WO2022089314A1 - Data processing method and apparatus - Google Patents

Data processing method and apparatus Download PDF

Info

Publication number
WO2022089314A1
WO2022089314A1 PCT/CN2021/125668 CN2021125668W WO2022089314A1 WO 2022089314 A1 WO2022089314 A1 WO 2022089314A1 CN 2021125668 W CN2021125668 W CN 2021125668W WO 2022089314 A1 WO2022089314 A1 WO 2022089314A1
Authority
WO
WIPO (PCT)
Prior art keywords
integrity protection
indication information
pdu session
network device
terminal device
Prior art date
Application number
PCT/CN2021/125668
Other languages
French (fr)
Chinese (zh)
Inventor
朱春晖
Original Assignee
展讯半导体(南京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 展讯半导体(南京)有限公司 filed Critical 展讯半导体(南京)有限公司
Publication of WO2022089314A1 publication Critical patent/WO2022089314A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the embodiments of the present application relate to the field of communications technologies, and in particular, to a data processing method and apparatus.
  • Integrity is a necessary technical means to ensure that information or data is not tampered with by unauthorized devices or can be quickly discovered after tampering.
  • the receiver when the receiver receives the data sent by the sender, it can also receive the security parameters sent by the sender, and then the receiver calculates its own security parameters. When the two are equal, it indicates that the integrity protection is successful. The information data has not been tampered with. When the receiver finds that the two are not equal, it considers that the integrity protection fails and discards the corresponding data received.
  • the above solution can find the data packets with problems, but the subsequently received data packets may still be tampered with, and the security risk is relatively high.
  • Embodiments of the present application provide a data processing method and apparatus, so as to reduce the security risk of data transmission.
  • an embodiment of the present application provides a data processing method, including:
  • the terminal device After the integrity protection fails, the terminal device sends first indication information to the first network device, where the first indication information indicates that the integrity protection fails;
  • the terminal device receives a PDU session deactivation instruction from the first network device, and deactivates the PDU session according to the PDU session deactivation instruction.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs
  • the cell deregistration request includes the first indication information
  • the first indication information indicates that all PDU integrity protection fails
  • the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
  • the method further includes:
  • the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection fails. register again.
  • the integrity protection failure is a partial PDU integrity protection failure
  • sending the first indication information to the first network device includes:
  • the partial PDU session deactivation request includes the first indication information
  • the first indication information indicates that the integrity protection of the partial PDU fails
  • the partial PDU The session deactivation request is used for requesting the first network device to deactivate the PDU session that fails the integrity protection.
  • the method further includes:
  • the terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the method further includes:
  • the PDU session re-establishment response the PDU whose integrity protection fails is re-established.
  • the method further includes:
  • the method further includes:
  • sending a cell deregistration request to the first network device includes:
  • the cell de-registration request is sent to the first network device.
  • sending a partial PDU session deactivation request to the first network device includes:
  • the partial PDU session deactivation request is sent to the first network device.
  • an embodiment of the present application provides a data processing method, including:
  • the first network device receives first indication information from the terminal device, where the first indication information indicates that the integrity protection fails;
  • the first network device sends a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; receiving the first indication information from the terminal device includes:
  • a cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
  • the method further includes:
  • a cell registration request is received from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
  • the integrity protection failure is a partial PDU integrity protection failure; receiving the first indication information from the terminal device includes:
  • a partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
  • the method further includes:
  • a PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the method further includes:
  • a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
  • the method further includes:
  • the method further includes:
  • an embodiment of the present application provides a data processing apparatus, including:
  • a sending module configured to send first indication information to the first network device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
  • a receiving module configured to receive a PDU session deactivation instruction from the first network device, and deactivate the PDU session according to the PDU session deactivation instruction.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; the sending module is specifically configured to:
  • the cell deregistration request includes the first indication information
  • the first indication information indicates that all PDU integrity protection fails
  • the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
  • the sending module is further configured to:
  • the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection failure. register again.
  • the integrity protection failure is a partial PDU integrity protection failure; the sending module is specifically configured to:
  • the partial PDU session deactivation request includes the first indication information
  • the first indication information indicates that the integrity protection of the partial PDU fails
  • the partial PDU The session deactivation request is used to request the first network device to deactivate the PDU session for which the integrity protection fails.
  • the sending module is further configured to:
  • the terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the receiving module is further configured to:
  • the PDU session re-establishment response the PDU whose integrity protection fails is re-established.
  • the receiving module is further configured to:
  • the receiving module is further configured to:
  • the sending module is specifically used for:
  • the cell de-registration request is sent to the first network device.
  • the sending module is specifically used for:
  • the partial PDU session deactivation request is sent to the first network device.
  • an embodiment of the present application provides a data processing device, including:
  • a receiving module configured to receive first indication information from the terminal device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
  • a sending module configured to send a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; the receiving module is specifically configured to:
  • a cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
  • the receiving module is further configured to:
  • the cell registration request is used to request the terminal device to establish a connection with a second cell
  • the cell registration request includes second indication information
  • the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
  • the integrity protection failure is a partial PDU integrity protection failure; the receiving module is specifically configured to:
  • a partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
  • the receiving module is further configured to:
  • a PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the sending module is further configured to:
  • a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
  • the receiving module is further configured to:
  • the sending module is further configured to:
  • an embodiment of the present application provides a terminal device, including:
  • a processor configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of the first aspects.
  • an embodiment of the present application provides a network device, including:
  • a processor configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of the second aspects.
  • embodiments of the present application provide a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute the data processing method according to any one of the first to second aspects.
  • the terminal device after the integrity protection fails, the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and stops the session according to the PDU. Deactivate the PDU session with an instruction to deactivate the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDUs that fail the integrity protection, so as to avoid the data that fails to be integrity protection still be received in the subsequent data transmission process, reducing the need for Security risks during data transmission.
  • FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a data processing method provided by an embodiment of the present application.
  • FIG. 3 is a signaling diagram 1 of a data processing solution provided by an embodiment of the present application.
  • FIG. 4 is a signaling diagram 2 of the data processing solution provided by the embodiment of the present application.
  • FIG. 5 is a signaling diagram 3 of the data processing solution provided by the embodiment of the present application.
  • FIG. 6 is a signaling diagram 4 of the data processing solution provided by the embodiment of the present application.
  • FIG. 7 is a signaling diagram 5 of the data processing solution provided by the embodiment of the present application.
  • FIG. 8 is a signaling diagram 6 of the data processing solution provided by the embodiment of the present application.
  • FIG. 9 is a schematic flowchart of a data processing method provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram 1 of a data processing apparatus provided by an embodiment of the present application.
  • FIG. 11 is a second schematic structural diagram of a data processing apparatus provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a terminal device provided by an embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • Terminal equipment usually with wireless transceiver function, terminal equipment can be deployed on land, including indoor or outdoor, handheld, wearable or vehicle; can also be deployed on water (such as ships, etc.); can also be deployed in the air (such as aircraft, balloons, etc.) and satellites, etc.).
  • the terminal device may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with wireless transceiver function, a virtual reality (VR) terminal device, an augmented reality (AR) terminal device, industrial Wireless terminals in industrial control, in-vehicle terminal equipment, wireless terminals in self driving, wireless terminal equipment in remote medical, wireless terminal equipment in smart grid, Wireless terminal equipment in transportation safety, wireless terminal equipment in smart city, wireless terminal equipment in smart home, wearable terminal equipment, etc.
  • VR virtual reality
  • AR augmented reality
  • the terminal equipment involved in the embodiments of this application may also be referred to as terminal, user equipment (UE), access terminal equipment, vehicle-mounted terminal, industrial control terminal, UE unit, UE station, mobile station, mobile station, and remote station , remote terminal equipment, mobile equipment, UE terminal equipment, wireless communication equipment, UE proxy or UE device, etc.
  • Terminal devices can also be stationary or mobile.
  • Network device usually has a wireless transceiver function, and the network device may have mobile characteristics, for example, the network device may be a mobile device.
  • the network device may be a satellite or a balloon station.
  • the satellite may be a low earth orbit (LEO) satellite, a medium earth orbit (MEO) satellite, a geostationary earth orbit (GEO) satellite, a High Elliptical Orbit (HEO) ) satellite etc.
  • the network device may also be a base station located on land, water, etc.
  • the network device may be a next generation NodeB (gNB) or a next generation-evolved NodeB (ng-eNB) .
  • gNB next generation NodeB
  • ng-eNB next generation-evolved NodeB
  • the gNB provides the user plane function and control plane function of the new radio interface (NR) for the UE
  • the ng-eNB provides the user plane of the evolved universal terrestrial radio access (E-UTRA) for the UE.
  • Function and control plane function it should be noted that gNB and ng-eNB are only a name, which is used to indicate the base station supporting the 5G network system, and has no limiting significance.
  • the network device may also be a base station (base transceiver station, BTS) in a GSM system or a CDMA system, a base station (nodeB, NB) in a WCDMA system, or an evolutional node B (evolutional node B) in an LTE system, eNB or eNodeB).
  • BTS base transceiver station
  • NB base station
  • WCDMA WCDMA
  • evolutional node B evolutional node B
  • the network device may also be a relay station, an access point, a vehicle-mounted device, a wearable device, and a network-side device in a network after 5G or a network device in a future evolved PLMN network, a roadside site unit (RSU) )Wait.
  • RSU roadside site unit
  • Integrity protection is a necessary technical means to ensure that information or data is not tampered with without authorization or can be quickly discovered after tampering.
  • the integrity protection algorithm of the air interface is the same as the confidentiality protection algorithm, but the parameters are different from the calculation process.
  • the length of the security parameter required for integrity protection is 32 bits (4 bytes).
  • the receiver receives the security parameters sent by the sender, and the receiver calculates its own security parameters. If the two are equal, the surface integrity protection is successful, and the information data has not been tampered with.
  • PDCP Packet Data Convergence Protocol, Packet Data Convergence Protocol.
  • NAS Non-access stratum, non-access stratum.
  • PDU Packet Data Unit, packet data unit.
  • UPIP User Plane Integrity Protection, user plane integrity protection.
  • gNB gNodeB, base station.
  • AMF Access and Mobility Function, access and mobility function.
  • SMF Session Management Function, session management function.
  • UPF User Plane Function, user plane function.
  • FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application, as shown in FIG. 1 , including a terminal device 11 and a network device 12 .
  • Data transmission and interaction can be performed between the terminal device 11 and the network device 12.
  • the terminal device 11 can act as a receiver to receive data sent by the network device 12.
  • the network device 12 is the sender.
  • the terminal device 11 can also act as a sender to send data to the network device 12, and at this time, the network device acts as a receiver.
  • the terminal device 11 Take the terminal device 11 as the receiver and the network device 12 as the sender as an example for description.
  • the terminal device 11 receives the data and can also receive the security parameters sent by the network device 12 .
  • the terminal device 11 also calculates its own security parameters.
  • the own security parameters calculated by the terminal device 11 are equal to the security parameters received from the network device 12, it indicates that the integrity protection of the data is successful, the data has not been tampered with, and can be successfully received.
  • the solution adopted is to directly discard the tampered data. This processing method only finds problematic data, and the subsequent data still has a tampered request. This processing solution cannot solve the situation that the subsequent data may still be tampered with, and the security risk of data transmission still exists.
  • a reason for the failure of integrity protection is that the network device 12 connected to the terminal device 11 is a pseudo base station, so the data received by the terminal device 11 is tampered data. After the terminal device 11 detects that the data sent by the pseudo base station has been tampered with, if the data is directly discarded, the subsequent pseudo base station will still send the tampered data to the terminal device 11, and the security risk of data transmission still exists. Therefore, directly discarding the data cannot fundamentally solve the problem of integrity protection failure.
  • the embodiments of the present application provide a data processing method to reduce the security risk of data transmission.
  • FIG. 2 is a schematic flowchart of a data processing method provided by an embodiment of the present application. As shown in FIG. 2 , the method may include:
  • the terminal device After the integrity protection fails, the terminal device sends first indication information to the first network device, where the first indication information indicates that the integrity protection fails.
  • the terminal device may be a receiver of data, or may be a sender of data. If the terminal device is the receiver of the data, the terminal device can receive data from the network device and receive security parameters from the first network device at the same time, and then judge whether the integrity is protected according to the security parameters sent by the first network device and its own security parameters. fail. If the terminal device is the sender of the data and the first network device is the receiver of the data, after receiving the data sent by the terminal device, the first network device determines whether the integrity protection fails, and informs the terminal device of the result of the integrity protection .
  • the terminal device After the integrity protection fails, the terminal device sends first indication information to the first network device, indicating that the integrity protection fails.
  • the terminal device receives a PDU session deactivation instruction from the first network device, and deactivates the PDU session according to the PDU session deactivation instruction.
  • the first network device can learn that the integrity protection fails.
  • the integrity protection failure may be that the terminal device detects that the integrity protection of the data sent by the first network device fails. , it may also be that the first network device detects that the integrity protection of the data sent by the terminal device fails.
  • the first network device will send a PDU session deactivation instruction to the terminal device, and after receiving the PDU session deactivation instruction, the terminal device deactivates the PDU session, that is, performs a PDU deactivation operation.
  • the terminal device can deactivate all PDU sessions, that is, perform deactivation operations on all PDUs.
  • the terminal device may only deactivate the part of the PDU sessions whose integrity protection fails, that is, perform a deactivation operation on some PDUs.
  • the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and according to the PDU session deactivation instruction Deactivate the PDU session and perform a deactivation operation on the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDU that fails the integrity protection, so as to avoid the data that fails to be integrity protection still be received in the subsequent data transmission process. Security risks during data transmission.
  • Integrity protection failure including all PDU integrity protection failures and partial PDU integrity protection failures.
  • the terminal device may send a cell de-registration request to the first network device, and the cell de-registration request includes first indication information indicating that all PDU integrity protection fails.
  • the cell de-registration request is used to request to disconnect from the first cell, where the first cell is the cell to which the terminal device initially connects. After the terminal device is disconnected from the first cell and performs the deregistration operation, all PDU sessions are deactivated, that is, the deactivation operation is performed on all PDUs.
  • cell reselection and re-registration may be performed.
  • the terminal device may send a cell registration request to the first network device, establish a connection with the second cell, and perform a re-registration operation.
  • the cell registration request may include second indication information, indicating that the cell registration request is re-registration after integrity protection failure.
  • the terminal device may send a partial PDU session deactivation request to the first network device, and the partial PDU session deactivation request may include first indication information indicating the partial PDU integrity Protection failed.
  • the terminal device may deactivate the partial PDU sessions whose integrity protection fails, that is, perform a deactivation operation on the PDUs whose integrity protection fails.
  • the user can also control the terminal device to perform PDU session reconstruction according to actual needs.
  • the terminal device may send a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, indicating that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the third indication information may indicate that the PDU session re-establishment request is the re-establishment after the integrity protection of all PDU sessions fails.
  • the third indication information may indicate that the PDU session re-establishment request is for the re-establishment of the PDU session whose partial integrity protection has failed.
  • the terminal device may initiate the above process after detecting the integrity protection failure, or the first network device may instruct the terminal device to initiate the above process after detecting the integrity protection failure.
  • the data transmission direction is the downlink data direction from the first network device to the terminal device
  • the terminal device needs to notify the NAS layer after detecting that the PDCP integrity protection fails, and the NAS layer initiates cell deregistration or PDU session deactivation.
