base station 20 (for example, by RRC signaling). In the case of (wrap around), the terminal 10 may activate the procedure of RRC connection re-establishment.
 (Alt.8)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、仕様で規定された特定のCOUNT値を2回利用した場合に(例えば、特定の値が「2」であり、COUNT値が一巡(wrap around)して、再度「2」に達した状態)、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.8)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, when the specific COUNT value specified in the specifications is used twice (for example, specific). When the value is "2" and the COUNT value has been wrapped around and reached "2" again), the terminal 10 may activate the procedure of RRC connection re-establishment.
 (Alt.9)
 同一の暗号鍵を使用して、かつ同一のベアラで、データの送信(又はデータの受信)を行う場合において、基地局20がRRCシグナリングで設定した特定のCOUNT値を2回利用した場合に(例えば、特定の値が「2」であり、COUNT値が一巡(wrap around)して、再度「2」に達した状態)、端末10は、RRC connection re-establishmentの手順を起動してもよい。 (Alt.9)
When data is transmitted (or data is received) using the same encryption key and with the same bearer, when the base station 20 uses the specific COUNT value set by RRC signaling twice ( For example, when the specific value is "2", the COUNT value goes round (wrap around) and reaches "2" again), the terminal 10 may activate the procedure of RRC connection re-establishment. ..
 なお、上述の実施例では、主に、暗号アルゴリズム及び暗号鍵(cipher key)が使用されている。しかしながら、実施例は、上述の実施例には限定されない。例えば、上述の実施例において、暗号アルゴリズムに変えて、インテグリティアルゴリズムが使用され、かつ暗号鍵に変えて、インテグリティ鍵(integrity key)が使用されてもよい。 In the above embodiment, a cipher algorithm and a cipher key are mainly used. However, the examples are not limited to the above-mentioned examples. For example, in the above-described embodiment, the integrity algorithm may be used instead of the encryption algorithm, and the integrity key may be used instead of the encryption key.
 (装置構成)
 次に、これまでに説明した処理動作を実行する端末10及び基地局20の機能構成例を説明する。端末10及び基地局20は、本実施の形態で説明した全ての機能を備えている。ただし、端末10及び基地局20は、本実施の形態で説明した全ての機能のうちの一部のみの機能を備えてもよい。 (Device configuration)
Next, a functional configuration example of the terminal 10 and the base station 20 that execute the processing operations described so far will be described. The terminal 10 and the base station 20 have all the functions described in the present embodiment. However, the terminal 10 and the base station 20 may have only a part of all the functions described in the present embodiment.
 <端末>
 図6は、端末10の機能構成の一例を示す図である。図6に示すように、端末10は、送信部110と、受信部120と、制御部130と、を有する。図6に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。 <Terminal>
FIG. 6 is a diagram showing an example of the functional configuration of the terminal 10. As shown in FIG. 6, the terminal 10 has a transmitting unit 110, a receiving unit 120, and a control unit 130. The functional configuration shown in FIG. 6 is only an example. Any function classification and name of the functional unit may be used as long as the operation according to the present embodiment can be executed.
 送信部110は、送信データから送信信号を作成し、当該送信信号を無線で送信する。受信部120は、各種の信号を無線受信し、受信した物理レイヤの信号からより上位のレイヤの信号を取得する。また、受信部120は受信する信号の測定を行って、受信電力等を取得する測定部を含む。 The transmission unit 110 creates a transmission signal from the transmission data and wirelessly transmits the transmission signal. The receiving unit 120 wirelessly receives various signals and acquires a signal of a higher layer from the received signal of the physical layer. Further, the receiving unit 120 includes a measuring unit that measures the received signal and acquires the received power and the like.
 制御部130は、端末10の制御を行う。なお、送信に関わる制御部130の機能が送信部110に含まれ、受信に関わる制御部130の機能が受信部120に含まれてもよい。 The control unit 130 controls the terminal 10. The function of the control unit 130 related to transmission may be included in the transmission unit 110, and the function of the control unit 130 related to reception may be included in the reception unit 120.
 例えば、端末10の制御部130は、基地局20に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化してもよい。また、端末10の送信部110は、1又は複数のパケットを前述のベアラで前記基地局20に対して送信してもよい。また、制御部130は、1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が1又は複数のデータユニットのうち、当該最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、基地局20との間の接続に関する再接続手順を起動してもよい。当該再接続手順は、RRC connection re-establishmentの手順であってもよい。 For example, the control unit 130 of the terminal 10 sets a bearer for transmitting one or a plurality of data units to the base station 20, and converts each data unit of the one or a plurality of data units into one or a plurality of packets. In the case of dividing and sequentially transmitting the divided one or a plurality of packets, a count value for sequentially counting the number of transmitted data units is maintained, and each data unit among the one or a plurality of data units is subjected to. When transmitting the corresponding one or more packets, at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key are specified as input parameters for the one or more packets. The key stream calculated by the algorithm of may be applied to encrypt the one or more packets. Further, the transmission unit 110 of the terminal 10 may transmit one or more packets to the base station 20 by the bearer described above. Further, the control unit 130 is the data to be transmitted first among the data units whose specific count value is one or more assigned to the data unit to be transmitted first among one or a plurality of data units. When it is detected that it is applied to a data unit other than the unit, the reconnection procedure regarding the connection with the base station 20 may be activated. The reconnection procedure may be an RRC connection re-establishment procedure.
 例えば、端末10の受信部120は、1又は複数のデータユニットのうちの各データユニットが1又は複数のパケットに分割されてあるベアラにおいて基地局から逐次送信される場合において、基地局20から当該ベアラにおいて送信される1又は複数のデータユニットのうちの各データユニットを受信してもよい。端末10の制御部130は、受信されるデータユニットの数をカウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを受信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを復号してもよい。制御部130は、1又は複数のデータユニットのうち、最初に受信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、最初に受信されるデータユニット以外のデータユニットの受信に適用されることを検出した場合に、基地局20との間の接続に関する再接続手順を起動してもよい。当該再接続手順は、RRC connection re-establishmentの手順であってもよい。 For example, when the receiving unit 120 of the terminal 10 is sequentially transmitted from the base station in a bearer in which each data unit of one or a plurality of data units is divided into one or a plurality of packets, the receiving unit 120 is said to be the same from the base station 20. Each data unit of one or more data units transmitted in the bearer may be received. When the control unit 130 of the terminal 10 maintains a count value for counting the number of received data units and receives one or a plurality of packets corresponding to each data unit among the one or a plurality of data units. , At least the bearer's identifier, the count value corresponding to the data unit, and the key stream calculated by the specific algorithm are applied to the one or more packets as input parameters. , The one or more packets may be decrypted. The control unit 130 has a specific count value assigned to the first received data unit among the one or more data units other than the first received data unit among the one or more data units. When it is detected that it is applied to the reception of the data unit of, the reconnection procedure regarding the connection with the base station 20 may be activated. The reconnection procedure may be an RRC connection re-establishment procedure.
 <基地局20>
 図7は、基地局20の機能構成の一例を示す図である。図7に示されるように、基地局20は、送信部210と、受信部220と、制御部230と、を有する。図7に示す機能構成は一例に過ぎない。本実施の形態に係る動作を実行できるのであれば、機能区分及び機能部の名称はどのようなものでもよい。 <Base station 20>
FIG. 7 is a diagram showing an example of the functional configuration of the base station 20. As shown in FIG. 7, the base station 20 includes a transmission unit 210, a reception unit 220, and a control unit 230. The functional configuration shown in FIG. 7 is only an example. Any function classification and name of the functional unit may be used as long as the operation according to the present embodiment can be executed.
 送信部210は、端末10側に送信する信号を生成し、当該信号を無線で送信する機能を含む。受信部220は、端末10から送信された各種の信号を受信し、受信した信号から、例えばより上位のレイヤの情報を取得する機能を含む。また、受信部220は受信する信号の測定を行って、受信電力等を取得する測定部を含む。 The transmission unit 210 includes a function of generating a signal to be transmitted to the terminal 10 side and transmitting the signal wirelessly. The receiving unit 220 includes a function of receiving various signals transmitted from the terminal 10 and acquiring information of, for example, a higher layer from the received signals. Further, the receiving unit 220 includes a measuring unit that measures the received signal and acquires the received power and the like.