  • the data transmission direction is the uplink data direction from the terminal device to the first network device, after the first network device detects that the PDCP integrity protection fails, it needs to notify the terminal device or the second network device, and the terminal device or the second network device initiates Cell deregistration or PDU session deactivation
  • the detection process may be that when the first network device sends data to the terminal device, it also sends the first security parameter to the network device.
  • the terminal device receives the first security parameter from the first network device, and calculates its own second security parameter. When the first security parameter is different from the second security parameter, it is determined that the integrity protection of the terminal device fails.
  • the first network device may send fourth indication information to the terminal device, and the terminal device learns that the integrity protection of the first network device fails after receiving the fourth indication information from the first network device .
  • the integrity protection failure of the first network device may be a partial PDU integrity protection failure, or a complete PDU integrity protection failure.
  • the terminal device may initiate the process of reestablishing the partial PDU session.
  • the terminal device may initiate cell de-registration, cell reselection, and cell re-registration procedures.
  • the first network device may also notify the AMF, and the AMF controls the terminal device to perform the above operations.
  • the first network device may notify the second network device, the second network device sends a cell deregistration instruction to the terminal device, and the terminal device sends a cell deregistration instruction to the terminal device according to the cell deregistration instruction.
  • the first network device sends a cell de-registration request, and performs a cell de-registration operation.
  • the first network device may notify the second network device, the second network device sends a PDU session deactivation instruction to the terminal device, and the terminal device receives the instruction from the second network device
  • the PDU session deactivation instruction and according to the PDU session deactivation instruction, a partial PDU session deactivation request is sent to the first network device, and a partial PDU session deactivation operation is performed.
  • both the UE and the gNB may be the receiver or the sender of data, the following will describe in detail an example where the UE and the gNB are the receiver or the sender respectively.
  • UE represents the terminal device
  • gNB represents the first network device
  • AMF/SMF/UPF represents the second network device.
  • the UE is used as the receiver of data and the gNB is used as the sender of data as an example to be described with reference to FIG. 3 and FIG. 4 .
  • Fig. 3 is a signaling diagram 1 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the receiver, the gNB acts as the sender, and the UE detects that all PDU sessions have failed integrity protection, such as As shown in Figure 3, including:
  • the UE sends a cell de-registration request to the gNB.
  • the cell de-registration request may include first indication information, where the first indication information indicates that integrity protection failure has occurred in all PDU sessions of the UE.
  • the gNB sends a cell de-registration request to the AMF.
  • the gNB After receiving the cell de-registration request sent by the UE, the gNB forwards the cell de-registration request to the AMF.
  • the AMF sends a PDU session deactivation request to the SMF/UPF.
  • the AMF After receiving the cell de-registration request, the AMF can learn that the integrity protection failure has occurred in all PDU sessions of the UE according to the first indication information.
  • the AMF sends a PDU session deactivation request to the SMF/UPF, requesting that all PDUs be deactivated.
  • the SMF/UPF sends a PDU session deactivation response to the AMF.
  • the UE can deactivate all PDU sessions, that is, perform deactivation operations on all PDUs.
  • the AMF sends a cell de-registration response to the gNB.
  • the gNB sends a cell de-registration response to the UE.
  • the UE performs cell deregistration.
  • the UE After receiving the cell de-registration response, the UE can perform the cell de-registration operation and start cell reselection.
  • the UE initiates cell reselection, and reselects to access a new cell.
  • the UE initiates cell re-registration.
  • the UE may send a cell registration request to the gNB, for example, may register with the second cell and establish a connection with the second cell.
  • the reason for re-registering the cell may be carried in the cell registration request.
  • the second indication information may be carried in the cell registration request, indicating that the cell registration request is re-registration after integrity protection failure.
  • the UE initiates PDU session re-establishment.
  • the UE may initiate PDU session re-establishment. Specifically, the UE may send a PDU session re-establishment request to the gNB to re-establish all PDU sessions.
  • the reason for the PDU session re-establishment may be carried in the PDU session re-establishment request.
  • the third indication information may be carried in the PDU session re-establishment request, indicating that the PDU session re-establishment request is the re-establishment after the integrity protection failure.
  • Fig. 4 is the signaling diagram 2 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the receiver, the gNB acts as the sender, and the UE detects that some PDU sessions have failed integrity protection, as shown in the figure 4, including:
  • the UE sends a partial PDU session deactivation request to the gNB.
  • the gNB sends a partial PDU session deactivation request to the AMF.
  • the AMF sends a partial PDU session deactivation request to the SMF/UPF.
  • the SMF/UPF sends a partial PDU session deactivation response to the AMF.
  • the partial PDU session deactivation request includes first indication information, indicating that the partial PDU integrity protection fails.
  • the AMF sends a partial PDU session deactivation response to the gNB.
  • the PDU session whose integrity protection fails may be deactivated, that is, a deactivation operation is performed on the PDU whose integrity protection fails.
  • the UE initiates partial PDU session re-establishment.
  • the UE may be controlled by the user to initiate partial PDU session re-establishment according to actual needs. Specifically, the UE may send a PDU session re-establishment request to the gNB to re-establish part of the PDU session.
  • the reason for the PDU session re-establishment may be carried in the PDU session re-establishment request.
  • the third indication information may be carried in the PDU session re-establishment request, indicating that the PDU session re-establishment request is the re-establishment after the integrity protection fails.
  • Fig. 5 is the signaling diagram 3 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails in all PDU sessions, as shown in the figure 5, including:
  • the gNB sends fourth indication information to the UE.
  • the gNB is the uplink data direction in which the UE sends data to the gNB.
  • the gNB may send fourth indication information to the UE, indicating that the gNB detects that the integrity protection fails.
  • the UE receives fourth indication information.
  • the UE After receiving the fourth indication information, the UE learns that the integrity protection failure has occurred in all PDU sessions.
  • the UE performs a cell de-registration operation.
  • the UE may initiate a cell de-registration operation. For specific steps, reference may be made to the embodiment illustrated in FIG. 3 , which will not be repeated here.
  • FIG. 6 is the signaling diagram 4 of the data processing scheme provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails in all PDU sessions, as shown in the figure 6, including:
  • the gNB sends fourth indication information to the AMF.
  • the gNB After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB can send a fourth indication message to the AMF in addition to sending the fourth indication message to the UE to notify the AMF that the integrity of all PDU sessions has occurred. Protection failed.
  • the AMF receives the fourth indication information.
  • the AMF learns that the integrity protection failure has occurred in all PDU sessions.
  • the AMF sends a cell de-registration instruction to the UE.
  • the AMF sends a cell de-registration instruction to the UE, instructing the UE to perform the de-registration operation.
  • the UE receives a cell de-registration instruction.
  • the UE performs a cell de-registration operation.
  • the UE After receiving the cell de-registration instruction, the UE sends a cell de-registration request to the gNB according to the cell de-registration instruction, and performs the cell de-registration operation.
  • the UE After receiving the cell de-registration instruction, the UE sends a cell de-registration request to the gNB according to the cell de-registration instruction, and performs the cell de-registration operation.
  • the UE After receiving the cell de-registration instruction, the UE sends a cell de-registration request to the gNB according to the cell de-registration instruction, and performs the cell de-registration operation.
  • FIG. 3 For specific steps, reference may be made to the embodiment illustrated in FIG. 3 , which will not be repeated here.
  • Fig. 7 is a signaling diagram 5 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that some PDU sessions have failed integrity protection, as shown in Fig. 7 shown, including:
  • the gNB sends fourth indication information to the UE.
  • the gNB is the uplink data direction in which the UE sends data to the gNB.
  • the gNB may send fourth indication information to the UE, indicating that the gNB detects that the integrity protection fails.
  • the UE receives fourth indication information.
  • the UE After receiving the fourth indication information, the UE learns that the integrity protection failure occurs in some PDU sessions.
  • the UE performs a partial PDU session deactivation operation.
  • the UE may initiate a partial PDU session deactivation operation after learning that the integrity protection failure occurs in all of the PDU sessions. For specific steps, reference may be made to the embodiment illustrated in FIG. 4 , which will not be repeated here.
  • Fig. 8 is the signaling diagram 6 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails for some PDU sessions, as shown in Fig. 8 shown, including:
  • the gNB sends fourth indication information to the AMF.
  • the gNB After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB can send the fourth indication message to the UE, and the gNB can also choose to send the fourth indication message to the AMF to notify the AMF that the integrity of some PDU sessions has occurred. Protection failed.
  • the AMF receives the fourth indication information.
  • the AMF learns that integrity protection failures occur in some PDU sessions.
  • the AMF sends a PDU session deactivation instruction to the UE.
  • the AMF sends a PDU session deactivation instruction to the UE, instructing the UE to perform a PDU session deactivation operation for integrity protection failure.
  • the UE receives the PDU session deactivation instruction.
  • the UE performs a PDU session deactivation operation.
  • the UE After receiving the PDU session deactivation instruction, the UE sends a partial PDU session deactivation request to the gNB according to the PDU session deactivation instruction, and performs a partial PDU session deactivation operation.
  • a partial PDU session deactivation request to the gNB according to the PDU session deactivation instruction, and performs a partial PDU session deactivation operation.
  • FIG. 9 is a schematic flowchart of a data processing method provided by an embodiment of the present application. As shown in FIG. 9 , the method may include:
  • the first network device receives first indication information from the terminal device, where the first indication information indicates that the integrity protection fails;
  • the first network device sends a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; receiving the first indication information from the terminal device includes:
  • a cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
  • the method further includes:
  • the cell registration request is used to request the terminal device to establish a connection with a second cell
  • the cell registration request includes second indication information
  • the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
  • the integrity protection failure is a partial PDU integrity protection failure; receiving the first indication information from the terminal device includes:
  • the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Used to request deactivation of integrity protection for failed PDU sessions.
  • the method further includes:
  • a PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the method further includes:
  • a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
  • the method further includes:
  • the method further includes:
  • the solution illustrated in FIG. 9 corresponds to the execution steps on the first network device side corresponding to the solution illustrated in FIG. 2 .
  • the solution illustrated in FIG. 9 corresponds to the execution steps on the first network device side corresponding to the solution illustrated in FIG. 2 .
  • the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and stops the session according to the PDU. Deactivate the PDU session with an instruction to deactivate the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDU that fails the integrity protection, so as to prevent the data of which the integrity protection fails to be still received in the subsequent data transmission process. At the same time, if all PDU session integrity protection fails, cell de-registration and cell reselection can also be performed to avoid connecting to the original problematic cell.
  • the terminal device can also initiate PDU connection re-establishment, and by carrying the indication information in the PDU connection re-establishment to indicate that the PDU is re-established after the integrity protection fails, the network device can know the reason for the PDU re-establishment and take corresponding security measures to reduce the risk of PDU re-establishment. Security risks during data transmission.
  • FIG. 10 is a schematic structural diagram 1 of a data processing apparatus provided by an embodiment of the present application. As shown in FIG. 10 , the data processing apparatus 100 includes:
  • a sending module 101 configured to send first indication information to a first network device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
  • the receiving module 102 is configured to receive a PDU session deactivation instruction from the first network device, and deactivate the PDU session according to the PDU session deactivation instruction.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; the sending module 101 is specifically configured to:
  • the cell deregistration request includes the first indication information
  • the first indication information indicates that all PDU integrity protection fails
  • the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
  • the sending module 101 is further configured to:
  • the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection failure. register again.
  • the integrity protection failure is a partial PDU integrity protection failure; the sending module 101 is specifically configured to:
  • the partial PDU session deactivation request includes the first indication information
  • the first indication information indicates that the integrity protection of the partial PDU fails
  • the partial PDU The session deactivation request is used to request the first network device to deactivate the PDU session for which the integrity protection fails.
  • the sending module 101 is further configured to:
  • the terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after an integrity protection failure.
  • the receiving module 102 is further configured to:
  • the PDU session re-establishment response the PDU whose integrity protection fails is re-established.
  • the receiving module 102 is further configured to:
  • the receiving module 102 is further configured to:
  • the sending module 101 is specifically configured to:
  • the cell de-registration request is sent to the first network device.
  • the sending module 101 is specifically configured to:
  • the partial PDU session deactivation request is sent to the first network device.
  • the data processing apparatus provided in the embodiment of the present application is used to execute the above method embodiments, and the implementation principle and technical effect thereof are similar, and details are not described herein again in this embodiment.
  • FIG. 11 is a second schematic structural diagram of a data processing apparatus provided by an embodiment of the present application. As shown in FIG. 10 , the data processing apparatus 110 includes:
  • a receiving module 111 configured to receive first indication information from the terminal device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
  • the sending module 112 is configured to send a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  • the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  • the integrity protection failure is an integrity protection failure of all PDUs; the receiving module 111 is specifically configured to:
  • a cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
  • the receiving module 111 is further configured to:
  • a cell registration request is received from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
  • the integrity protection failure is a partial PDU integrity protection failure; the receiving module 111 is specifically configured to:
  • a partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
  • the receiving module 111 is further configured to:
  • a PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  • the sending module 112 is further configured to:
  • a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
  • the receiving module 111 is further configured to:
  • the sending module 112 is further configured to:
  • the data processing apparatus provided in the embodiment of the present application is used to execute the above method embodiments, and the implementation principle and technical effect thereof are similar, and details are not described herein again in this embodiment.
  • FIG. 12 is a schematic structural diagram of a terminal device provided by an embodiment of the present application.
  • the terminal device 120 may include: a transceiver 121 , a memory 122 , and a processor 123 .
  • the transceiver 121 may include: a transmitter and/or a receiver.
  • the transmitter may also be referred to as a transmitter, transmitter, transmit port, or transmit interface, or the like, and the receiver may be referred to as a receiver, receiver, receive port, or receive interface, or the like.
  • the transceiver 121 , the memory 122 , and the processor 123 are connected to each other through the bus 124 .
  • memory 122 for storing program instructions
  • the processor 123 is configured to execute the program instructions stored in the memory, so as to make the terminal device 120 execute any of the data processing methods shown above.
  • the receiver of the transceiver 121 may be used to perform the receiving function of the terminal device in the above data processing method.
  • FIG. 13 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • the network device 130 may include: a transceiver 131 , a memory 132 , and a processor 133 .
  • the transceiver 131 may include: a transmitter and/or a receiver.
  • the transmitter may also be referred to as a transmitter, transmitter, transmit port, or transmit interface, or the like, and the receiver may be referred to as a receiver, receiver, receive port, or receive interface, or the like.
  • the transceiver 131 , the memory 132 , and the processor 133 are connected to each other through the bus 134 .
  • memory 132 for storing program instructions
  • the processor 133 is configured to execute the program instructions stored in the memory, so as to make the terminal device 130 execute any of the data processing methods shown above.
  • the receiver of the transceiver 131 may be used to perform the receiving function of the network device in the above data processing method.
  • Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement the above data processing method.
  • Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement the above data processing method.
  • Embodiments of the present application may further provide a computer program product, which can be executed by a processor, and when the computer program product is executed, can implement any of the data processing methods performed by the terminal device shown above.
  • the data transmission device, the computer-readable storage medium, and the computer program product of the embodiments of the present application can execute the data processing method executed by the terminal device or the network device.
  • the specific implementation process and beneficial effects thereof are referred to above, and are not repeated here.
  • the disclosed system, apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the aforementioned computer program may be stored in a computer-readable storage medium.
  • the computer program When the computer program is executed by the processor, it implements the steps including the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other mediums that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided in the embodiments of the present application are a data processing method and apparatus. The method comprises: after integrity protection fails, a terminal device sends first indication information to a first network device, and the first indication information indicates that the integrity protection fails; the terminal device receives a PDU session deactivation instruction from the first network device, and according to the PDU session deactivation instruction, deactivates the PDU session. The method reduces the security risk of data transmission.

Description

数据处理方法及装置Data processing method and device
本申请要求于2020年10月28日提交中国专利局、申请号为202011173738.X、申请名称为“数据处理方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202011173738.X and the application name "Data Processing Method and Apparatus" filed with the China Patent Office on October 28, 2020, the entire contents of which are incorporated into this application by reference .
技术领域technical field
本申请实施例涉及通信技术领域,尤其涉及一种数据处理方法及装置。The embodiments of the present application relate to the field of communications technologies, and in particular, to a data processing method and apparatus.
背景技术Background technique
完整性是确保信息或数据不被未授权的设备篡改或者在篡改后能够迅速发现的必要技术手段。Integrity is a necessary technical means to ensure that information or data is not tampered with by unauthorized devices or can be quickly discovered after tampering.
目前在通信系统演进中,当接收方接收发送方发送的数据时,还能接收发送方发来的安全参数,然后接收方计算自身的安全参数,在两者相等时,表明完整性保护成功,该信息数据未被篡改。当接收方发现两者不相等时,认为完整性保护失败,并将接收到的相应的数据丢弃。At present, in the evolution of communication systems, when the receiver receives the data sent by the sender, it can also receive the security parameters sent by the sender, and then the receiver calculates its own security parameters. When the two are equal, it indicates that the integrity protection is successful. The information data has not been tampered with. When the receiver finds that the two are not equal, it considers that the integrity protection fails and discards the corresponding data received.
上述方案能够发现存在问题的数据包,但是后续接收的数据包仍然存在可能被篡改的情况,安全风险较大。The above solution can find the data packets with problems, but the subsequently received data packets may still be tampered with, and the security risk is relatively high.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供一种数据处理方法及装置,以降低数据传输的安全风险。Embodiments of the present application provide a data processing method and apparatus, so as to reduce the security risk of data transmission.
第一方面,本申请实施例提供一种数据处理方法,包括:In a first aspect, an embodiment of the present application provides a data processing method, including:
在完整性保护失败后,所述终端设备向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败;After the integrity protection fails, the terminal device sends first indication information to the first network device, where the first indication information indicates that the integrity protection fails;
所述终端设备从所述第一网络设备接收PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。The terminal device receives a PDU session deactivation instruction from the first network device, and deactivates the PDU session according to the PDU session deactivation instruction.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;向第一网络设备发送第一指示信息,包括:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; sending the first indication information to the first network device includes:
向所述第一网络设备发送小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求与第一小区断开连接,并请求所述第一网络设备停用全部PDU会话。Send a cell deregistration request to the first network device, where the cell deregistration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
向所述第一网络设备发送小区注册请求,与第二小区建立连接,所述小区注册请 求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。Send a cell registration request to the first network device to establish a connection with the second cell, the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection fails. register again.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;向第一网络设备发送第一指示信息,包括:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; sending the first indication information to the first network device includes:
向所述第一网络设备发送部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求所述第一网络设备停用完整性保护失败的PDU会话。Sending a partial PDU session deactivation request to the first network device, where the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the integrity protection of the partial PDU fails, and the partial PDU The session deactivation request is used for requesting the first network device to deactivate the PDU session that fails the integrity protection.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
终端设备向所述第一网络设备发送PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。The terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述第一网络设备接收PDU会话重建响应;receiving a PDU session re-establishment response from the first network device;
根据所述PDU会话重建响应,重建所述完整性保护失败的PDU。According to the PDU session re-establishment response, the PDU whose integrity protection fails is re-established.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述第一网络设备接收第一安全参数;receiving a first security parameter from the first network device;
在所述第一安全参数与所述终端设备的第二安全参数不同时,确定所述完整性保护失败。When the first security parameter is different from the second security parameter of the terminal device, it is determined that the integrity protection fails.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述第一网络设备接收第四指示信息;receiving fourth indication information from the first network device;
根据所述第四指示信息确定所述完整性保护失败。It is determined according to the fourth indication information that the integrity protection fails.
在一种可能的实施方式中,向所述第一网络设备发送小区去注册请求,包括:In a possible implementation manner, sending a cell deregistration request to the first network device includes:
从第二网络设备接收小区去注册指令;receiving a cell de-registration instruction from the second network device;
根据所述小区去注册指令,向所述第一网络设备发送所述小区去注册请求。According to the cell de-registration instruction, the cell de-registration request is sent to the first network device.
在一种可能的实施方式中,向所述第一网络设备发送部分PDU会话停用请求,包括:In a possible implementation manner, sending a partial PDU session deactivation request to the first network device includes:
从第二网络设备接收PDU会话停用指令;receiving a PDU session deactivation instruction from the second network device;
根据所述PDU会话停用指令,向所述第一网络设备发送所述部分PDU会话停用请求。According to the PDU session deactivation instruction, the partial PDU session deactivation request is sent to the first network device.
第二方面,本申请实施例提供一种数据处理方法,包括:In a second aspect, an embodiment of the present application provides a data processing method, including:
在完整性保护失败后,第一网络设备从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;After the integrity protection fails, the first network device receives first indication information from the terminal device, where the first indication information indicates that the integrity protection fails;
所述第一网络设备根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。The first network device sends a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;从终端设备接收第一指示信息,包括:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; receiving the first indication information from the terminal device includes:
从所述终端设备接收小区去注册请求,所述小区去注册请求中包括所述第一指示 信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求所述终端设备与第一小区断开连接,以及停用全部PDU会话。A cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收小区注册请求,所述小区注册请求用于请求所述终端设备与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。A cell registration request is received from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;从终端设备接收第一指示信息,包括:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; receiving the first indication information from the terminal device includes:
从所述终端设备接收部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求停用完整性保护失败的PDU会话。A partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。A PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
根据所述PDU会话重建请求,向所述终端设备发送PDU会话重建响应,所述PDU会话重建响应指示所述终端设备重建所述完整性保护失败的PDU。According to the PDU session re-establishment request, a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收第二安全参数;receiving a second security parameter from the terminal device;
在所述第二安全参数与所述第一网络设备的第一安全参数不同时,确定所述完整性保护失败。When the second security parameter is different from the first security parameter of the first network device, it is determined that the integrity protection fails.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
向所述终端设备,或者,第二网络设备,发送第四指示信息,所述第四指示所述完整性保护失败。Send fourth indication information to the terminal device, or the second network device, where the fourth indication indicates that the integrity protection fails.
第三方面,本申请实施例提供一种数据处理装置,包括:In a third aspect, an embodiment of the present application provides a data processing apparatus, including:
发送模块,用于在完整性保护失败后,向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败;a sending module, configured to send first indication information to the first network device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
接收模块,用于从所述第一网络设备接收PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。A receiving module, configured to receive a PDU session deactivation instruction from the first network device, and deactivate the PDU session according to the PDU session deactivation instruction.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;所述发送模块具体用于:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; the sending module is specifically configured to:
向所述第一网络设备发送小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求与第一小区断开连接,并请求所述第一网络设备停用全部PDU会话。Send a cell deregistration request to the first network device, where the cell deregistration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
在一种可能的实施方式中,所述发送模块还用于:In a possible implementation manner, the sending module is further configured to:
向所述第一网络设备发送小区注册请求,与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败 后的重新注册。Send a cell registration request to the first network device to establish a connection with the second cell, the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection failure. register again.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;所述发送模块具体用于:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; the sending module is specifically configured to:
向所述第一网络设备发送部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求第一网络设备停用完整性保护失败的PDU会话。Sending a partial PDU session deactivation request to the first network device, where the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the integrity protection of the partial PDU fails, and the partial PDU The session deactivation request is used to request the first network device to deactivate the PDU session for which the integrity protection fails.
在一种可能的实施方式中,所述发送模块还用于:In a possible implementation manner, the sending module is further configured to:
终端设备向所述第一网络设备发送PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。The terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述第一网络设备接收PDU会话重建响应;receiving a PDU session re-establishment response from the first network device;
根据所述PDU会话重建响应,重建所述完整性保护失败的PDU。According to the PDU session re-establishment response, the PDU whose integrity protection fails is re-established.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述第一网络设备接收第一安全参数;receiving a first security parameter from the first network device;
在所述第一安全参数与所述终端设备的第二安全参数不同时,确定所述终端设备的完整性保护失败。When the first security parameter is different from the second security parameter of the terminal device, it is determined that the integrity protection of the terminal device fails.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述第一网络设备接收第四指示信息;receiving fourth indication information from the first network device;
根据所述第四指示信息确定所述终端设备的完整性保护失败。It is determined according to the fourth indication information that the integrity protection of the terminal device fails.
在一种可能的实施方式中,所述发送模块具体用于:In a possible implementation manner, the sending module is specifically used for:
从第二网络设备接收小区去注册指令;receiving a cell de-registration instruction from the second network device;
根据所述小区去注册指令,向所述第一网络设备发送所述小区去注册请求。According to the cell de-registration instruction, the cell de-registration request is sent to the first network device.
在一种可能的实施方式中,所述发送模块具体用于:In a possible implementation manner, the sending module is specifically used for:
从第二网络设备接收PDU会话停用指令;receiving a PDU session deactivation instruction from the second network device;
根据所述PDU会话停用指令,向所述第一网络设备发送所述部分PDU会话停用请求。According to the PDU session deactivation instruction, the partial PDU session deactivation request is sent to the first network device.
第四方面,本申请实施例提供一种数据处理装置,包括:In a fourth aspect, an embodiment of the present application provides a data processing device, including:
接收模块,用于在完整性保护失败后,从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;a receiving module, configured to receive first indication information from the terminal device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
发送模块,用于根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。A sending module, configured to send a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;所述接收模块具体用于:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; the receiving module is specifically configured to:
从所述终端设备接收小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求所述终端设备与第一小区断开连接,以及停用全部PDU会话。A cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述终端设备接收小区注册请求,所述小区注册请求用于请求所述终端设备与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。Receive a cell registration request from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;所述接收模块具体用于:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; the receiving module is specifically configured to:
从所述终端设备接收部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求停用完整性保护失败的PDU会话。A partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述终端设备接收PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。A PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述发送模块还用于:In a possible implementation manner, the sending module is further configured to:
根据所述PDU会话重建请求,向所述终端设备发送PDU会话重建响应,所述PDU会话重建响应指示所述终端设备重建所述完整性保护失败的PDU。According to the PDU session re-establishment request, a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
在一种可能的实施方式中,所述接收模块还用于:In a possible implementation manner, the receiving module is further configured to:
从所述终端设备接收第二安全参数;receiving a second security parameter from the terminal device;
在所述第二安全参数与所述第一网络设备的第一安全参数不同时,确定所述完整性保护失败。When the second security parameter is different from the first security parameter of the first network device, it is determined that the integrity protection fails.
在一种可能的实施方式中,所述发送模块还用于:In a possible implementation manner, the sending module is further configured to:
向所述终端设备,或者,第二网络设备,发送第四指示信息,所述第四指示所述完整性保护失败。Send fourth indication information to the terminal device, or the second network device, where the fourth indication indicates that the integrity protection fails.
第五方面,本申请实施例提供一种终端设备,包括:In a fifth aspect, an embodiment of the present application provides a terminal device, including:
存储器,用于存储程序;memory for storing programs;
处理器,用于执行所述存储器存储的所述程序,当所述程序被执行时,所述处理器用于执行如第一方面中任一所述的数据处理方法。a processor, configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of the first aspects.
第六方面,本申请实施例提供一种网络设备,包括:In a sixth aspect, an embodiment of the present application provides a network device, including:
存储器,用于存储程序;memory for storing programs;
处理器,用于执行所述存储器存储的所述程序,当所述程序被执行时,所述处理器用于执行如第二方面中任一所述的数据处理方法。a processor, configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of the second aspects.
第七方面,本申请实施例提供一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行如第一方面至第二方面中任一所述的数据处理方法。In a seventh aspect, embodiments of the present application provide a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute the data processing method according to any one of the first to second aspects.
本申请实施例提供的数据处理方法及装置,在完整性保护失败后,终端设备向第一网络设备发送第一指示信息,然后从第一网络设备接收PDU会话停用指令,根据该PDU会话停用指令停用PDU会话,对PDU执行去活操作。因此在后续的数据传输过程中,终端设备和第一网络设备之间将停止通过完整性保护失败的PDU进行数据传输,避免后续的数据传输过程中仍然接收到完整性保护失败的数据,降低了数据传输过程中的安全风险。In the data processing method and device provided by the embodiments of the present application, after the integrity protection fails, the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and stops the session according to the PDU. Deactivate the PDU session with an instruction to deactivate the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDUs that fail the integrity protection, so as to avoid the data that fails to be integrity protection still be received in the subsequent data transmission process, reducing the need for Security risks during data transmission.
附图说明Description of drawings
图1为本申请实施例提供的一种应用场景示意图;1 is a schematic diagram of an application scenario provided by an embodiment of the present application;
图2为本申请实施例提供的数据处理方法的流程示意图;2 is a schematic flowchart of a data processing method provided by an embodiment of the present application;
图3为本申请实施例提供的数据处理方案的信令图一;FIG. 3 is a signaling diagram 1 of a data processing solution provided by an embodiment of the present application;
图4为本申请实施例提供的数据处理方案的信令图二;FIG. 4 is a signaling diagram 2 of the data processing solution provided by the embodiment of the present application;
图5为本申请实施例提供的数据处理方案的信令图三;FIG. 5 is a signaling diagram 3 of the data processing solution provided by the embodiment of the present application;
图6为本申请实施例提供的数据处理方案的信令图四;FIG. 6 is a signaling diagram 4 of the data processing solution provided by the embodiment of the present application;
图7为本申请实施例提供的数据处理方案的信令图五;FIG. 7 is a signaling diagram 5 of the data processing solution provided by the embodiment of the present application;
图8为本申请实施例提供的数据处理方案的信令图六;FIG. 8 is a signaling diagram 6 of the data processing solution provided by the embodiment of the present application;
图9为本申请实施例提供的数据处理方法的流程示意图;9 is a schematic flowchart of a data processing method provided by an embodiment of the present application;
图10为本申请实施例提供的数据处理装置的结构示意图一;FIG. 10 is a schematic structural diagram 1 of a data processing apparatus provided by an embodiment of the present application;