 制御部230は、基地局20の制御を行う。なお、送信に関わる制御部230の機能が送信部210に含まれ、受信に関わる制御部230の機能が受信部220に含まれてもよい。 The control unit 230 controls the base station 20. The function of the control unit 230 related to transmission may be included in the transmission unit 210, and the function of the control unit 230 related to reception may be included in the reception unit 220.
 例えば、基地局20の受信部220は、1又は複数のデータユニットのうちの各データユニットが1又は複数のパケットに分割されてあるベアラにおいて端末10から逐次送信される場合において、端末10から当該ベアラにおいて送信される1又は複数のデータユニットのうちの各データユニットを受信してもよい。基地局20の制御部230は、受信されるデータユニットの数をカウントするカウント値を維持し、1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを受信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを復号してもよい。受信部220が端末10から送信される端末10との間の接続に関する再接続手順の要求を受信した場合に、制御部230は、当該再接続手順を実行してもよい。当該再接続手順は、RRC connection re-establishmentの手順であってもよい。 For example, when the receiving unit 220 of the base station 20 is sequentially transmitted from the terminal 10 in a bearer in which each data unit of one or a plurality of data units is divided into one or a plurality of packets, the receiving unit 220 is said to be the same from the terminal 10. Each data unit of one or more data units transmitted in the bearer may be received. When the control unit 230 of the base station 20 maintains a count value for counting the number of received data units and receives one or a plurality of packets corresponding to each data unit among the one or a plurality of data units. , At least the bearer's identifier, the count value corresponding to the data unit, and the key stream calculated by the specific algorithm are applied to the one or more packets as input parameters. , The one or more packets may be decrypted. When the receiving unit 220 receives the request for the reconnection procedure regarding the connection with the terminal 10 transmitted from the terminal 10, the control unit 230 may execute the reconnection procedure. The reconnection procedure may be an RRC connection re-establishment procedure.
 例えば、基地局20の制御部230は、端末10に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化してもよい。また、基地局20の送信部210は、暗号化された1又は複数のパケットを前述のベアラで端末10に対して送信してもよい。受信部220が端末10から送信される端末10との間の接続に関する再接続手順の要求を受信した場合に、制御部230は、当該再接続手順を実行してもよい。当該再接続手順は、RRC connection re-establishmentの手順であってもよい。 For example, the control unit 230 of the base station 20 sets a bearer for transmitting one or a plurality of data units to the terminal 10, and each data unit of the one or a plurality of data units is converted into one or a plurality of packets. In the case of dividing and sequentially transmitting the divided one or a plurality of packets, the count value for sequentially counting the number of transmitted data units is maintained, and each data unit of the one or a plurality of data units is supported. When transmitting one or more packets, at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key are used as input parameters for the one or more packets. The key stream calculated by the algorithm may be applied to encrypt the one or more packets. Further, the transmission unit 210 of the base station 20 may transmit one or a plurality of encrypted packets to the terminal 10 by the bearer described above. When the receiving unit 220 receives the request for the reconnection procedure regarding the connection with the terminal 10 transmitted from the terminal 10, the control unit 230 may execute the reconnection procedure. The reconnection procedure may be an RRC connection re-establishment procedure.
 <ハードウェア構成>
 上記実施の形態の説明に用いたブロック図(図6~図7)は、機能単位のブロックを示している。これらの機能ブロック(構成部)は、ハードウェア及びソフトウェアの少なくとも一方の任意の組み合わせによって実現される。また、各機能ブロックの実現方法は特に限定されない。すなわち、各機能ブロックは、物理的又は論理的に結合した1つの装置を用いて実現されてもよいし、物理的又は論理的に分離した2つ以上の装置を直接的又は間接的に(例えば、有線、無線などを用いて)接続し、これら複数の装置を用いて実現されてもよい。機能ブロックは、上記1つの装置又は上記複数の装置にソフトウェアを組み合わせて実現されてもよい。機能には、判断、決定、判定、計算、算出、処理、導出、調査、探索、確認、受信、送信、出力、アクセス、解決、選択、選定、確立、比較、想定、期待、見做し、報知(broadcasting)、通知(notifying)、通信(communicating)、転送(forwarding)、構成(configuring)、再構成(reconfiguring)、割り当て(allocating、mapping)、割り振り(assigning)などがあるが、これらに限られない。たとえば、送信を機能させる機能ブロック(構成部)は、送信部(transmitting unit)や送信機(transmitter)と呼称される。いずれも、上述したとおり、実現方法は特に限定されない。 <Hardware configuration>
The block diagrams (FIGS. 6 to 7) used in the description of the above-described embodiment show blocks of functional units. These functional blocks (components) are realized by any combination of at least one of hardware and software. Further, the method of realizing each functional block is not particularly limited. That is, each functional block may be realized by using one device that is physically or logically connected, or directly or indirectly (for example, by two or more devices that are physically or logically separated). , Wired, wireless, etc.) and may be realized using these plurality of devices. The functional block may be realized by combining the software with the one device or the plurality of devices. Functions include judgment, decision, judgment, calculation, calculation, processing, derivation, investigation, search, confirmation, reception, transmission, output, access, solution, selection, selection, establishment, comparison, assumption, expectation, and assumption. Broadcasting, notifying, communicating, forwarding, configuring, reconfiguring, allocating, mapping, assigning, etc., but limited to these I can't. For example, a functional block (component) that functions transmission is called a transmitting unit or a transmitter. As described above, the method of realizing each of them is not particularly limited.
 また、例えば、本発明の一実施の形態における端末10と基地局20はいずれも、本実施の形態に係る処理を行うコンピュータとして機能してもよい。図8は、本実施の形態に係る端末10と基地局20のハードウェア構成の一例を示す図である。上述の端末10と基地局20はそれぞれ、物理的には、プロセッサ1001、メモリ1002、ストレージ1003、通信装置1004、入力装置1005、出力装置1006、バス1007などを含むコンピュータ装置として構成されてもよい。 Further, for example, the terminal 10 and the base station 20 in one embodiment of the present invention may both function as computers that perform processing according to the present embodiment. FIG. 8 is a diagram showing an example of the hardware configuration of the terminal 10 and the base station 20 according to the present embodiment. The terminal 10 and the base station 20 may be physically configured as a computer device including a processor 1001, a memory 1002, a storage 1003, a communication device 1004, an input device 1005, an output device 1006, a bus 1007, and the like. ..
 なお、以下の説明では、「装置」という文言は、回路、デバイス、ユニットなどに読み替えることができる。端末10と基地局20のハードウェア構成は、図に示した1001~1006で示される各装置を1つ又は複数含むように構成されてもよいし、一部の装置を含まずに構成されてもよい。 In the following explanation, the word "device" can be read as a circuit, device, unit, etc. The hardware configuration of the terminal 10 and the base station 20 may be configured to include one or more of the devices shown in 1001 to 1006 shown in the figure, or may be configured not to include some of the devices. May be good.
 端末10と基地局20における各機能は、プロセッサ1001、メモリ1002などのハードウェア上に所定のソフトウェア(プログラム)を読み込ませることによって、プロセッサ1001が演算を行い、通信装置1004による通信を制御したり、メモリ1002及びストレージ1003におけるデータの読み出し及び書き込みの少なくとも一方を制御したりすることによって実現される。 For each function of the terminal 10 and the base station 20, the processor 1001 performs calculations by loading predetermined software (programs) on hardware such as the processor 1001 and the memory 1002, and controls communication by the communication device 1004. It is realized by controlling at least one of reading and writing of data in the memory 1002 and the storage 1003.
 プロセッサ1001は、例えば、オペレーティングシステムを動作させてコンピュータ全体を制御する。プロセッサ1001は、周辺装置とのインターフェース、制御装置、演算装置、レジスタなどを含む中央処理装置(CPU:Central Processing Unit)によって構成されてもよい。 Processor 1001 operates, for example, an operating system to control the entire computer. The processor 1001 may be configured by a central processing unit (CPU: Central Processing Unit) including an interface with a peripheral device, a control device, an arithmetic unit, a register, and the like.