图11为本申请实施例提供的数据处理装置的结构示意图二;FIG. 11 is a second schematic structural diagram of a data processing apparatus provided by an embodiment of the present application;
图12为本申请实施例提供的终端设备的结构示意图;FIG. 12 is a schematic structural diagram of a terminal device provided by an embodiment of the present application;
图13为本申请实施例提供的网络设备的结构示意图。FIG. 13 is a schematic structural diagram of a network device provided by an embodiment of the present application.
具体实施方式Detailed ways
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of this application.
为了便于理解,首先,对本申请所涉及的概念进行说明。In order to facilitate understanding, first, the concepts involved in the present application will be described.
终端设备:通常具有无线收发功能,终端设备可以部署在陆地上,包括室内或室外、手持、穿戴或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。所述终端设备可以是手机(mobile phone)、平板电脑(Pad)、带无线收发功能的电脑、虚拟现实(virtual reality,简称VR)终端设备、增强现实(augmented reality,简称AR)终端设备、工业控制(industrial control)中的无线终端、车载终端设备、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端设备、智能电网(smart grid)中的无线终端设备、运输安全(transportation safety)中的无线终端设备、智慧城市(smart city)中的无线终端设备、智慧家庭(smart home)中的无线终端设备、可穿戴终端设备等。本申请实施例所涉及的终端设备还可以称为终端、用户设备(user equipment,UE)、接入终端设备、车载终端、工业控制终端、UE单元、UE站、移动站、移动台、远方站、远程终端设备、移动设备、UE终端设备、无线通信设备、UE代理或UE装置等。终端设备也可以是固定的或者移动的。Terminal equipment: usually with wireless transceiver function, terminal equipment can be deployed on land, including indoor or outdoor, handheld, wearable or vehicle; can also be deployed on water (such as ships, etc.); can also be deployed in the air (such as aircraft, balloons, etc.) and satellites, etc.). The terminal device may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with wireless transceiver function, a virtual reality (VR) terminal device, an augmented reality (AR) terminal device, industrial Wireless terminals in industrial control, in-vehicle terminal equipment, wireless terminals in self driving, wireless terminal equipment in remote medical, wireless terminal equipment in smart grid, Wireless terminal equipment in transportation safety, wireless terminal equipment in smart city, wireless terminal equipment in smart home, wearable terminal equipment, etc. The terminal equipment involved in the embodiments of this application may also be referred to as terminal, user equipment (UE), access terminal equipment, vehicle-mounted terminal, industrial control terminal, UE unit, UE station, mobile station, mobile station, and remote station , remote terminal equipment, mobile equipment, UE terminal equipment, wireless communication equipment, UE proxy or UE device, etc. Terminal devices can also be stationary or mobile.
网络设备:通常具有无线收发功能,网络设备可以具有移动特性,例如,网络设备可以为移动的设备。可选的,网络设备可以为卫星、气球站。例如,卫星可以为低地球轨道(low earth orbit,LEO)卫星、中地球轨道(medium earth orbit,MEO)卫星、地球同步轨道(geostationary earth orbit,GEO)卫星、高椭圆轨道(High Elliptical  Orbit,HEO)卫星等。当然,网络设备还可以为设置在陆地、水域等位置的基站,例如,网络设备可以是下一代基站(next generation NodeB,gNB)或者下一代演进型基站(next generation-evolved NodeB,ng-eNB)。其中,gNB为UE提供新空口(new radio,NR)的用户面功能和控制面功能,ng-eNB为UE提供演进型通用陆地无线接入(evolved universal terrestrial radio access,E-UTRA)的用户面功能和控制面功能,需要说明的是,gNB和ng-eNB仅是一种名称,用于表示支持5G网络系统的基站,并不具有限制意义。网络设备还可以为GSM系统或CDMA系统中的基站(base transceiver station,BTS),也可以是WCDMA系统中的基站(nodeB,NB),还可以是LTE系统中的演进型基站(evolutional node B,eNB或eNodeB)。或者,网络设备还可以为中继站、接入点、车载设备、可穿戴设备以及5G之后的网络中的网络侧设备或未来演进的PLMN网络中的网络设备、路边站点单元(road site unit,RSU)等。Network device: usually has a wireless transceiver function, and the network device may have mobile characteristics, for example, the network device may be a mobile device. Optionally, the network device may be a satellite or a balloon station. For example, the satellite may be a low earth orbit (LEO) satellite, a medium earth orbit (MEO) satellite, a geostationary earth orbit (GEO) satellite, a High Elliptical Orbit (HEO) ) satellite etc. Of course, the network device may also be a base station located on land, water, etc. For example, the network device may be a next generation NodeB (gNB) or a next generation-evolved NodeB (ng-eNB) . Among them, the gNB provides the user plane function and control plane function of the new radio interface (NR) for the UE, and the ng-eNB provides the user plane of the evolved universal terrestrial radio access (E-UTRA) for the UE. Function and control plane function, it should be noted that gNB and ng-eNB are only a name, which is used to indicate the base station supporting the 5G network system, and has no limiting significance. The network device may also be a base station (base transceiver station, BTS) in a GSM system or a CDMA system, a base station (nodeB, NB) in a WCDMA system, or an evolutional node B (evolutional node B) in an LTE system, eNB or eNodeB). Alternatively, the network device may also be a relay station, an access point, a vehicle-mounted device, a wearable device, and a network-side device in a network after 5G or a network device in a future evolved PLMN network, a roadside site unit (RSU) )Wait.
完整性保护:完整性是确保信息或数据不被未授权的篡改或在篡改后能够被迅速发现的必要技术手段。在通信系统演进的过程中,空口的完整性保护算法与机密性保护算法相同,但参数与计算流程不同,完整性保护所需要增加的安全参数长度为32bit(4字节),正常情况下,接收方接收发送方发来的安全参数,接收方计算自身的安全参数,如果两者相等,表面完整性保护成功,该信息数据未被篡改。Integrity protection: Integrity is a necessary technical means to ensure that information or data is not tampered with without authorization or can be quickly discovered after tampering. During the evolution of the communication system, the integrity protection algorithm of the air interface is the same as the confidentiality protection algorithm, but the parameters are different from the calculation process. The length of the security parameter required for integrity protection is 32 bits (4 bytes). The receiver receives the security parameters sent by the sender, and the receiver calculates its own security parameters. If the two are equal, the surface integrity protection is successful, and the information data has not been tampered with.
PDCP:Packet Data Convergence Protocol,分组数据汇聚协议。PDCP: Packet Data Convergence Protocol, Packet Data Convergence Protocol.
NAS:Non-access stratum,非接入层。NAS: Non-access stratum, non-access stratum.
PDU:Packet Data Unit,分组数据单元。PDU: Packet Data Unit, packet data unit.
UPIP:User Plane Integrity Protection,用户面完整性保护。UPIP: User Plane Integrity Protection, user plane integrity protection.
gNB:gNodeB,基站。gNB: gNodeB, base station.
AMF:Access and Mobility Function,接入和移动性功能。AMF: Access and Mobility Function, access and mobility function.
SMF:Session Management Function,会话管理功能。SMF: Session Management Function, session management function.
UPF:User Plane Function,用户面功能。UPF: User Plane Function, user plane function.
图1为本申请实施例提供的一种应用场景示意图,如图1所示,包括终端设备11和网络设备12。终端设备11和网络设备12之间可以进行数据传输和交互,终端设备11可以作为接收方,接收网络设备12发送的数据,此时网络设备12为发送方。终端设备11也可以作为发送方,向网络设备12发送数据,此时网络设备作为接收方。FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application, as shown in FIG. 1 , including a terminal device 11 and a network device 12 . Data transmission and interaction can be performed between the terminal device 11 and the network device 12. The terminal device 11 can act as a receiver to receive data sent by the network device 12. At this time, the network device 12 is the sender. The terminal device 11 can also act as a sender to send data to the network device 12, and at this time, the network device acts as a receiver.
以终端设备11作为接收方、网络设备12作为发送方为例说明。当网络设备12向终端设备11发送数据时,终端设备11接收该数据,同时能够接收到网络设备12发送的安全参数。此时,终端设备11还会计算自身的安全参数。当终端设备11计算得到的自身的安全参数与从网络设备12处接收的安全参数相等时,表明该数据的完整性保护成功,该数据未被篡改,可以成功接收。Take the terminal device 11 as the receiver and the network device 12 as the sender as an example for description. When the network device 12 sends data to the terminal device 11 , the terminal device 11 receives the data and can also receive the security parameters sent by the network device 12 . At this time, the terminal device 11 also calculates its own security parameters. When the own security parameters calculated by the terminal device 11 are equal to the security parameters received from the network device 12, it indicates that the integrity protection of the data is successful, the data has not been tampered with, and can be successfully received.
但是,当终端设备11计算得到的自身的安全参数与从网络设备12处接收的安全参数不相等时,表明该数据被篡改,此时完整性保护失败。目前,针对完整性保护失败的情形,采取的方案是直接将篡改了的数据进行丢弃。这种处理方式仅仅是发现了有问题的数据,后续的数据仍然存在被篡改的请求,该处理方案并不能解决后续的数据仍然可能被篡改的情况,数据传输的安全风险依旧存在。However, when the security parameters calculated by the terminal device 11 are not equal to the security parameters received from the network device 12, it indicates that the data has been tampered with, and the integrity protection fails at this time. At present, in view of the failure of integrity protection, the solution adopted is to directly discard the tampered data. This processing method only finds problematic data, and the subsequent data still has a tampered request. This processing solution cannot solve the situation that the subsequent data may still be tampered with, and the security risk of data transmission still exists.
例如,一种完整性保护失败的原因为,终端设备11连接的网络设备12为一个伪基 站,因此终端设备11收到的数据为被篡改的数据。终端设备11在检测到该伪基站发送的数据被篡改后,如果直接将该数据丢弃,后续伪基站仍然会向终端设备11发送被篡改了的数据,其数据传输的安全风险仍然存在。因此直接将数据丢弃,并不能从根本上解决完整性保护失败的问题。For example, a reason for the failure of integrity protection is that the network device 12 connected to the terminal device 11 is a pseudo base station, so the data received by the terminal device 11 is tampered data. After the terminal device 11 detects that the data sent by the pseudo base station has been tampered with, if the data is directly discarded, the subsequent pseudo base station will still send the tampered data to the terminal device 11, and the security risk of data transmission still exists. Therefore, directly discarding the data cannot fundamentally solve the problem of integrity protection failure.
为解决该问题,本申请实施例提供一种数据处理方法,降低数据传输的安全风险。To solve this problem, the embodiments of the present application provide a data processing method to reduce the security risk of data transmission.
图2为本申请实施例提供的数据处理方法的流程示意图,如图2所示,该方法可以包括:FIG. 2 is a schematic flowchart of a data processing method provided by an embodiment of the present application. As shown in FIG. 2 , the method may include:
S21,在完整性保护失败后,所述终端设备向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败。S21. After the integrity protection fails, the terminal device sends first indication information to the first network device, where the first indication information indicates that the integrity protection fails.
本申请实施例中,终端设备可以是数据的接收方,也可以是数据的发送方。若终端设备为数据的接收方,则终端设备可以从网络设备接收数据,同时从第一网络设备接收安全参数,然后根据第一网络设备发送的安全参数和自身的安全参数,判断完整性保护是否失败。若终端设备为数据的发送方,第一网络设备为数据的接收方,则第一网络设备在接收终端设备发送的数据后,判断完整性保护是否失败,并向终端设备告知完整性保护的结果。In this embodiment of the present application, the terminal device may be a receiver of data, or may be a sender of data. If the terminal device is the receiver of the data, the terminal device can receive data from the network device and receive security parameters from the first network device at the same time, and then judge whether the integrity is protected according to the security parameters sent by the first network device and its own security parameters. fail. If the terminal device is the sender of the data and the first network device is the receiver of the data, after receiving the data sent by the terminal device, the first network device determines whether the integrity protection fails, and informs the terminal device of the result of the integrity protection .
当完整性保护失败后,终端设备向第一网络设备发送第一指示信息,指示完整性保护失败。After the integrity protection fails, the terminal device sends first indication information to the first network device, indicating that the integrity protection fails.
S22,所述终端设备从所述第一网络设备接收PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。S22, the terminal device receives a PDU session deactivation instruction from the first network device, and deactivates the PDU session according to the PDU session deactivation instruction.
当终端设备向第一网络设备发送了第一指示信息后,第一网络设备能够获知完整性保护失败,该完整性保护失败可能是终端设备检测到第一网络设备发送的数据的完整性保护失败,也可能是第一网络设备检测到终端设备发送的数据的完整性保护失败。After the terminal device sends the first indication information to the first network device, the first network device can learn that the integrity protection fails. The integrity protection failure may be that the terminal device detects that the integrity protection of the data sent by the first network device fails. , it may also be that the first network device detects that the integrity protection of the data sent by the terminal device fails.
第一网络设备会向终端设备发送PDU会话停用指令,终端设备接收到PDU会话停用指令后,停用PDU会话,即进行PDU去活操作。The first network device will send a PDU session deactivation instruction to the terminal device, and after receiving the PDU session deactivation instruction, the terminal device deactivates the PDU session, that is, performs a PDU deactivation operation.
当所有的PDU会话均发生完整性保护失败时,终端设备可以对所有的PDU会话进行停用,即对所有的PDU进行去活操作。当只有部分PDU会话发生完整性保护失败时,终端设备可以只对完整性保护失败的部分PDU会话进行停用,即对部分PDU进行去活操作。When the integrity protection failure of all PDU sessions occurs, the terminal device can deactivate all PDU sessions, that is, perform deactivation operations on all PDUs. When integrity protection failure occurs in only some of the PDU sessions, the terminal device may only deactivate the part of the PDU sessions whose integrity protection fails, that is, perform a deactivation operation on some PDUs.
本申请实施例提供的数据处理方法,在完整性保护失败后,终端设备向第一网络设备发送第一指示信息,然后从第一网络设备接收PDU会话停用指令,根据该PDU会话停用指令停用PDU会话,对PDU执行去活操作。因此在后续的数据传输过程中,终端设备和第一网络设备之间将停止通过完整性保护失败的PDU进行数据传输,避免后续的数据传输过程中仍然接收到完整性保护失败的数据,降低了数据传输过程中的安全风险。In the data processing method provided by the embodiment of the present application, after the integrity protection fails, the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and according to the PDU session deactivation instruction Deactivate the PDU session and perform a deactivation operation on the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDU that fails the integrity protection, so as to avoid the data that fails to be integrity protection still be received in the subsequent data transmission process. Security risks during data transmission.
完整性保护失败,包括全部PDU完整性保护失败和部分PDU完整性保护失败。Integrity protection failure, including all PDU integrity protection failures and partial PDU integrity protection failures.
当完整性保护失败为全部PDU完整性保护失败时,终端设备可以向第一网络设备发送小区去注册请求,在小区去注册请求中包括第一指示信息,指示全部PDU完整性保护失败。小区去注册请求用于请求与第一小区断开连接,第一小区为终端设备初始连接的小区。在终端设备与第一小区断开连接、执行去注册操作之后,对所有的PDU 会话停用,即对所有的PDU执行去活操作。When the integrity protection failure is all PDU integrity protection failure, the terminal device may send a cell de-registration request to the first network device, and the cell de-registration request includes first indication information indicating that all PDU integrity protection fails. The cell de-registration request is used to request to disconnect from the first cell, where the first cell is the cell to which the terminal device initially connects. After the terminal device is disconnected from the first cell and performs the deregistration operation, all PDU sessions are deactivated, that is, the deactivation operation is performed on all PDUs.
在终端设备执行去注册之后,可以进行小区重选和重新注册。例如,终端设备可以向第一网络设备发送小区注册请求,与第二小区建立连接,执行重新注册操作。在小区注册请求中可以包括第二指示信息,指示小区注册请求为完整性保护失败后的重新注册。After the terminal device performs de-registration, cell reselection and re-registration may be performed. For example, the terminal device may send a cell registration request to the first network device, establish a connection with the second cell, and perform a re-registration operation. The cell registration request may include second indication information, indicating that the cell registration request is re-registration after integrity protection failure.
当完整性保护失败为部分PDU完整性保护失败时,终端设备可以向第一网络设备发送部分PDU会话停用请求,在部分PDU会话停用请求中可以包括第一指示信息,指示部分PDU完整性保护失败。终端设备可以对完整性保护失败的部分PDU会话停用,即对完整性保护失败的PDU执行去活操作。When the integrity protection failure is a partial PDU integrity protection failure, the terminal device may send a partial PDU session deactivation request to the first network device, and the partial PDU session deactivation request may include first indication information indicating the partial PDU integrity Protection failed. The terminal device may deactivate the partial PDU sessions whose integrity protection fails, that is, perform a deactivation operation on the PDUs whose integrity protection fails.
可选的,用户也可以根据实际需要,控制终端设备进行PDU会话重建。例如,终端设备可以向第一网络设备发送PDU会话重建请求,PDU会话重建请求中包括第三指示信息,指示PDU会话重建请求为完整性保护失败后的重建。Optionally, the user can also control the terminal device to perform PDU session reconstruction according to actual needs. For example, the terminal device may send a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, indicating that the PDU session re-establishment request is a re-establishment after integrity protection failure.
可选的,当全部PDU完整性保护失败时,第三指示信息可以指示PDU会话重建请求为针对全部的PDU会话的完整性保护失败后的重建。当部分PDU完整性保护失败时,第三指示信息可以指示PDU会话重建请求为针对部分完整性保护失败的PDU会话的重建。Optionally, when the integrity protection of all PDUs fails, the third indication information may indicate that the PDU session re-establishment request is the re-establishment after the integrity protection of all PDU sessions fails. When the partial integrity protection of the PDU fails, the third indication information may indicate that the PDU session re-establishment request is for the re-establishment of the PDU session whose partial integrity protection has failed.