 また、プロセッサ1001は、プログラム(プログラムコード)、ソフトウェアモジュール、データなどを、ストレージ1003及び通信装置1004の少なくとも一方からメモリ1002に読み出し、これらに従って各種の処理を実行する。プログラムとしては、上述の実施の形態において説明した動作の少なくとも一部をコンピュータに実行させるプログラムが用いられる。例えば、端末10の制御部130は、メモリ1002に格納され、プロセッサ1001において動作する制御プログラムによって実現されてもよく、他の機能ブロックについても同様に実現されてもよい。上述の各種処理は、1つのプロセッサ1001によって実行される旨を説明してきたが、2以上のプロセッサ1001により同時又は逐次に実行されてもよい。プロセッサ1001は、1以上のチップによって実装されてもよい。なお、プログラムは、電気通信回線を介してネットワークから送信されても良い。 Further, the processor 1001 reads a program (program code), a software module, data, etc. from at least one of the storage 1003 and the communication device 1004 into the memory 1002, and executes various processes according to these. As the program, a program that causes a computer to execute at least a part of the operations described in the above-described embodiment is used. For example, the control unit 130 of the terminal 10 may be realized by a control program stored in the memory 1002 and operating in the processor 1001, and may be realized in the same manner for other functional blocks. Although the above-mentioned various processes have been described as being executed by one processor 1001, they may be executed simultaneously or sequentially by two or more processors 1001. Processor 1001 may be implemented by one or more chips. The program may be transmitted from the network via a telecommunication line.
 メモリ1002は、コンピュータ読み取り可能な記録媒体であり、例えば、ROM(Read Only Memory)、EPROM(Erasable Programmable ROM)、EEPROM(Electrically Erasable Programmable ROM)、RAM(Random Access Memory)などの少なくとも1つによって構成されてもよい。メモリ1002は、レジスタ、キャッシュ、メインメモリ(主記憶装置)などと呼ばれてもよい。メモリ1002は、本開示の一実施の形態に係る無線通信方法を実施するために実行可能なプログラム(プログラムコード)、ソフトウェアモジュールなどを保存することができる。 The memory 1002 is a computer-readable recording medium, and is composed of at least one such as a ROM (Read Only Memory), an EPROM (Erasable Programmable ROM), an EEPROM (Electrically Erasable Programmable ROM), and a RAM (Random Access Memory). May be done. The memory 1002 may be referred to as a register, a cache, a main memory (main storage device), or the like. The memory 1002 can store a program (program code), a software module, or the like that can be executed to implement the wireless communication method according to the embodiment of the present disclosure.
 ストレージ1003は、コンピュータ読み取り可能な記録媒体であり、例えば、CD-ROM(Compact Disc ROM)などの光ディスク、ハードディスクドライブ、フレキシブルディスク、光磁気ディスク(例えば、コンパクトディスク、デジタル多用途ディスク、Blu-ray(登録商標)ディスク)、スマートカード、フラッシュメモリ(例えば、カード、スティック、キードライブ)、フロッピー(登録商標)ディスク、磁気ストリップなどの少なくとも1つによって構成されてもよい。ストレージ1003は、補助記憶装置と呼ばれてもよい。上述の記憶媒体は、例えば、メモリ1002及びストレージ1003の少なくとも一方を含むデータベース、サーバその他の適切な媒体であってもよい。 The storage 1003 is a computer-readable recording medium, and is, for example, an optical disk such as a CD-ROM (Compact Disc ROM), a hard disk drive, a flexible disk, an optical magnetic disk (for example, a compact disk, a digital versatile disk, or a Blu-ray). It may consist of at least one (registered trademark) disk), smart card, flash memory (eg, card, stick, key drive), floppy (registered trademark) disk, magnetic strip, and the like. The storage 1003 may be referred to as an auxiliary storage device. The storage medium described above may be, for example, a database, server or other suitable medium containing at least one of the memory 1002 and the storage 1003.
 通信装置1004は、有線ネットワーク及び無線ネットワークの少なくとも一方を介してコンピュータ間の通信を行うためのハードウェア(送受信デバイス)であり、例えばネットワークデバイス、ネットワークコントローラ、ネットワークカード、通信モジュールなどともいう。通信装置1004は、例えば周波数分割複信(FDD:Frequency Division Duplex)及び時分割複信(TDD:Time Division Duplex)の少なくとも一方を実現するために、高周波スイッチ、デュプレクサ、フィルタ、周波数シンセサイザなどを含んで構成されてもよい。例えば、上述の送信部110、受信部120等は、通信装置1004によって実現されてもよい。また、送信部110と受信部120とで、物理的に、または論理的に分離された実装がなされてもよい。 The communication device 1004 is hardware (transmission / reception device) for communicating between computers via at least one of a wired network and a wireless network, and is also referred to as, for example, a network device, a network controller, a network card, a communication module, or the like. The communication device 1004 includes, for example, a high frequency switch, a duplexer, a filter, a frequency synthesizer, and the like in order to realize at least one of frequency division duplex (FDD: Frequency Division Duplex) and time division duplex (TDD: Time Division Duplex). It may be composed of. For example, the transmission unit 110, the reception unit 120, and the like described above may be realized by the communication device 1004. Further, the transmitting unit 110 and the receiving unit 120 may be physically or logically separated from each other.
 入力装置1005は、外部からの入力を受け付ける入力デバイス(例えば、キーボード、マウス、マイクロフォン、スイッチ、ボタン、センサなど)である。出力装置1006は、外部への出力を実施する出力デバイス(例えば、ディスプレイ、スピーカー、LEDランプなど)である。なお、入力装置1005及び出力装置1006は、一体となった構成(例えば、タッチパネル)であってもよい。 The input device 1005 is an input device (for example, a keyboard, a mouse, a microphone, a switch, a button, a sensor, etc.) that receives an input from the outside. The output device 1006 is an output device (for example, a display, a speaker, an LED lamp, etc.) that outputs to the outside. The input device 1005 and the output device 1006 may have an integrated configuration (for example, a touch panel).
 また、プロセッサ1001、メモリ1002などの各装置は、情報を通信するためのバス1007によって接続される。バス1007は、単一のバスを用いて構成されてもよいし、装置間ごとに異なるバスを用いて構成されてもよい。 Further, each device such as the processor 1001 and the memory 1002 is connected by the bus 1007 for communicating information. The bus 1007 may be configured by using a single bus, or may be configured by using a different bus for each device.
 また、端末10と基地局20はそれぞれ、マイクロプロセッサ、デジタル信号プロセッサ(DSP:Digital Signal Processor)、ASIC(Application Specific Integrated Circuit)、PLD(Programmable Logic Device)、FPGA(Field Programmable Gate Array)などのハードウェアを含んで構成されてもよく、当該ハードウェアにより、各機能ブロックの一部又は全てが実現されてもよい。例えば、プロセッサ1001は、これらのハードウェアの少なくとも1つを用いて実装されてもよい。 In addition, the terminal 10 and the base station 20 are hardware such as a microprocessor, a digital signal processor (DSP: Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), a PLD (Programmable Logic Device), and an FPGA (Field Programmable Gate Array), respectively. It may be configured to include hardware, and a part or all of each functional block may be realized by the hardware. For example, processor 1001 may be implemented using at least one of these hardware.
 (実施の形態のまとめ)
 本明細書には、少なくとも下記の端末及び通信方法が開示されている。 (Summary of embodiments)
This specification discloses at least the following terminals and communication methods.
 基地局に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化する制御部と、前記暗号化された1又は複数のパケットを前記ベアラで前記基地局に対して送信する送信部と、を備え、前記制御部は、前記1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動する、端末。 A bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or a plurality of packets, and the divided one or a plurality of data units are divided. When sequentially transmitting packets, maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units. A key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters. The control unit includes a control unit that encrypts the one or more packets, and a transmission unit that transmits the encrypted one or more packets to the base station by the bearer. Of the one or more data units, the specific count value assigned to the first transmitted data unit is the data unit other than the first transmitted data unit of the one or more data units. A terminal that activates a reconnection procedure for a connection with the base station when it detects that it applies to.
 上記の構成によれば、同一のベアラでデータを送信する場合に、COUNT値0が再利用され掛かった場合に、基地局が暗号鍵の更新処理を行わない場合であっても、端末は、再接続手順を起動することで、暗号鍵の更新を行うことが可能となる。端末は、再接続処理を自律的に実行することで、ネットワークの動作によらず、端末に閉じてCOUNT値の再利用を防ぐことができる。 According to the above configuration, when data is transmitted by the same bearer, when the COUNT value 0 is about to be reused, the terminal can be used even if the base station does not update the encryption key. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
 1又は複数のデータユニットのうちの各データユニットが1又は複数のパケットに分割されてあるベアラにおいて基地局から逐次送信される場合において、前記基地局から前記ベアラにおいて送信される1又は複数のデータユニットのうちの各データユニットを受信する受信部と、前記受信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを受信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを復号する制御部と、を備え、前記制御部は、前記1又は複数のデータユニットのうち、最初に受信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に受信されるデータユニット以外のデータユニットの受信に適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動する、端末。 When each data unit of one or a plurality of data units is sequentially transmitted from a base station in a bearer divided into one or a plurality of packets, one or a plurality of data transmitted from the base station in the bearer. A receiving unit that receives each data unit among the units and a count value that sequentially counts the number of the received data units are maintained, and one or one corresponding to each data unit among the one or a plurality of data units. When receiving a plurality of packets, for the one or more packets, at least the bearer identifier, the count value corresponding to the data unit, and a specific encryption key are used as input parameters and calculated by a specific algorithm. The control unit includes a control unit that applies the key stream to be decrypted and decodes the one or more packets, and the control unit receives the first data unit among the one or a plurality of data units. When it is detected that the assigned specific count value is applied to the reception of a data unit other than the first received data unit among the one or more data units, the data unit with the base station is contacted. The terminal that initiates the reconnection procedure for the connection.
 上記の構成によれば、同一のベアラでデータを受信する場合に、COUNT値0が再利用され掛かった場合に、基地局が暗号鍵の更新処理を行わない場合であっても、端末は、再接続手順を起動することで、暗号鍵の更新を行うことが可能となる。端末は、再接続処理を自律的に実行することで、ネットワークの動作によらず、端末に閉じてCOUNT値の再利用を防ぐことができる。 According to the above configuration, when data is received by the same bearer, the terminal can be used even if the base station does not update the encryption key when the COUNT value 0 is about to be reused. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
 前記制御部は、前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニットに対して割り当てられた前記特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外の前記データユニットに適用されることを検出し、かつ前記基地局が暗号鍵の更新手順を起動しない場合に、前記基地局との間の前記接続に関する前記再接続手順を起動してもよい。 The control unit transmits the specific count value assigned to the first transmitted data unit of the one or more data units to the first of the one or more data units. When it is detected that the data unit is applied to the data unit other than the data unit and the base station does not activate the encryption key update procedure, the reconnection procedure regarding the connection with the base station is activated. You may.
 上記の構成によれば、同一のベアラでデータを受信する場合に、COUNT値0が再利用され掛かった場合であって、かつ基地局が暗号鍵の更新処理を起動しない場合に、端末は、再接続手順を実行する。端末は、基地局が暗号鍵の更新処理を起動する場合には、当該更新処理により暗号鍵を更新することが可能となる。 According to the above configuration, when data is received by the same bearer, the COUNT value 0 is about to be reused, and the base station does not start the encryption key update process. Perform the reconnect procedure. When the base station activates the encryption key update process, the terminal can update the encryption key by the update process.
 前記制御部は、前記基地局から前記接続に関する再接続を指示する信号を受信した場合に、前記暗号鍵を更新してもよい。 The control unit may update the encryption key when it receives a signal from the base station instructing reconnection related to the connection.
 上記の構成によれば、端末は、自律的に、暗号鍵の更新を行うことが可能になる。 According to the above configuration, the terminal can autonomously update the encryption key.
 前記制御部は、前記カウント値が、最大値又は最小値に達した場合に、前記再接続手順を起動してもよい。 The control unit may activate the reconnection procedure when the count value reaches the maximum value or the minimum value.
 上記の構成によれば、端末は、同一のベアラでデータを送信する場合に、COUNT値が再利用されることを防止できる。 According to the above configuration, the terminal can prevent the COUNT value from being reused when transmitting data with the same bearer.
 基地局に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化するステップと、前記暗号化された1又は複数のパケットを前記ベアラで前記基地局に対して送信するステップと、
 前記1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動するステップ、を備える端末による通信方法。 A bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or more packets, and the divided one or more data units are divided. When transmitting packets sequentially, maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units. A key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters. The step of encrypting the one or more packets and the step of transmitting the encrypted one or more packets to the base station by the bearer.
Of the one or more data units, the specific count value assigned to the first transmitted data unit is the data unit other than the first transmitted data unit of the one or more data units. A method of communication by a terminal comprising a step of invoking a reconnection procedure relating to a connection with the base station when it is detected that the application is applied to.
 上記の構成によれば、同一のベアラでデータを送信する場合に、COUNT値0が再利用され掛かった場合に、基地局が暗号鍵の更新処理を行わない場合であっても、端末は、再接続手順を起動することで、暗号鍵の更新を行うことが可能となる。端末は、再接続処理を自律的に実行することで、ネットワークの動作によらず、端末に閉じてCOUNT値の再利用を防ぐことができる。 According to the above configuration, when data is transmitted by the same bearer, when the COUNT value 0 is about to be reused, the terminal can be used even if the base station does not update the encryption key. By invoking the reconnection procedure, it is possible to update the encryption key. By autonomously executing the reconnection process, the terminal can be closed to the terminal to prevent the reuse of the COUNT value regardless of the operation of the network.
 (実施形態の補足)
 以上、本発明の実施の形態を説明してきたが、開示される発明はそのような実施形態に限定されず、当業者は様々な変形例、修正例、代替例、置換例等を理解するであろう。発明の理解を促すため具体的な数値例を用いて説明がなされたが、特に断りのない限り、それらの数値は単なる一例に過ぎず適切な如何なる値が使用されてもよい。上記の説明における項目の区分けは本発明に本質的ではなく、2以上の項目に記載された事項が必要に応じて組み合わせて使用されてよいし、ある項目に記載された事項が、別の項目に記載された事項に(矛盾しない限り)適用されてよい。機能ブロック図における機能部又は処理部の境界は必ずしも物理的な部品の境界に対応するとは限らない。複数の機能部の動作が物理的には1つの部品で行われてもよいし、あるいは1つの機能部の動作が物理的には複数の部品により行われてもよい。実施の形態で述べた処理手順については、矛盾の無い限り処理の順序を入れ替えてもよい。処理説明の便宜上、端末10と基地局20は機能的なブロック図を用いて説明されたが、そのような装置はハードウェアで、ソフトウェアで又はそれらの組み合わせで実現されてもよい。本発明の実施の形態に従って端末10が有するプロセッサにより動作するソフトウェア及び本発明の実施の形態に従って基地局20が有するプロセッサにより動作するソフトウェアはそれぞれ、ランダムアクセスメモリ(RAM)、フラッシュメモリ、読み取り専用メモリ(ROM)、EPROM、EEPROM、レジスタ、ハードディスク(HDD)、リムーバブルディスク、CD-ROM、データベース、サーバその他の適切な如何なる記憶媒体に保存されてもよい。 (Supplement to the embodiment)
Although the embodiments of the present invention have been described above, the disclosed inventions are not limited to such embodiments, and those skilled in the art can understand various modifications, modifications, alternatives, substitutions, and the like. There will be. Although explanations have been given using specific numerical examples in order to promote understanding of the invention, these numerical values are merely examples and any appropriate value may be used unless otherwise specified. The classification of items in the above description is not essential to the present invention, and items described in two or more items may be used in combination as necessary, and items described in one item may be used in combination with another item. It may be applied (as long as there is no contradiction) to the matters described in. The boundary of the functional unit or the processing unit in the functional block diagram does not always correspond to the boundary of the physical component. The operation of the plurality of functional units may be physically performed by one component, or the operation of one functional unit may be physically performed by a plurality of components. Regarding the processing procedure described in the embodiment, the processing order may be changed as long as there is no contradiction. For convenience of processing description, the terminal 10 and the base station 20 have been described with reference to functional block diagrams, but such devices may be implemented in hardware, software, or a combination thereof. The software operated by the processor of the terminal 10 according to the embodiment of the present invention and the software operated by the processor of the base station 20 according to the embodiment of the present invention are random access memory (RAM), flash memory, and read-only memory, respectively. It may be stored in (ROM), EPROM, EEPROM, registers, hard disk (HDD), removable disk, CD-ROM, database, server or any other suitable storage medium.
 情報の通知は、本開示において説明した態様/実施形態に限られず、他の方法を用いて行われてもよい。例えば、情報の通知は、物理レイヤシグナリング(例えば、DCI(Downlink Control Information)、UCI(Uplink Control Information))、上位レイヤシグナリング(例えば、RRC(Radio Resource Control)シグナリング、MAC(Medium Access Control)シグナリング、報知情報(MIB(Master Information Block)、SIB(System Information Block)))、その他の信号又はこれらの組み合わせによって実施されてもよい。また、RRCシグナリングは、RRCメッセージと呼ばれてもよく、例えば、RRC接続セットアップ(RRC Connection Setup)メッセージ、RRC接続再構成(RRC Connection Reconfiguration)メッセージなどであってもよい。 The notification of information is not limited to the mode / embodiment described in the present disclosure, and may be performed by using other methods. For example, information notification includes physical layer signaling (for example, DCI (Downlink Control Information), UCI (Uplink Control Information)), higher layer signaling (for example, RRC (Radio Resource Control) signaling, MAC (Medium Access Control) signaling, etc. It may be carried out by notification information (MIB (Master Information Block), SIB (System Information Block)), other signals, or a combination thereof. Further, the RRC signaling may be called an RRC message, and may be, for example, an RRC connection setup (RRC Connection Setup) message, an RRC connection reconfiguration (RRC Connection Reconfiguration) message, or the like.