可选的,可以是终端设备检测到完整性保护失败之后发起上述流程,也可以是第一网络设备检测到完整性保护失败之后指示终端设备发起上述流程。当数据传输方向是第一网络设备到终端设备的下行数据方向时,终端设备检测到PDCP完整性保护失败后需要通知NAS层,由NAS层发起小区去注册或PDU会话去活。当数据传输方向是终端设备到第一网络设备的上行数据方向时,第一网络设备检测到PDCP完整性保护失败后,需要通知终端设备或第二网络设备,由终端设备或第二网络设备发起小区去注册或PDU会话去活Optionally, the terminal device may initiate the above process after detecting the integrity protection failure, or the first network device may instruct the terminal device to initiate the above process after detecting the integrity protection failure. When the data transmission direction is the downlink data direction from the first network device to the terminal device, the terminal device needs to notify the NAS layer after detecting that the PDCP integrity protection fails, and the NAS layer initiates cell deregistration or PDU session deactivation. When the data transmission direction is the uplink data direction from the terminal device to the first network device, after the first network device detects that the PDCP integrity protection fails, it needs to notify the terminal device or the second network device, and the terminal device or the second network device initiates Cell deregistration or PDU session deactivation
若是终端设备检测到完整性保护失败,则检测的过程可以是,第一网络设备向终端设备发送数据时,还向网络设备发送第一安全参数。终端设备从第一网络设备接收第一安全参数,并计算自身的第二安全参数。当第一安全参数与第二安全参数不同时,确定终端设备的完整性保护失败。If the terminal device detects that the integrity protection fails, the detection process may be that when the first network device sends data to the terminal device, it also sends the first security parameter to the network device. The terminal device receives the first security parameter from the first network device, and calculates its own second security parameter. When the first security parameter is different from the second security parameter, it is determined that the integrity protection of the terminal device fails.
若是第一网络设备检测到完整性保护失败,第一网络设备可以向终端设备发送第四指示信息,终端设备从第一网络设备接收第四指示信息之后,获知第一网络设备的完整性保护失败。If the first network device detects that the integrity protection fails, the first network device may send fourth indication information to the terminal device, and the terminal device learns that the integrity protection of the first network device fails after receiving the fourth indication information from the first network device .
此时第一网络设备的完整性保护失败可能是部分PDU完整性保护失败,也可能是全部PDU完整性保护失败。当为部分PDU完整性保护失败时,终端设备可以发起部分PDU会话重建的过程。当为全部PDU完整性保护失败时,终端设备可以发起小区去注册、小区重选和小区重注册的过程。At this time, the integrity protection failure of the first network device may be a partial PDU integrity protection failure, or a complete PDU integrity protection failure. When the integrity protection of the partial PDU fails, the terminal device may initiate the process of reestablishing the partial PDU session. When integrity protection for all PDUs fails, the terminal device may initiate cell de-registration, cell reselection, and cell re-registration procedures.
可选的,当第一网络设备检测到完整性保护失败时,第一网络设备还可以告知AMF,由AMF控制终端设备执行上述操作。Optionally, when the first network device detects that the integrity protection fails, the first network device may also notify the AMF, and the AMF controls the terminal device to perform the above operations.
例如,当第一网络设备检测到全部PDU完整性保护失败时,第一网络设备可以告知第二网络设备,第二网络设备向终端设备发送小区去注册指令,终端设备根据小区去注册指令,向第一网络设备发送小区去注册请求,执行小区去注册操作。For example, when the first network device detects that the integrity protection of all PDUs fails, the first network device may notify the second network device, the second network device sends a cell deregistration instruction to the terminal device, and the terminal device sends a cell deregistration instruction to the terminal device according to the cell deregistration instruction. The first network device sends a cell de-registration request, and performs a cell de-registration operation.
例如,当第一网络设备检测到部分PDU完整性保护失败时,第一网络设备可以告知第二网络设备,第二网络设备向终端设备发送PDU会话停用指令,终端设备从第二网络设备接收PDU会话停用指令,并根据PDU会话停用指令,向第一网络设备发送部分PDU会话停用请求,执行部分PDU会话停用操作。For example, when the first network device detects that partial PDU integrity protection fails, the first network device may notify the second network device, the second network device sends a PDU session deactivation instruction to the terminal device, and the terminal device receives the instruction from the second network device The PDU session deactivation instruction, and according to the PDU session deactivation instruction, a partial PDU session deactivation request is sent to the first network device, and a partial PDU session deactivation operation is performed.
由于UE和gNB均可能为数据的接收方或发送方,因此下面将分别对UE和gNB为接收方或发送方为例进行详细说明。在以下实施例中,以UE表示终端设备,gNB表示第一网络设备,AMF/SMF/UPF表示第二网络设备。Since both the UE and the gNB may be the receiver or the sender of data, the following will describe in detail an example where the UE and the gNB are the receiver or the sender respectively. In the following embodiments, UE represents the terminal device, gNB represents the first network device, and AMF/SMF/UPF represents the second network device.
首先结合图3和图4对UE作为数据的接收方、gNB作为数据的发送方为例进行说明。First, the UE is used as the receiver of data and the gNB is used as the sender of data as an example to be described with reference to FIG. 3 and FIG. 4 .
图3为本申请实施例提供的数据处理方案的信令图一,示意的是UE作为接收方,gNB作为发送方,且UE检测到所有的PDU会话都发生完整性保护失败时的情形,如图3所示,包括:Fig. 3 is a signaling diagram 1 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the receiver, the gNB acts as the sender, and the UE detects that all PDU sessions have failed integrity protection, such as As shown in Figure 3, including:
S301,UE向gNB发送小区去注册请求。S301, the UE sends a cell de-registration request to the gNB.
当UE检测到所有的PDU会话都发生完整性保护失败时,UE会向gNB发送小区去注册请求,由UE发起小区去注册。小区去注册请求中可以包括第一指示信息,第一指示信息指示UE的所有PDU会话均发生了完整性保护失败。When the UE detects that the integrity protection of all PDU sessions has failed, the UE will send a cell de-registration request to the gNB, and the UE will initiate the cell de-registration. The cell de-registration request may include first indication information, where the first indication information indicates that integrity protection failure has occurred in all PDU sessions of the UE.
S302,gNB向AMF发送小区去注册请求。S302, the gNB sends a cell de-registration request to the AMF.
gNB在接收到UE发送的小区去注册请求后,向AMF转发该小区去注册请求。After receiving the cell de-registration request sent by the UE, the gNB forwards the cell de-registration request to the AMF.
S303,AMF向SMF/UPF发送PDU会话停用请求。S303, the AMF sends a PDU session deactivation request to the SMF/UPF.
AMF在接收到小区去注册请求后,能够根据第一指示信息获知UE的所有PDU会话均发生了完整性保护失败。AMF向SMF/UPF发送PDU会话停用请求,请求对所有的PDU执行去活操作。After receiving the cell de-registration request, the AMF can learn that the integrity protection failure has occurred in all PDU sessions of the UE according to the first indication information. The AMF sends a PDU session deactivation request to the SMF/UPF, requesting that all PDUs be deactivated.
S304,SMF/UPF向AMF发送PDU会话停用响应。S304, the SMF/UPF sends a PDU session deactivation response to the AMF.
之后,UE可以停用所有的PDU会话,即对所有的PDU进行去活操作。Afterwards, the UE can deactivate all PDU sessions, that is, perform deactivation operations on all PDUs.
S305,AMF向gNB发送小区去注册响应。S305, the AMF sends a cell de-registration response to the gNB.
S306,gNB向UE发送小区去注册响应。S306, the gNB sends a cell de-registration response to the UE.
S307,UE进行小区去注册。S307, the UE performs cell deregistration.
UE接收到小区去注册响应后,即可执行小区去注册操作,并开始进行小区重选。After receiving the cell de-registration response, the UE can perform the cell de-registration operation and start cell reselection.
S308,UE发起小区重选,重选接入新的小区。S308, the UE initiates cell reselection, and reselects to access a new cell.
S309,UE发起小区重新注册。S309, the UE initiates cell re-registration.
具体的,UE可以向gNB发送小区注册请求,例如可以注册第二小区,与第二小区建立连接。在进行重新注册时,可在小区注册请求中携带重新注册小区的原因。例如可以在小区注册请求中携带第二指示信息,指示该小区注册请求为完整性保护失败后的重新注册。Specifically, the UE may send a cell registration request to the gNB, for example, may register with the second cell and establish a connection with the second cell. When performing re-registration, the reason for re-registering the cell may be carried in the cell registration request. For example, the second indication information may be carried in the cell registration request, indicating that the cell registration request is re-registration after integrity protection failure.
S310,UE发起PDU会话重建。S310, the UE initiates PDU session re-establishment.
在UE发起小区重新注册,与第二小区建立连接后,UE可以发起PDU会话重建。具体的,UE可以向gNB发送PDU会话重建请求,重建全部的PDU会话。可选的,还可以在进行PDU会话重建时,在PDU会话重建请求中携带PDU会话重建的原因。例如,可以在PDU会话重建请求中携带第三指示信息,指示该PDU会话重建请求为完整性保护 失败后的重建。After the UE initiates cell re-registration and establishes a connection with the second cell, the UE may initiate PDU session re-establishment. Specifically, the UE may send a PDU session re-establishment request to the gNB to re-establish all PDU sessions. Optionally, when the PDU session re-establishment is performed, the reason for the PDU session re-establishment may be carried in the PDU session re-establishment request. For example, the third indication information may be carried in the PDU session re-establishment request, indicating that the PDU session re-establishment request is the re-establishment after the integrity protection failure.
图4为本申请实施例提供的数据处理方案的信令图二,示意的是UE作为接收方,gNB作为发送方,且UE检测到部分PDU会话都发生完整性保护失败时的情形,如图4所示,包括:Fig. 4 is the signaling diagram 2 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the receiver, the gNB acts as the sender, and the UE detects that some PDU sessions have failed integrity protection, as shown in the figure 4, including:
S401,UE向gNB发送部分PDU会话停用请求。S401, the UE sends a partial PDU session deactivation request to the gNB.
S402,gNB向AMF发送部分PDU会话停用请求。S402, the gNB sends a partial PDU session deactivation request to the AMF.
S403,AMF向SMF/UPF发送部分PDU会话停用请求。S403, the AMF sends a partial PDU session deactivation request to the SMF/UPF.
S404,SMF/UPF向AMF发送部分PDU会话停用响应。S404, the SMF/UPF sends a partial PDU session deactivation response to the AMF.
在部分PDU会话停用请求中包括第一指示信息,指示部分PDU完整性保护失败。The partial PDU session deactivation request includes first indication information, indicating that the partial PDU integrity protection fails.
S405,AMF向gNB发送部分PDU会话停用响应。S405, the AMF sends a partial PDU session deactivation response to the gNB.
在接收到PDU会话停用响应后,可以停用完整性保护失败的PDU会话,即对完整性保护失败的PDU进行去活操作。After receiving the PDU session deactivation response, the PDU session whose integrity protection fails may be deactivated, that is, a deactivation operation is performed on the PDU whose integrity protection fails.
S406,UE发起部分PDU会话重建。S406, the UE initiates partial PDU session re-establishment.
实际中,可以根据实际需要,由用户控制UE发起部分PDU会话重建。具体的,UE可以向gNB发送PDU会话重建请求,重建部分PDU会话。可选的,还可以在进行PDU会话重建时,在PDU会话重建请求中携带PDU会话重建的原因。例如,可以在PDU会话重建请求中携带第三指示信息,指示该PDU会话重建请求为完整性保护失败后的重建。In practice, the UE may be controlled by the user to initiate partial PDU session re-establishment according to actual needs. Specifically, the UE may send a PDU session re-establishment request to the gNB to re-establish part of the PDU session. Optionally, when the PDU session re-establishment is performed, the reason for the PDU session re-establishment may be carried in the PDU session re-establishment request. For example, the third indication information may be carried in the PDU session re-establishment request, indicating that the PDU session re-establishment request is the re-establishment after the integrity protection fails.
图5为本申请实施例提供的数据处理方案的信令图三,示意的是UE作为发送方,gNB作为接收方,且gNB检测到全部PDU会话都发生完整性保护失败时的情形,如图5所示,包括:Fig. 5 is the signaling diagram 3 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails in all PDU sessions, as shown in the figure 5, including:
S51,gNB向UE发送第四指示信息。S51, the gNB sends fourth indication information to the UE.
图5的示例中,为UE向gNB发送数据的上行数据方向。当gNB接收到UE发送的数据后,如果检测到完整性保护失败,gNB可以向UE发送第四指示信息,指示gNB检测到完整性保护失败。In the example of FIG. 5 , it is the uplink data direction in which the UE sends data to the gNB. After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB may send fourth indication information to the UE, indicating that the gNB detects that the integrity protection fails.
S52,UE接收第四指示信息。S52, the UE receives fourth indication information.
UE接收到第四指示信息后,获知全部PDU会话都发生完整性保护失败。After receiving the fourth indication information, the UE learns that the integrity protection failure has occurred in all PDU sessions.
S53,UE执行小区去注册操作。S53, the UE performs a cell de-registration operation.
在获知全部PDU会话都发生完整性保护失败之后,UE可以发起小区去注册操作。具体的步骤可参见图3示意的实施例,此处不再赘述。After learning that the integrity protection failure occurs in all PDU sessions, the UE may initiate a cell de-registration operation. For specific steps, reference may be made to the embodiment illustrated in FIG. 3 , which will not be repeated here.
图6为本申请实施例提供的数据处理方案的信令图四,示意的是UE作为发送方,gNB作为接收方,且gNB检测到全部PDU会话都发生完整性保护失败时的情形,如图6所示,包括:FIG. 6 is the signaling diagram 4 of the data processing scheme provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails in all PDU sessions, as shown in the figure 6, including:
S61,gNB向AMF发送第四指示信息。S61, the gNB sends fourth indication information to the AMF.
当gNB接收到UE发送的数据后,如果检测到完整性保护失败,gNB除了可以向UE发送第四指示消息外,还可以选择向AMF发送第四指示消息,通知AMF全部PDU会话都发生完整性保护失败。After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB can send a fourth indication message to the AMF in addition to sending the fourth indication message to the UE to notify the AMF that the integrity of all PDU sessions has occurred. Protection failed.
S62,AMF接收第四指示信息。S62, the AMF receives the fourth indication information.
AMF接收到第四指示信息后,获知全部PDU会话都发生完整性保护失败。After receiving the fourth indication information, the AMF learns that the integrity protection failure has occurred in all PDU sessions.
S63,AMF向UE发送小区去注册指令。S63, the AMF sends a cell de-registration instruction to the UE.
AMF向UE发送小区去注册指令,指示UE执行去注册操作。The AMF sends a cell de-registration instruction to the UE, instructing the UE to perform the de-registration operation.
S64,UE接收小区去注册指令。S64, the UE receives a cell de-registration instruction.
S65,UE执行小区去注册操作。S65, the UE performs a cell de-registration operation.
UE在接收到小区去注册指令后,根据该小区去注册指令,向gNB发送小区去注册请求,执行小区去注册操作。具体的步骤可参见图3示意的实施例,此处不再赘述。After receiving the cell de-registration instruction, the UE sends a cell de-registration request to the gNB according to the cell de-registration instruction, and performs the cell de-registration operation. For specific steps, reference may be made to the embodiment illustrated in FIG. 3 , which will not be repeated here.
图7为本申请实施例提供的数据处理方案的信令图五,示意的是UE作为发送方,gNB作为接收方,且gNB检测到部分PDU会话发生完整性保护失败时的情形,如图7所示,包括:Fig. 7 is a signaling diagram 5 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that some PDU sessions have failed integrity protection, as shown in Fig. 7 shown, including:
S71,gNB向UE发送第四指示信息。S71, the gNB sends fourth indication information to the UE.
图7的示例中,为UE向gNB发送数据的上行数据方向。当gNB接收到UE发送的数据后,如果检测到完整性保护失败,gNB可以向UE发送第四指示信息,指示gNB检测到完整性保护失败。In the example of FIG. 7 , it is the uplink data direction in which the UE sends data to the gNB. After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB may send fourth indication information to the UE, indicating that the gNB detects that the integrity protection fails.
S72,UE接收第四指示信息。S72, the UE receives fourth indication information.
UE接收到第四指示信息后,获知部分PDU会话都发生完整性保护失败。After receiving the fourth indication information, the UE learns that the integrity protection failure occurs in some PDU sessions.
S73,UE执行部分PDU会话停用操作。S73, the UE performs a partial PDU session deactivation operation.
在获知部分PDU会话都发生完整性保护失败之后,UE可以发起部分PDU会话停用操作。具体的步骤可参见图4示意的实施例,此处不再赘述。The UE may initiate a partial PDU session deactivation operation after learning that the integrity protection failure occurs in all of the PDU sessions. For specific steps, reference may be made to the embodiment illustrated in FIG. 4 , which will not be repeated here.
图8为本申请实施例提供的数据处理方案的信令图六,示意的是UE作为发送方,gNB作为接收方,且gNB检测到部分PDU会话发生完整性保护失败时的情形,如图8所示,包括:Fig. 8 is the signaling diagram 6 of the data processing solution provided by the embodiment of the present application, which illustrates the situation when the UE acts as the sender, the gNB acts as the receiver, and the gNB detects that the integrity protection fails for some PDU sessions, as shown in Fig. 8 shown, including:
S81,gNB向AMF发送第四指示信息。S81, the gNB sends fourth indication information to the AMF.
当gNB接收到UE发送的数据后,如果检测到完整性保护失败,gNB除了可以向UE发送第四指示消息外,还可以选择向AMF发送第四指示消息,通知AMF部分PDU会话都发生完整性保护失败。After the gNB receives the data sent by the UE, if it detects that the integrity protection fails, the gNB can send the fourth indication message to the UE, and the gNB can also choose to send the fourth indication message to the AMF to notify the AMF that the integrity of some PDU sessions has occurred. Protection failed.
S82,AMF接收第四指示信息。S82, the AMF receives the fourth indication information.
AMF接收到第四指示信息后,获知部分PDU会话都发生完整性保护失败。After receiving the fourth indication information, the AMF learns that integrity protection failures occur in some PDU sessions.
S83,AMF向UE发送PDU会话停用指令。S83, the AMF sends a PDU session deactivation instruction to the UE.
AMF向UE发送PDU会话停用指令,指示UE执行针对完整性保护失败的PDU会话停用操作。The AMF sends a PDU session deactivation instruction to the UE, instructing the UE to perform a PDU session deactivation operation for integrity protection failure.
S84,UE接收PDU会话停用指令。S84, the UE receives the PDU session deactivation instruction.
S85,UE执行PDU会话停用操作。S85, the UE performs a PDU session deactivation operation.