 本開示において説明した各態様/実施形態は、LTE(Long Term Evolution)、LTE-A(LTE-Advanced)、SUPER 3G、IMT-Advanced、4G(4th generation mobile communication system)、5G(5th generation mobile communication system)、FRA(Future Radio Access)、NR(new Radio)、W-CDMA(登録商標)、GSM(登録商標)、CDMA2000、UMB(Ultra Mobile Broadband)、IEEE 802.11(Wi-Fi(登録商標))、IEEE 802.16(WiMAX(登録商標))、IEEE 802.20、UWB(Ultra-WideBand)、Bluetooth(登録商標)、その他の適切なシステムを利用するシステム及びこれらに基づいて拡張された次世代システムの少なくとも一つに適用されてもよい。また、複数のシステムが組み合わされて(例えば、LTE及びLTE-Aの少なくとも一方と5Gとの組み合わせ等)適用されてもよい。 Each aspect / embodiment described in the present disclosure includes LTE (Long Term Evolution), LTE-A (LTE-Advanced), SUPER 3G, IMT-Advanced, 4G (4th generation mobile communication system), and 5G (5th generation mobile communication). system), FRA (Future Radio Access), NR (new Radio), W-CDMA (registered trademark), GSM (registered trademark), CDMA2000, UMB (Ultra Mobile Broadband), IEEE 802.11 (Wi-Fi (registered trademark)) )), LTE 802.16 (WiMAX®), LTE 802.20, UWB (Ultra-WideBand), Bluetooth®, and other systems that utilize suitable systems and have been extended based on these. It may be applied to at least one of the next generation systems. Further, a plurality of systems may be applied in combination (for example, a combination of at least one of LTE and LTE-A and 5G).
 本開示において説明した各態様/実施形態の処理手順、シーケンス、フローチャートなどは、矛盾の無い限り、順序を入れ替えてもよい。例えば、本開示において説明した方法については、例示的な順序を用いて様々なステップの要素を提示しており、提示した特定の順序に限定されない。 The order of the processing procedures, sequences, flowcharts, etc. of each aspect / embodiment described in the present disclosure may be changed as long as there is no contradiction. For example, the methods described in the present disclosure present elements of various steps using exemplary order, and are not limited to the particular order presented.
 本開示において基地局20によって行われるとした特定動作は、場合によってはその上位ノード(upper node)によって行われることもある。基地局20を有する1つ又は複数のネットワークノード(network nodes)からなるネットワークにおいて、端末との通信のために行われる様々な動作は、基地局20及び基地局20以外の他のネットワークノード(例えば、MME又はS-GWなどが考えられるが、これらに限られない)の少なくとも1つによって行われ得ることは明らかである。上記において基地局20以外の他のネットワークノードが1つである場合を例示したが、複数の他のネットワークノードの組み合わせ(例えば、MME及びS-GW)であってもよい。 In some cases, the specific operation performed by the base station 20 in the present disclosure may be performed by its upper node. In a network consisting of one or more network nodes having a base station 20, various operations performed for communication with a terminal are performed by the base station 20 and other network nodes other than the base station 20 (for example,). , MME, S-GW, etc., but not limited to these). Although the case where there is one network node other than the base station 20 is illustrated above, it may be a combination of a plurality of other network nodes (for example, MME and S-GW).
 入出力された情報等は特定の場所(例えば、メモリ)に保存されてもよいし、管理テーブルを用いて管理してもよい。入出力される情報等は、上書き、更新、又は追記され得る。出力された情報等は削除されてもよい。入力された情報等は他の装置へ送信されてもよい。 The input / output information and the like may be stored in a specific location (for example, memory) or may be managed using a management table. Input / output information and the like can be overwritten, updated, or added. The output information and the like may be deleted. The input information or the like may be transmitted to another device.
 判定は、1ビットで表される値(0か1か)によって行われてもよいし、真偽値(Boolean:true又はfalse)によって行われてもよいし、数値の比較(例えば、所定の値との比較)によって行われてもよい。 The determination may be made by a value represented by 1 bit (0 or 1), by a boolean value (Boolean: true or false), or by comparing numerical values (for example, a predetermined value). It may be done by comparison with the value).
 本開示において説明した各態様/実施形態は単独で用いてもよいし、組み合わせて用いてもよいし、実行に伴って切り替えて用いてもよい。また、所定の情報の通知(例えば、「Xであること」の通知)は、明示的に行うものに限られず、暗黙的(例えば、当該所定の情報の通知を行わない)ことによって行われてもよい。 Each aspect / embodiment described in the present disclosure may be used alone, in combination, or switched with execution. Further, the notification of predetermined information (for example, the notification of "being X") is not limited to the explicit one, but is performed implicitly (for example, the notification of the predetermined information is not performed). May be good.
 ソフトウェアは、ソフトウェア、ファームウェア、ミドルウェア、マイクロコード、ハードウェア記述言語と呼ばれるか、他の名称で呼ばれるかを問わず、命令、命令セット、コード、コードセグメント、プログラムコード、プログラム、サブプログラム、ソフトウェアモジュール、アプリケーション、ソフトウェアアプリケーション、ソフトウェアパッケージ、ルーチン、サブルーチン、オブジェクト、実行可能ファイル、実行スレッド、手順、機能などを意味するよう広く解釈されるべきである。 Software, whether referred to as software, firmware, middleware, microcode, hardware description language, or other names, is an instruction, instruction set, code, code segment, program code, program, subprogram, software module. , Applications, software applications, software packages, routines, subroutines, objects, executable files, execution threads, procedures, functions, etc. should be broadly interpreted.
 また、ソフトウェア、命令、情報などは、伝送媒体を介して送受信されてもよい。例えば、ソフトウェアが、有線技術(同軸ケーブル、光ファイバケーブル、ツイストペア、デジタル加入者回線(DSL:Digital Subscriber Line)など)及び無線技術(赤外線、マイクロ波など)の少なくとも一方を使用してウェブサイト、サーバ、又は他のリモートソースから送信される場合、これらの有線技術及び無線技術の少なくとも一方は、伝送媒体の定義内に含まれる。 Further, software, instructions, information, etc. may be transmitted and received via a transmission medium. For example, the software uses at least one of wired technology (coaxial cable, optical fiber cable, twisted pair, digital subscriber line (DSL: Digital Subscriber Line), etc.) and wireless technology (infrared, microwave, etc.) to create a website. When transmitted from a server, or other remote source, at least one of these wired and wireless technologies is included within the definition of transmission medium.
 本開示において説明した情報、信号などは、様々な異なる技術のいずれかを使用して表されてもよい。例えば、上記の説明全体に渡って言及され得るデータ、命令、コマンド、情報、信号、ビット、シンボル、チップなどは、電圧、電流、電磁波、磁界若しくは磁性粒子、光場若しくは光子、又はこれらの任意の組み合わせによって表されてもよい。 The information, signals, etc. described in this disclosure may be represented using any of a variety of different techniques. For example, data, instructions, commands, information, signals, bits, symbols, chips, etc. that may be referred to throughout the above description are voltages, currents, electromagnetic waves, magnetic fields or magnetic particles, light fields or photons, or any of these. It may be represented by a combination of.
 なお、本開示において説明した用語及び本開示の理解に必要な用語については、同一の又は類似する意味を有する用語と置き換えてもよい。例えば、チャネル及びシンボルの少なくとも一方は信号(シグナリング)であってもよい。また、信号はメッセージであってもよい。また、コンポーネントキャリア(CC:Component Carrier)は、キャリア周波数、セル、周波数キャリアなどと呼ばれてもよい。 Note that the terms explained in the present disclosure and the terms necessary for understanding the present disclosure may be replaced with terms having the same or similar meanings. For example, at least one of a channel and a symbol may be a signal (signaling). Also, the signal may be a message. Further, the component carrier (CC: Component Carrier) may be referred to as a carrier frequency, a cell, a frequency carrier, or the like.
 本開示において使用する「システム」及び「ネットワーク」という用語は、互換的に使用される。また、本開示において説明した情報、パラメータなどは、絶対値を用いて表されてもよいし、所定の値からの相対値を用いて表されてもよいし、対応する別の情報を用いて表されてもよい。例えば、無線リソースはインデックスによって指示されるものであってもよい。 The terms "system" and "network" used in this disclosure are used interchangeably. In addition, the information, parameters, etc. described in the present disclosure may be expressed using absolute values, relative values from predetermined values, or using other corresponding information. It may be represented. For example, the radio resource may be one indicated by an index.
 上述したパラメータに使用する名称はいかなる点においても限定的な名称ではない。さらに、これらのパラメータを使用する数式等は、本開示で明示的に開示したものと異なる場合もある。様々なチャネル(例えば、PUCCH、PDCCHなど)及び情報要素は、あらゆる好適な名称によって識別できるので、これらの様々なチャネル及び情報要素に割り当てている様々な名称は、いかなる点においても限定的な名称ではない。 The names used for the above parameters are not limited in any respect. Further, mathematical formulas and the like using these parameters may differ from those explicitly disclosed in this disclosure. Since the various channels (eg, PUCCH, PDCCH, etc.) and information elements can be identified by any suitable name, the various names assigned to these various channels and information elements are in any respect limited names. is not it.
 本開示においては、「基地局(BS:Base Station)」、「無線基地局」、「固定局(fixed station)」、「NodeB」、「eNodeB(eNB)」、「gNodeB(gNB)」、「アクセスポイント(access point)」、「送信ポイント(transmission point)」、「受信ポイント(reception point)、「送受信ポイント(transmission/reception point)」、「セル」、「セクタ」、「セルグループ」、「キャリア」、「コンポーネントキャリア」などの用語は、互換的に使用され得る。基地局は、マクロセル、スモールセル、フェムトセル、ピコセルなどの用語で呼ばれる場合もある。 In this disclosure, "base station (BS: Base Station)", "wireless base station", "fixed station", "NodeB", "eNodeB (eNB)", "gNodeB (gNB)", " "Access point", "transmission point", "reception point", "transmission / reception point", "cell", "sector", "cell group", "cell group" Terms such as "carrier" and "component carrier" can be used interchangeably. Base stations are sometimes referred to by terms such as macrocells, small cells, femtocells, and picocells.
 基地局は、1つ又は複数(例えば、3つ)のセルを収容することができる。基地局が複数のセルを収容する場合、基地局のカバレッジエリア全体は複数のより小さいエリアに区分でき、各々のより小さいエリアは、基地局サブシステム(例えば、屋内用の小型基地局(RRH:Remote Radio Head)によって通信サービスを提供することもできる。「セル」又は「セクタ」という用語は、このカバレッジにおいて通信サービスを行う基地局及び基地局サブシステムの少なくとも一方のカバレッジエリアの一部又は全体を指す。 The base station can accommodate one or more (for example, three) cells. When a base station accommodates multiple cells, the entire coverage area of the base station can be divided into multiple smaller areas, each smaller area being a base station subsystem (eg, a small indoor base station (RRH:)). Communication services can also be provided by Remote Radio Head). The term "cell" or "sector" refers to part or all of the coverage area of at least one of the base stations and base station subsystems that provide communication services in this coverage. Point to.
 本開示においては、「移動局(MS:Mobile Station)」、「ユーザ端末(user terminal)」、「ユーザ装置(UE:User Equipment)」、「端末」などの用語は、互換的に使用され得る。 In the present disclosure, terms such as "mobile station (MS: Mobile Station)", "user terminal", "user device (UE: User Equipment)", and "terminal" may be used interchangeably. ..
 移動局は、当業者によって、加入者局、モバイルユニット、加入者ユニット、ワイヤレスユニット、リモートユニット、モバイルデバイス、ワイヤレスデバイス、ワイヤレス通信デバイス、リモートデバイス、モバイル加入者局、アクセス端末、モバイル端末、ワイヤレス端末、リモート端末、ハンドセット、ユーザエージェント、モバイルクライアント、クライアント、又はいくつかの他の適切な用語で呼ばれる場合もある。 Mobile stations can be used by those skilled in the art as subscriber stations, mobile units, subscriber units, wireless units, remote units, mobile devices, wireless devices, wireless communication devices, remote devices, mobile subscriber stations, access terminals, mobile terminals, wireless. It may also be referred to as a terminal, remote terminal, handset, user agent, mobile client, client, or some other suitable term.
 基地局及び移動局の少なくとも一方は、送信装置、受信装置、通信装置などと呼ばれてもよい。なお、基地局及び移動局の少なくとも一方は、移動体に搭載されたデバイス、移動体自体などであってもよい。当該移動体は、乗り物(例えば、車、飛行機など)であってもよいし、無人で動く移動体(例えば、ドローン、自動運転車など)であってもよいし、ロボット(有人型又は無人型)であってもよい。なお、基地局及び移動局の少なくとも一方は、必ずしも通信動作時に移動しない装置も含む。例えば、基地局及び移動局の少なくとも一方は、センサなどのIoT(Internet of Things)機器であってもよい。 At least one of the base station and the mobile station may be called a transmitting device, a receiving device, a communication device, or the like. At least one of the base station and the mobile station may be a device mounted on the mobile body, the mobile body itself, or the like. The moving body may be a vehicle (for example, a car, an airplane, etc.), an unmanned moving body (for example, a drone, an autonomous vehicle, etc.), or a robot (manned or unmanned type). ) May be. It should be noted that at least one of the base station and the mobile station includes a device that does not necessarily move during communication operation. For example, at least one of the base station and the mobile station may be an IoT (Internet of Things) device such as a sensor.
 また、本開示における基地局は、ユーザ端末で読み替えてもよい。例えば、基地局及びユーザ端末間の通信を、複数のユーザ端末間の通信(例えば、D2D(Device-to-Device)、V2X(Vehicle-to-Everything)などと呼ばれてもよい)に置き換えた構成について、本開示の各態様/実施形態を適用してもよい。この場合、上述の基地局20が有する機能を端末10が有する構成としてもよい。また、「上り」及び「下り」などの文言は、端末間通信に対応する文言(例えば、「サイド(side)」)で読み替えられてもよい。例えば、上りチャネル、下りチャネルなどは、サイドチャネルで読み替えられてもよい。同様に、本開示におけるユーザ端末は、基地局で読み替えてもよい。この場合、上述の端末10が有する機能を基地局20が有する構成としてもよい。 Further, the base station in the present disclosure may be read by the user terminal. For example, communication between a base station and a user terminal has been replaced with communication between a plurality of user terminals (for example, it may be referred to as D2D (Device-to-Device), V2X (Vehicle-to-Everything), etc.). Each aspect / embodiment of the present disclosure may be applied to the configuration. In this case, the terminal 10 may have the function of the base station 20 described above. In addition, words such as "up" and "down" may be read as words corresponding to communication between terminals (for example, "side"). For example, the upstream channel, the downstream channel, and the like may be read as a side channel. Similarly, the user terminal in the present disclosure may be read as a base station. In this case, the base station 20 may have the functions of the terminal 10 described above.
 「接続された(connected)」、「結合された(coupled)」という用語、又はこれらのあらゆる変形は、2又はそれ以上の要素間の直接的又は間接的なあらゆる接続又は結合を意味し、互いに「接続」又は「結合」された2つの要素間に1又はそれ以上の中間要素が存在することを含むことができる。要素間の結合又は接続は、物理的なものであっても、論理的なものであっても、或いはこれらの組み合わせであってもよい。例えば、「接続」は「アクセス」で読み替えられてもよい。本開示で使用する場合、2つの要素は、1又はそれ以上の電線、ケーブル及びプリント電気接続の少なくとも一つを用いて、並びにいくつかの非限定的かつ非包括的な例として、無線周波数領域、マイクロ波領域及び光(可視及び不可視の両方)領域の波長を有する電磁エネルギーなどを用いて、互いに「接続」又は「結合」されると考えることができる。 The terms "connected", "coupled", or any variation thereof, mean any direct or indirect connection or connection between two or more elements, and each other. It can include the presence of one or more intermediate elements between two "connected" or "combined" elements. The connections or connections between the elements may be physical, logical, or a combination thereof. For example, "connection" may be read as "access". As used in the present disclosure, the two elements use at least one of one or more wires, cables and printed electrical connections, and, as some non-limiting and non-comprehensive examples, the radio frequency domain. Can be considered to be "connected" or "coupled" to each other using electromagnetic energy having wavelengths in the microwave and light (both visible and invisible) regions.
 参照信号は、RS(Reference Signal)と略称することもでき、適用される標準によってパイロット(Pilot)と呼ばれてもよい。 The reference signal can also be abbreviated as RS (Reference Signal), and may be called a pilot depending on the applicable standard.
 本開示において使用する「に基づいて」という記載は、別段に明記されていない限り、「のみに基づいて」を意味しない。言い換えれば、「に基づいて」という記載は、「のみに基づいて」と「に少なくとも基づいて」の両方を意味する。 The phrase "based on" as used in this disclosure does not mean "based on" unless otherwise stated. In other words, the statement "based on" means both "based only" and "at least based on".
 本開示において、「含む(include)」、「含んでいる(including)」及びそれらの変形が使用されている場合、これらの用語は、用語「備える(comprising)」と同様に、包括的であることが意図される。さらに、本開示において使用されている用語「又は(or)」は、排他的論理和ではないことが意図される。 When used in the present disclosure are "include," "include," and variants thereof, these terms are as comprehensive as the term "comprising." Is intended. Furthermore, the term "or" used in the present disclosure is intended not to be an exclusive OR.
 本開示において、例えば、英語でのa、an及びtheのように、翻訳により冠詞が追加された場合、本開示は、これらの冠詞の後に続く名詞が複数形であることを含んでもよい。 In the present disclosure, if articles are added by translation, for example, a, an and the in English, the disclosure may include that the nouns following these articles are plural.
 本開示において、「AとBが異なる」という用語は、「AとBが互いに異なる」ことを意味してもよい。なお、当該用語は、「AとBがそれぞれCと異なる」ことを意味してもよい。「離れる」、「結合される」などの用語も、「異なる」と同様に解釈されてもよい。 In the present disclosure, the term "A and B are different" may mean "A and B are different from each other". The term may mean that "A and B are different from C". Terms such as "separate" and "combined" may be interpreted in the same way as "different".
 以上、本発明について詳細に説明したが、当業者にとっては、本発明が本明細書中に説明した実施形態に限定されるものではないということは明らかである。本発明は、特許請求の範囲の記載により定まる本発明の趣旨及び範囲を逸脱することなく修正及び変更態様として実施することができる。したがって、本明細書の記載は、例示説明を目的とするものであり、本発明に対して何ら制限的な意味を有するものではない。 Although the present invention has been described in detail above, it is clear to those skilled in the art that the present invention is not limited to the embodiments described in the present specification. The present invention can be implemented as modifications and modifications without departing from the spirit and scope of the invention as defined by the claims. Therefore, the description of the present specification is for the purpose of exemplification and does not have any limiting meaning to the present invention.
10 端末
110 送信部
120 受信部
130 制御部
20 基地局
210 送信部
220 受信部
230 制御部
1001 プロセッサ
1002 メモリ
1003 ストレージ
1004 通信装置
1005 入力装置
1006 出力装置 10 Terminal 110 Transmitter 120 Receiver 130 Control 20 Base station 210 Transmitter 220 Receiver 230 Control 1001 Processor 1002 Memory 1003 Storage 1004 Communication device 1005 Input device 1006 Output device