UE在接收到PDU会话停用指令后,根据该PDU会话停用指令,向gNB发送部分PDU会话停用请求,执行部分PDU会话停用操作。具体的步骤可参见图4示意的实施例,此处不再赘述。After receiving the PDU session deactivation instruction, the UE sends a partial PDU session deactivation request to the gNB according to the PDU session deactivation instruction, and performs a partial PDU session deactivation operation. For specific steps, reference may be made to the embodiment illustrated in FIG. 4 , which will not be repeated here.
图9为本申请实施例提供的数据处理方法的流程示意图,如图9所示,该方法可以包括:FIG. 9 is a schematic flowchart of a data processing method provided by an embodiment of the present application. As shown in FIG. 9 , the method may include:
S91,在完整性保护失败后,第一网络设备从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;S91, after the integrity protection fails, the first network device receives first indication information from the terminal device, where the first indication information indicates that the integrity protection fails;
S92,所述第一网络设备根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。S92, the first network device sends a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;从终端设备接收第一指示信息,包括:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; receiving the first indication information from the terminal device includes:
从所述终端设备接收小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求所述终端设备与第一小区断开连接,以及停用全部PDU会话。A cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收小区注册请求,所述小区注册请求用于请求所述终端设备与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。Receive a cell registration request from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;从终端设备接收第一指示信息,包括:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; receiving the first indication information from the terminal device includes:
从终端设备接收部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求停用完整性保护失败的PDU会话。Receive a partial PDU session deactivation request from a terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Used to request deactivation of integrity protection for failed PDU sessions.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。A PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
根据所述PDU会话重建请求,向所述终端设备发送PDU会话重建响应,所述PDU会话重建响应指示所述终端设备重建所述完整性保护失败的PDU。According to the PDU session re-establishment request, a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
从所述终端设备接收第二安全参数;receiving a second security parameter from the terminal device;
在所述第二安全参数与所述第一网络设备的第一安全参数不同时,确定所述完整性保护失败。When the second security parameter is different from the first security parameter of the first network device, it is determined that the integrity protection fails.
在一种可能的实施方式中,所述方法还包括:In a possible implementation, the method further includes:
向所述终端设备,或者,第二网络设备,发送第四指示信息,所述第四指示所述完整性保护失败。Send fourth indication information to the terminal device, or the second network device, where the fourth indication indicates that the integrity protection fails.
图9示例的方案,与图2示例的方案对应的第一网络设备侧的执行步骤,具体的方案请参见上述实施例,此处不再赘述。The solution illustrated in FIG. 9 corresponds to the execution steps on the first network device side corresponding to the solution illustrated in FIG. 2 . For the specific solution, please refer to the foregoing embodiment, which will not be repeated here.
本申请实施例提供的数据处理方法及装置,在完整性保护失败后,终端设备向第一网络设备发送第一指示信息,然后从第一网络设备接收PDU会话停用指令,根据该PDU会话停用指令停用PDU会话,对PDU执行去活操作。因此在后续的数据传输过程中,终端设备和第一网络设备之间将停止通过完整性保护失败的PDU进行数据传输,避免后续的数据传输过程中仍然接收到完整性保护失败的数据。同时,如果全部的PDU会话完整性保护均失败,还可以进行小区的去注册和小区重选,避免连接到原来有问 题的小区。终端设备也可以发起PDU连接重建,并通过在PDU连接重建中携带指示信息指示该PDU重建为完整性保护失败后的重建,可以使得网络设备获知PDU重建原因,并采取相应的安全措施,降低了数据传输过程中的安全风险。In the data processing method and device provided by the embodiments of the present application, after the integrity protection fails, the terminal device sends the first indication information to the first network device, and then receives the PDU session deactivation instruction from the first network device, and stops the session according to the PDU. Deactivate the PDU session with an instruction to deactivate the PDU. Therefore, in the subsequent data transmission process, the terminal device and the first network device will stop data transmission through the PDU that fails the integrity protection, so as to prevent the data of which the integrity protection fails to be still received in the subsequent data transmission process. At the same time, if all PDU session integrity protection fails, cell de-registration and cell reselection can also be performed to avoid connecting to the original problematic cell. The terminal device can also initiate PDU connection re-establishment, and by carrying the indication information in the PDU connection re-establishment to indicate that the PDU is re-established after the integrity protection fails, the network device can know the reason for the PDU re-establishment and take corresponding security measures to reduce the risk of PDU re-establishment. Security risks during data transmission.
图10为本申请实施例提供的数据处理装置的结构示意图一,如图10所示,该数据处理装置100包括:FIG. 10 is a schematic structural diagram 1 of a data processing apparatus provided by an embodiment of the present application. As shown in FIG. 10 , the data processing apparatus 100 includes:
发送模块101,用于在完整性保护失败后,向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败;A sending module 101, configured to send first indication information to a first network device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
接收模块102,用于从所述第一网络设备接收PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。The receiving module 102 is configured to receive a PDU session deactivation instruction from the first network device, and deactivate the PDU session according to the PDU session deactivation instruction.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;所述发送模块101具体用于:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; the sending module 101 is specifically configured to:
向所述第一网络设备发送小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求与第一小区断开连接,并请求所述第一网络设备停用全部PDU会话。Send a cell deregistration request to the first network device, where the cell deregistration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
在一种可能的实施方式中,所述发送模块101还用于:In a possible implementation manner, the sending module 101 is further configured to:
向所述第一网络设备发送小区注册请求,与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。Send a cell registration request to the first network device to establish a connection with the second cell, the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection failure. register again.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;所述发送模块101具体用于:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; the sending module 101 is specifically configured to:
向所述第一网络设备发送部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求第一网络设备停用完整性保护失败的PDU会话。Sending a partial PDU session deactivation request to the first network device, where the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the integrity protection of the partial PDU fails, and the partial PDU The session deactivation request is used to request the first network device to deactivate the PDU session for which the integrity protection fails.
在一种可能的实施方式中,所述发送模块101还用于:In a possible implementation manner, the sending module 101 is further configured to:
终端设备向所述第一网络设备发送PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。The terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after an integrity protection failure.
在一种可能的实施方式中,所述接收模块102还用于:In a possible implementation manner, the receiving module 102 is further configured to:
从所述第一网络设备接收PDU会话重建响应;receiving a PDU session re-establishment response from the first network device;
根据所述PDU会话重建响应,重建所述完整性保护失败的PDU。According to the PDU session re-establishment response, the PDU whose integrity protection fails is re-established.
在一种可能的实施方式中,所述接收模块102还用于:In a possible implementation manner, the receiving module 102 is further configured to:
从所述第一网络设备接收第一安全参数;receiving a first security parameter from the first network device;
在所述第一安全参数与所述终端设备的第二安全参数不同时,确定所述终端设备的完整性保护失败。When the first security parameter is different from the second security parameter of the terminal device, it is determined that the integrity protection of the terminal device fails.
在一种可能的实施方式中,所述接收模块102还用于:In a possible implementation manner, the receiving module 102 is further configured to:
从所述第一网络设备接收第四指示信息;receiving fourth indication information from the first network device;
根据所述第四指示信息确定所述终端设备的完整性保护失败。It is determined according to the fourth indication information that the integrity protection of the terminal device fails.
在一种可能的实施方式中,所述发送模块101具体用于:In a possible implementation manner, the sending module 101 is specifically configured to:
从第二网络设备接收小区去注册指令;receiving a cell de-registration instruction from the second network device;
根据所述小区去注册指令,向所述第一网络设备发送所述小区去注册请求。According to the cell de-registration instruction, the cell de-registration request is sent to the first network device.
在一种可能的实施方式中,所述发送模块101具体用于:In a possible implementation manner, the sending module 101 is specifically configured to:
从第二网络设备接收PDU会话停用指令;receiving a PDU session deactivation instruction from the second network device;
根据所述PDU会话停用指令,向所述第一网络设备发送所述部分PDU会话停用请求。According to the PDU session deactivation instruction, the partial PDU session deactivation request is sent to the first network device.
本申请实施例提供的数据处理装置,用于执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The data processing apparatus provided in the embodiment of the present application is used to execute the above method embodiments, and the implementation principle and technical effect thereof are similar, and details are not described herein again in this embodiment.
图11为本申请实施例提供的数据处理装置的结构示意图二,如图10所示,该数据处理装置110包括:FIG. 11 is a second schematic structural diagram of a data processing apparatus provided by an embodiment of the present application. As shown in FIG. 10 , the data processing apparatus 110 includes:
接收模块111,用于在完整性保护失败后,从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;a receiving module 111, configured to receive first indication information from the terminal device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
发送模块112,用于根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。The sending module 112 is configured to send a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
在一种可能的实施方式中,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。In a possible implementation manner, the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
在一种可能的实施方式中,所述完整性保护失败为全部PDU完整性保护失败;所述接收模块111具体用于:In a possible implementation manner, the integrity protection failure is an integrity protection failure of all PDUs; the receiving module 111 is specifically configured to:
从所述终端设备接收小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求所述终端设备与第一小区断开连接,以及停用全部PDU会话。A cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
在一种可能的实施方式中,所述接收模块111还用于:In a possible implementation manner, the receiving module 111 is further configured to:
从所述终端设备接收小区注册请求,所述小区注册请求用于请求所述终端设备与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。A cell registration request is received from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
在一种可能的实施方式中,所述完整性保护失败为部分PDU完整性保护失败;所述接收模块111具体用于:In a possible implementation manner, the integrity protection failure is a partial PDU integrity protection failure; the receiving module 111 is specifically configured to:
从所述终端设备接收部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求停用完整性保护失败的PDU会话。A partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
在一种可能的实施方式中,所述接收模块111还用于:In a possible implementation manner, the receiving module 111 is further configured to:
从所述终端设备接收PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。A PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
在一种可能的实施方式中,所述发送模块112还用于:In a possible implementation manner, the sending module 112 is further configured to:
根据所述PDU会话重建请求,向所述终端设备发送PDU会话重建响应,所述PDU会话重建响应指示所述终端设备重建所述完整性保护失败的PDU。According to the PDU session re-establishment request, a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
在一种可能的实施方式中,所述接收模块111还用于:In a possible implementation manner, the receiving module 111 is further configured to:
从所述终端设备接收第二安全参数;receiving a second security parameter from the terminal device;
在所述第二安全参数与所述第一网络设备的第一安全参数不同时,确定所述完整性保护失败。When the second security parameter is different from the first security parameter of the first network device, it is determined that the integrity protection fails.
在一种可能的实施方式中,所述发送模块112还用于:In a possible implementation manner, the sending module 112 is further configured to:
向所述终端设备,或者,第二网络设备,发送第四指示信息,所述第四指示所述完整性保护失败。Send fourth indication information to the terminal device, or the second network device, where the fourth indication indicates that the integrity protection fails.
本申请实施例提供的数据处理装置,用于执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The data processing apparatus provided in the embodiment of the present application is used to execute the above method embodiments, and the implementation principle and technical effect thereof are similar, and details are not described herein again in this embodiment.
图12为本申请实施例提供的终端设备的结构示意图。请参见图12,终端设备120可以包括:收发器121、存储器122、处理器123。收发器121可包括:发射器和/或接收器。该发射器还可称为发送器、发射机、发送端口或发送接口等类似描述,接收器还可称为接收器、接收机、接收端口或接收接口等类似描述。示例性地,收发器121、存储器122、处理器123,各部分之间通过总线124相互连接。FIG. 12 is a schematic structural diagram of a terminal device provided by an embodiment of the present application. Referring to FIG. 12 , the terminal device 120 may include: a transceiver 121 , a memory 122 , and a processor 123 . The transceiver 121 may include: a transmitter and/or a receiver. The transmitter may also be referred to as a transmitter, transmitter, transmit port, or transmit interface, or the like, and the receiver may be referred to as a receiver, receiver, receive port, or receive interface, or the like. Exemplarily, the transceiver 121 , the memory 122 , and the processor 123 are connected to each other through the bus 124 .
存储器122用于存储程序指令; memory 122 for storing program instructions;
处理器123用于执行该存储器所存储的程序指令,用以使得终端设备120执行上述任一所示的数据处理方法。The processor 123 is configured to execute the program instructions stored in the memory, so as to make the terminal device 120 execute any of the data processing methods shown above.
其中,收发器121的接收器,可用于执行上述数据处理方法中终端设备的接收功能。The receiver of the transceiver 121 may be used to perform the receiving function of the terminal device in the above data processing method.
图13为本申请实施例提供的网络设备的结构示意图。请参见图13,网络设备130可以包括:收发器131、存储器132、处理器133。收发器131可包括:发射器和/或接收器。该发射器还可称为发送器、发射机、发送端口或发送接口等类似描述,接收器还可称为接收器、接收机、接收端口或接收接口等类似描述。示例性地,收发器131、存储器132、处理器133,各部分之间通过总线134相互连接。FIG. 13 is a schematic structural diagram of a network device provided by an embodiment of the present application. Referring to FIG. 13 , the network device 130 may include: a transceiver 131 , a memory 132 , and a processor 133 . The transceiver 131 may include: a transmitter and/or a receiver. The transmitter may also be referred to as a transmitter, transmitter, transmit port, or transmit interface, or the like, and the receiver may be referred to as a receiver, receiver, receive port, or receive interface, or the like. Exemplarily, the transceiver 131 , the memory 132 , and the processor 133 are connected to each other through the bus 134 .
存储器132用于存储程序指令; memory 132 for storing program instructions;
处理器133用于执行该存储器所存储的程序指令,用以使得终端设备130执行上述任一所示的数据处理方法。The processor 133 is configured to execute the program instructions stored in the memory, so as to make the terminal device 130 execute any of the data processing methods shown above.
其中,收发器131的接收器,可用于执行上述数据处理方法中网络设备的接收功能。The receiver of the transceiver 131 may be used to perform the receiving function of the network device in the above data processing method.
本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当所述计算机执行指令被处理器执行时用于实现上述数据处理方法。Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement the above data processing method.
本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当所述计算机执行指令被处理器执行时用于实现上述数据处理方法。Embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement the above data processing method.
本申请实施例还可提供一种计算机程序产品,该计算机程序产品可以由处理器执行,在计算机程序产品被执行时,可实现上述任一所示的终端设备执行的数据处理方法。Embodiments of the present application may further provide a computer program product, which can be executed by a processor, and when the computer program product is executed, can implement any of the data processing methods performed by the terminal device shown above.
本申请实施例的数据传输设备、计算机可读存储介质及计算机程序产品,可执行上述终端设备或网络设备执行的数据处理方法,其具体的实现过程及有益效果参见上述,在此不再赘述。The data transmission device, the computer-readable storage medium, and the computer program product of the embodiments of the present application can execute the data processing method executed by the terminal device or the network device. The specific implementation process and beneficial effects thereof are referred to above, and are not repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执 行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的计算机程序可以存储于一计算机可读取存储介质中。该计算机程序在被处理器执行时,实现包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware. The aforementioned computer program may be stored in a computer-readable storage medium. When the computer program is executed by the processor, it implements the steps including the above method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other mediums that can store program codes.
最后应说明的是:以上各实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述各实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application. scope.

Claims (25)

  1. 一种数据处理方法,其特征在于,包括:A data processing method, comprising:
    在完整性保护失败后,终端设备向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败;After the integrity protection fails, the terminal device sends first indication information to the first network device, where the first indication information indicates that the integrity protection fails;
    所述终端设备从所述第一网络设备接收分组数据单元PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。The terminal device receives a packet data unit PDU session deactivation instruction from the first network device, and deactivates the PDU session according to the PDU session deactivation instruction.
  2. 根据权利要求1所述的方法,其特征在于,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。The method according to claim 1, wherein the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  3. 根据权利要求2所述的方法,其特征在于,所述完整性保护失败为全部PDU完整性保护失败;向第一网络设备发送第一指示信息,包括:The method according to claim 2, wherein the integrity protection failure is an integrity protection failure of all PDUs; sending the first indication information to the first network device, comprising:
    向所述第一网络设备发送小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求与第一小区断开连接,并请求所述第一网络设备停用全部PDU会话。Send a cell deregistration request to the first network device, where the cell deregistration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell deregistration request is used for Request to disconnect from the first cell and request the first network device to deactivate all PDU sessions.
  4. 根据权利要求3所述的方法,其特征在于,所述方法还包括:The method according to claim 3, wherein the method further comprises:
    向所述第一网络设备发送小区注册请求,与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。Send a cell registration request to the first network device to establish a connection with the second cell, the cell registration request includes second indication information, and the second indication information indicates that the cell registration request is after the integrity protection failure. register again.
  5. 根据权利要求2所述的方法,其特征在于,所述完整性保护失败为部分PDU完整性保护失败;向第一网络设备发送第一指示信息,包括:The method according to claim 2, wherein the integrity protection failure is a partial PDU integrity protection failure; sending the first indication information to the first network device, comprising:
    向所述第一网络设备发送部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求所述第一网络设备停用完整性保护失败的PDU会话。Sending a partial PDU session deactivation request to the first network device, where the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the integrity protection of the partial PDU fails, and the partial PDU The session deactivation request is used for requesting the first network device to deactivate the PDU session that fails the integrity protection.
  6. 根据权利要求4或5所述的方法,其特征在于,所述方法还包括:The method according to claim 4 or 5, wherein the method further comprises:
    终端设备向所述第一网络设备发送PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。The terminal device sends a PDU session re-establishment request to the first network device, where the PDU session re-establishment request includes third indication information, and the third indication information indicates that the PDU session re-establishment request is a re-establishment after an integrity protection failure.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method according to claim 6, wherein the method further comprises:
    从所述第一网络设备接收PDU会话重建响应;receiving a PDU session re-establishment response from the first network device;
    根据所述PDU会话重建响应,重建所述完整性保护失败的PDU。According to the PDU session re-establishment response, the PDU whose integrity protection fails is re-established.
  8. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    从所述第一网络设备接收第一安全参数;receiving a first security parameter from the first network device;
    在所述第一安全参数与所述终端设备的第二安全参数不同时,确定所述完整性保护失败。When the first security parameter is different from the second security parameter of the terminal device, it is determined that the integrity protection fails.
  9. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    从所述第一网络设备接收第四指示信息;receiving fourth indication information from the first network device;
    根据所述第四指示信息确定所述完整性保护失败。It is determined according to the fourth indication information that the integrity protection fails.
  10. 根据权利要求3所述的方法,其特征在于,向所述第一网络设备发送小区去注册请求,包括:The method according to claim 3, wherein sending a cell deregistration request to the first network device comprises:
    从第二网络设备接收小区去注册指令;receiving a cell de-registration instruction from the second network device;
    根据所述小区去注册指令,向所述第一网络设备发送所述小区去注册请求。According to the cell de-registration instruction, the cell de-registration request is sent to the first network device.
  11. 根据权利要求5所述的方法,其特征在于,向所述第一网络设备发送部分PDU会话停用请求,包括:The method according to claim 5, wherein sending a partial PDU session deactivation request to the first network device comprises:
    从第二网络设备接收PDU会话停用指令;receiving a PDU session deactivation instruction from the second network device;
    根据所述PDU会话停用指令,向所述第一网络设备发送所述部分PDU会话停用请求。According to the PDU session deactivation instruction, the partial PDU session deactivation request is sent to the first network device.
  12. 一种数据处理方法,其特征在于,包括:A data processing method, comprising:
    在完整性保护失败后,第一网络设备从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;After the integrity protection fails, the first network device receives first indication information from the terminal device, where the first indication information indicates that the integrity protection fails;
    所述第一网络设备根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。The first network device sends a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  13. 根据权利要求12所述的方法,其特征在于,所述完整性保护失败包括全部PDU完整性保护失败和部分PDU完整性保护失败。The method according to claim 12, wherein the integrity protection failure includes all PDU integrity protection failures and partial PDU integrity protection failures.
  14. 根据权利要求13所述的方法,其特征在于,所述完整性保护失败为全部PDU完整性保护失败;从终端设备接收第一指示信息,包括:The method according to claim 13, wherein the integrity protection failure is an integrity protection failure of all PDUs; and receiving the first indication information from the terminal device comprises:
    从所述终端设备接收小区去注册请求,所述小区去注册请求中包括所述第一指示信息,所述第一指示信息指示全部PDU完整性保护失败,所述小区去注册请求用于请求所述终端设备与第一小区断开连接,以及停用全部PDU会话。A cell de-registration request is received from the terminal device, the cell de-registration request includes the first indication information, the first indication information indicates that all PDU integrity protection fails, and the cell de-registration request is used to request all The terminal device is disconnected from the first cell, and all PDU sessions are deactivated.
  15. 根据权利要求14所述的方法,其特征在于,所述方法还包括:The method of claim 14, wherein the method further comprises:
    从所述终端设备接收小区注册请求,所述小区注册请求用于请求所述终端设备与第二小区建立连接,所述小区注册请求中包括第二指示信息,所述第二指示信息指示所述小区注册请求为完整性保护失败后的重新注册。A cell registration request is received from the terminal device, where the cell registration request is used to request the terminal device to establish a connection with a second cell, the cell registration request includes second indication information, and the second indication information indicates the The cell registration request is re-registration after the integrity protection fails.
  16. 根据权利要求13所述的方法,其特征在于,所述完整性保护失败为部分PDU完整性保护失败;从终端设备接收第一指示信息,包括:The method according to claim 13, wherein the integrity protection failure is a partial PDU integrity protection failure; and receiving the first indication information from the terminal device comprises:
    从所述终端设备接收部分PDU会话停用请求,所述部分PDU会话停用请求中包括所述第一指示信息,所述第一指示信息指示部分PDU完整性保护失败,所述部分PDU会话停用请求用于请求停用完整性保护失败的PDU会话。A partial PDU session deactivation request is received from the terminal device, the partial PDU session deactivation request includes the first indication information, the first indication information indicates that the partial PDU integrity protection fails, and the partial PDU session deactivation request Use request to request deactivation of integrity protection for failed PDU sessions.
  17. 根据权利要求15或16所述的方法,其特征在于,所述方法还包括:The method according to claim 15 or 16, wherein the method further comprises:
    从所述终端设备接收PDU会话重建请求,所述PDU会话重建请求中包括第三指示信息,所述第三指示信息指示所述PDU会话重建请求为完整性保护失败后的重建。A PDU session re-establishment request is received from the terminal device, where the PDU session re-establishment request includes third indication information, where the third indication information indicates that the PDU session re-establishment request is a re-establishment after integrity protection failure.
  18. 根据权利要求17所述的方法,其特征在于,所述方法还包括:The method of claim 17, wherein the method further comprises:
    根据所述PDU会话重建请求,向所述终端设备发送PDU会话重建响应,所述PDU会话重建响应指示所述终端设备重建所述完整性保护失败的PDU。According to the PDU session re-establishment request, a PDU session re-establishment response is sent to the terminal device, where the PDU session re-establishment response instructs the terminal device to re-establish the PDU whose integrity protection fails.
  19. 根据权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    从所述终端设备接收第二安全参数;receiving a second security parameter from the terminal device;
    在所述第二安全参数与所述第一网络设备的第一安全参数不同时,确定所述完整性保护失败。When the second security parameter is different from the first security parameter of the first network device, it is determined that the integrity protection fails.
  20. 根据权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    向所述终端设备,或者,第二网络设备,发送第四指示信息,所述第四指示所述完整性保护失败。Send fourth indication information to the terminal device, or the second network device, where the fourth indication indicates that the integrity protection fails.
  21. 一种数据处理装置,其特征在于,包括:A data processing device, comprising:
    发送模块,用于在完整性保护失败后,向第一网络设备发送第一指示信息,所述第一指示信息指示所述完整性保护失败;a sending module, configured to send first indication information to the first network device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
    接收模块,用于从所述第一网络设备接收PDU会话停用指令,根据所述PDU会话停用指令,停用所述PDU会话。A receiving module, configured to receive a PDU session deactivation instruction from the first network device, and deactivate the PDU session according to the PDU session deactivation instruction.
  22. 一种数据处理装置,其特征在于,包括:A data processing device, comprising:
    接收模块,用于在完整性保护失败后,从终端设备接收第一指示信息,所述第一指示信息指示所述完整性保护失败;a receiving module, configured to receive first indication information from the terminal device after the integrity protection fails, where the first indication information indicates that the integrity protection fails;
    发送模块,用于根据所述第一指示信息,向所述终端设备发送PDU会话停用指令,所述PDU会话停用指令指示所述终端设备停用所述PDU会话。A sending module, configured to send a PDU session deactivation instruction to the terminal device according to the first indication information, where the PDU session deactivation instruction instructs the terminal device to deactivate the PDU session.
  23. 一种终端设备,其特征在于,包括:A terminal device, characterized in that it includes:
    存储器,用于存储程序;memory for storing programs;
    处理器,用于执行所述存储器存储的所述程序,当所述程序被执行时,所述处理器用于执行如权利要求1至11中任一所述的数据处理方法。a processor, configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of claims 1 to 11.
  24. 一种网络设备,其特征在于,包括:A network device, characterized in that it includes:
    存储器,用于存储程序;memory for storing programs;
    处理器,用于执行所述存储器存储的所述程序,当所述程序被执行时,所述处理器用于执行如权利要求12至20中任一所述的数据处理方法。a processor, configured to execute the program stored in the memory, and when the program is executed, the processor is configured to execute the data processing method according to any one of claims 12 to 20.
  25. 一种计算机可读存储介质,其特征在于,包括指令,当其在计算机上运行时,使得计算机执行如权利要求1至20中任一所述的数据处理方法。A computer-readable storage medium, characterized by comprising instructions, which, when executed on a computer, cause the computer to execute the data processing method according to any one of claims 1 to 20.
PCT/CN2021/125668 2020-10-28 2021-10-22 Data processing method and apparatus WO2022089314A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011173738.X 2020-10-28
CN202011173738.XA CN114513319B (en) 2020-10-28 2020-10-28 Data processing method and device