Claims (6)

  1.  基地局に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化する制御部と、
     前記暗号化された1又は複数のパケットを前記ベアラで前記基地局に対して送信する送信部と、
     を備え、
     前記制御部は、前記1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動する、
     端末。     A bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or more packets, and the divided one or more data units are divided. When transmitting packets sequentially, maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units. A key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters. And a control unit that encrypts the one or more packets,
    A transmitter that transmits the encrypted one or more packets to the base station by the bearer.
    With
    In the control unit, the specific count value assigned to the data unit to be transmitted first among the one or more data units is the data to be transmitted first among the one or more data units. When it is detected that it is applied to a data unit other than the unit, the reconnection procedure regarding the connection with the base station is started.
    Terminal.
  2.  1又は複数のデータユニットのうちの各データユニットが1又は複数のパケットに分割されてあるベアラにおいて基地局から逐次送信される場合において、前記基地局から前記ベアラにおいて送信される1又は複数のデータユニットのうちの各データユニットを受信する受信部と、
     前記受信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを受信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを復号する制御部と、
     を備え、
     前記制御部は、前記1又は複数のデータユニットのうち、最初に受信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に受信されるデータユニット以外のデータユニットの受信に適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動する、
     端末。     When each data unit of one or a plurality of data units is sequentially transmitted from a base station in a bearer divided into one or a plurality of packets, one or a plurality of data transmitted from the base station in the bearer. A receiver that receives each data unit of the units,
    When maintaining a count value that sequentially counts the number of received data units and receiving one or more packets corresponding to each data unit among the one or a plurality of data units, the one or a plurality of packets are received. A key stream calculated by a specific algorithm is applied to a packet using at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters, and the one or more of the packets are applied. A control unit that decodes packets and
    With
    In the control unit, the specific count value assigned to the first received data unit among the one or more data units is the first received data among the one or more data units. When it is detected that it is applied to the reception of a data unit other than the unit, the reconnection procedure regarding the connection with the base station is activated.
    Terminal.
  3.  前記制御部は、前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニットに対して割り当てられた前記特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外の前記データユニットに適用されることを検出し、かつ前記基地局が暗号鍵の更新手順を起動しない場合に、前記基地局との間の前記接続に関する前記再接続手順を起動する、
     請求項1に記載の端末。     The control unit transmits the specific count value assigned to the first transmitted data unit of the one or more data units to the first of the one or more data units. When it is detected that the data unit is applied to the data unit other than the data unit and the base station does not activate the encryption key update procedure, the reconnection procedure regarding the connection with the base station is activated. ,
    The terminal according to claim 1.
  4.  前記制御部は、前記基地局から前記接続に関する再接続を指示する信号を受信した場合に、前記暗号鍵を更新する、
     請求項1又は2に記載の端末。     When the control unit receives a signal from the base station instructing reconnection regarding the connection, the control unit updates the encryption key.
    The terminal according to claim 1 or 2.
  5.  前記制御部は、前記カウント値が、最大値又は最小値に達した場合に、前記再接続手順を起動する、
     請求項1又は2に記載の端末。     The control unit activates the reconnection procedure when the count value reaches the maximum value or the minimum value.
    The terminal according to claim 1 or 2.
  6.  基地局に1又は複数のデータユニットを送信するためのベアラを設定し、前記1又は複数のデータユニットのうちの各データユニットを1又は複数のパケットに分割し、前記分割された1又は複数のパケットを逐次送信する場合において、送信されるデータユニットの数を逐次カウントするカウント値を維持し、前記1又は複数のデータユニットのうちの各データユニットに対応する1又は複数のパケットを送信する際に、当該1又は複数のパケットに対して、少なくとも前記ベアラの識別子、当該データユニットに対応する前記カウント値、及び特定の暗号鍵を入力パラメータとして、特定のアルゴリズムにより算出されるキーストリームを適用して、当該1又は複数のパケットを暗号化するステップと、
     前記暗号化された1又は複数のパケットを前記ベアラで前記基地局に対して送信するステップと、
     前記1又は複数のデータユニットのうち、最初に送信されるデータユニットに対して割り当てられた特定のカウント値が前記1又は複数のデータユニットのうち、前記最初に送信されるデータユニット以外のデータユニットに適用されることを検出した場合に、前記基地局との間の接続に関する再接続手順を起動するステップ、
     を備える端末による通信方法。     A bearer for transmitting one or more data units is set in the base station, each data unit of the one or more data units is divided into one or more packets, and the divided one or more data units are divided. When transmitting packets sequentially, maintaining a count value that sequentially counts the number of data units to be transmitted, and transmitting one or more packets corresponding to each data unit among the one or a plurality of data units. A key stream calculated by a specific algorithm is applied to the one or more packets with at least the bearer's identifier, the count value corresponding to the data unit, and a specific encryption key as input parameters. And the step of encrypting the one or more packets,
    The step of transmitting the encrypted one or more packets to the base station by the bearer, and
    Of the one or more data units, the specific count value assigned to the first transmitted data unit is the data unit other than the first transmitted data unit of the one or more data units. The step of invoking the reconnection procedure for the connection with the base station when it is detected that it applies to
    Communication method by a terminal equipped with.
PCT/JP2020/013116 2020-03-24 2020-03-24 Terminal and communication method WO2021192059A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/013116 WO2021192059A1 (en) 2020-03-24 2020-03-24 Terminal and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/013116 WO2021192059A1 (en) 2020-03-24 2020-03-24 Terminal and communication method