Publications (1)

Publication Number Publication Date
WO2022089314A1 true WO2022089314A1 (en) 2022-05-05

Family

ID=81383600

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/125668 WO2022089314A1 (en) 2020-10-28 2021-10-22 Data processing method and apparatus

Country Status (2)

Country Link
CN (1) CN114513319B (en)
WO (1) WO2022089314A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108810899A (en) * 2017-04-28 2018-11-13 维沃移动通信有限公司 Integrality detection method, terminal and network side equipment
CN110651491A (en) * 2017-06-14 2020-01-03 三星电子株式会社 Method and user equipment for handling integrity check failure of PDCP PDU
US20200169887A1 (en) * 2017-06-16 2020-05-28 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for the handling of data radio bearer integrity protection failure in nr
CN111315039A (en) * 2018-12-24 2020-06-19 维沃移动通信有限公司 Integrity protection failure processing method and terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108400997A (en) * 2017-02-06 2018-08-14 电信科学技术研究院 Conversation managing method, terminal, management function entity and access network node
CN110035437B (en) * 2018-01-11 2021-02-23 电信科学技术研究院 User plane data security protection method and device
CN114615703A (en) * 2018-10-09 2022-06-10 华为技术有限公司 Network slice access control method and device
CN113519147B (en) * 2019-03-08 2024-05-28 联想(新加坡)私人有限公司 Secure mode integrity verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108810899A (en) * 2017-04-28 2018-11-13 维沃移动通信有限公司 Integrality detection method, terminal and network side equipment
CN110651491A (en) * 2017-06-14 2020-01-03 三星电子株式会社 Method and user equipment for handling integrity check failure of PDCP PDU
US20200169887A1 (en) * 2017-06-16 2020-05-28 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for the handling of data radio bearer integrity protection failure in nr
CN111315039A (en) * 2018-12-24 2020-06-19 维沃移动通信有限公司 Integrity protection failure processing method and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUAWEI, HISILICON: "Integrity protection and Counter Check Procedure for NR", 3GPP DRAFT; R2-1807979, vol. RAN WG2, 11 May 2018 (2018-05-11), Busan, Korea, pages 1 - 2, XP051465048 *

Also Published As

Publication number Publication date
CN114513319A (en) 2022-05-17
CN114513319B (en) 2023-11-07

Similar Documents

Publication Publication Date Title
US9432847B2 (en) Method and apparatus for reconfiguring connection to base station at relay node in a wireless communication system
EP2900033B1 (en) Method, apparatus, and system for data transmission
EP3136801B1 (en) Method and device for mobility management of mptcp connection
TWI770549B (en) Methods for reducing mobility interruption and apparatus thereof
CN110198556B (en) Radio Resource Control (RRC) message processing method, device and system
US9832699B2 (en) Communication control method, user terminal, cellular base station, and access point
AU2017424739B2 (en) Switching method, access network device and terminal device
KR102320568B1 (en) Data processing method and apparatus, and computer storage medium
KR101959937B1 (en) Radio resource control rrc connection method and apparatus and rrc reconnection method and apparatus
WO2019095840A1 (en) Layer 2 processing method, cu, and du
EP3629538B1 (en) Communication method and apparatus
US20160270143A1 (en) Communication control method, user terminal, and processor
US20200229048A1 (en) Information transmission method and apparatus
US20230180074A1 (en) Network switching method and apparatus, device and storage medium
WO2022089314A1 (en) Data processing method and apparatus
WO2022083478A1 (en) Method and apparatus for acquiring configuration information
CN114449538A (en) Method and device used in relay wireless communication
KR20200112616A (en) Method and apparatus for recovering connection failure to network in next generation mobile communication system
EP4145880A1 (en) Communication method and apparatus
US20240179783A1 (en) Communication device triggered aggregation operations
WO2024007175A1 (en) Network-controlled repeater control method and apparatus, base station communication method and apparatus, and storage medium
US20240162978A1 (en) Methods for satellite hard feeder link switchover
WO2021203318A1 (en) Methods, devices, and computer readable medium for communication
CN116980973A (en) Method, base station, terminal, system and medium for maintaining data compression continuity
CN115334692A (en) Method and equipment used for wireless communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21885041

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21885041

Country of ref document: EP

Kind code of ref document: A1