Publications (1)

Publication Number Publication Date
WO2021192059A1 true WO2021192059A1 (en) 2021-09-30

Family

ID=77891176

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/013116 WO2021192059A1 (en) 2020-03-24 2020-03-24 Terminal and communication method

Country Status (1)

Country Link
WO (1) WO2021192059A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230116090A1 (en) * 2021-10-07 2023-04-13 Qualcomm Incorporated Techniques for parameter usage tracking for encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003525556A (en) * 2000-03-01 2003-08-26 ノキア コーポレイション Radio frame specific counter initialization
US20100202618A1 (en) * 2007-09-28 2010-08-12 Huawei Technologies Co., Ltd. Method and apparatus for updating key in an active state
JP2014526808A (en) * 2011-09-22 2014-10-06 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Method and apparatus for local access mobile terminal connection control and management
JP2016504776A (en) * 2013-01-17 2016-02-12 日本電気株式会社 Secure communication in cellular systems with separate user and control planes
JP2017515365A (en) * 2014-03-31 2017-06-08 アルカテル−ルーセント Liberation of bearers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003525556A (en) * 2000-03-01 2003-08-26 ノキア コーポレイション Radio frame specific counter initialization
US20100202618A1 (en) * 2007-09-28 2010-08-12 Huawei Technologies Co., Ltd. Method and apparatus for updating key in an active state
JP2014526808A (en) * 2011-09-22 2014-10-06 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Method and apparatus for local access mobile terminal connection control and management
JP2016504776A (en) * 2013-01-17 2016-02-12 日本電気株式会社 Secure communication in cellular systems with separate user and control planes
JP2017515365A (en) * 2014-03-31 2017-06-08 アルカテル−ルーセント Liberation of bearers

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230116090A1 (en) * 2021-10-07 2023-04-13 Qualcomm Incorporated Techniques for parameter usage tracking for encryption
US11792643B2 (en) * 2021-10-07 2023-10-17 Qualcomm Incorporated Techniques for parameter usage tracking for encryption

Similar Documents

Publication Publication Date Title
US10492214B2 (en) Communication of security key information
US10820240B2 (en) Communication system
JP7217270B2 (en) Header format in wireless communication
US20180013685A1 (en) Method for packet data convergence protocol count synchronization
US20190215693A1 (en) Service-based access stratum (as) security configuration
TW201815124A (en) Access stratum security for efficient packet processing
JP6633745B2 (en) Node for use in a communication network and method for operating it
US10812973B2 (en) System and method for communicating with provisioned security protection
EP3293910B1 (en) Device and method of handling cellular-wlan aggregation after handover
WO2015148434A1 (en) Apparatus, system and method of securing communications of a user equipment (ue) in a wireless local area network
WO2019158117A1 (en) System and method for providing security in a wireless communications system with user plane separation
CN112399489A (en) Cell switching method and user equipment
CN115428494A (en) Peer-to-peer link security setup for relay connections to a mobile network
WO2022151917A1 (en) Message processing method and apparatus, terminal, and network side device
WO2021192059A1 (en) Terminal and communication method
WO2020090072A1 (en) User equipment and base station apparatus
WO2022252867A1 (en) Communication method and communication apparatus
WO2023125914A1 (en) Coordination method and device for service transmission

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20926785

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20926785

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP