WO2022237236A1

WO2022237236A1 - Communication method and apparatus, and storage medium

Info

Publication number: WO2022237236A1
Application number: PCT/CN2022/073692
Authority: WO
Inventors: 郭龙华; 习燕; 吴�荣
Original assignee: 华为技术有限公司
Priority date: 2021-05-08
Filing date: 2022-01-25
Publication date: 2022-11-17
Also published as: CN115314888A

Abstract

A communication method and apparatus, and a storage medium, for use in reducing the risk of information leakage. In the present application, a network device sends a first message to a terminal device, the first message being not subjected to security protection and comprising first user configuration information of the terminal device; the network device sends a second message to the terminal device, the second message being subjected to security protection and comprising second user configuration information of the terminal device, and the second user configuration information being different from the first user configuration information; and the network device performs data transmission with the terminal device according to the second user configuration information. Since the first message is not subjected to security protection, the first user configuration information is easily obtained by an attacker; and since the second user configuration information transmitted by means of the second message that is subjected to security protection is different from the first user configuration information, it is not easy for the attacker to obtain the second user configuration information from the second message that is subjected to security protection, such that the security of data transmission can be improved.

Description

A communication method, device and storage medium

Cross References to Related Applications

This application claims the priority of the Chinese patent application with the application number 202110501160.4 and the application title "A communication method, device and storage medium" submitted to the China Patent Office on May 8, 2021, the entire contents of which are incorporated herein by reference. Applying.

technical field

The present application relates to the technical field of communication, and in particular to a communication method, device and storage medium.

Background technique

When the terminal device is in an idle state, the terminal device and the network device are in an out-of-synchronization state, and the terminal device lacks available uplink resources. Once the terminal device needs to send uplink data or download downlink data, it needs to switch from the idle state to the connected state through a random access process.

During the random access process, the terminal device sends a random access request to the network device. The network device returns a random access response to the terminal device, and performs uplink authorization on the terminal device in the random access response. Afterwards, the terminal device may send a radio resource control (radio resource control, RRC) establishment request. The network device returns an RRC setup response to the terminal device. The RRC establishment response includes user-specific configuration information.

It should be noted that these four steps are all transmitted on the public channel, and the security of the access layer has not been activated, and the attacker can obtain all information, for example, the user configuration information included in the RRC establishment response. If the terminal device transmits data according to the user configuration information, it will cause information leakage to a large extent.

Contents of the invention

The present application provides a communication method, device and storage medium to reduce the risk of information leakage.

In a first aspect, the present application provides a communication method, including: a network device sends a first message to a terminal device, the first message is not protected by security, and the first message includes first user configuration information of the terminal device. The network device sends a second message to the terminal device, the second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information. The network device performs data transmission with the terminal device according to the second user configuration information. Since the first message is not protected by security, the first user configuration information is easily obtained by an attacker, and since the second user configuration information transmitted through the second message protected by security is different from the first user configuration information, the attacker cannot It is easy to obtain the configuration information of the second user from the second message protected by security, so that the security of data transmission can be improved.

In a possible implementation manner, the first user configuration information includes first downlink control information; the second user configuration information includes second downlink control information. In this way, the risk of downlink control information leakage can be reduced, thereby further improving data security.

In a possible implementation manner, at least one of the first user configuration information or the second user configuration information includes at least one of the following:

Scrambling code identification; partial bandwidth; the position of the start symbol of the physical downlink control channel; the number of start symbols of the physical downlink control channel; the length of the downlink control information; the candidate set; or, the time domain table of the physical downlink shared channel. In this way, the confidentiality of the physical layer parameters in the downlink control information can be improved, thereby reducing the possibility of leakage.

In a possible implementation manner, the first message is a radio resource control establishment response message; the second message is a radio resource control configuration message or a radio resource control reconfiguration message. In this way, it can be further compatible with the existing technology.

In a possible implementation manner, the second user configuration information is used to assist message transmission of at least one of a medium access control layer, a radio link control layer, or a physical layer. In this way, the information received by the radio resource control layer can be used to protect the information of at least one of the medium access control layer, the radio link control layer, or the physical layer, thereby improving the security of the underlying information. And because at least one message transmission in the media access control layer, the radio link control layer, or the physical layer may not be protected by security, because the media access control layer, radio link control layer, or A message of at least one of the radio link control layer or the physical layer can improve the security of information in such underlying messages.

In a possible implementation manner, after the network device sends the first message to the terminal device and before the network device sends the second message to the terminal device, it further includes that the network device receives a security mode command completion message, and the security mode command completion message is used to Indicates that access stratum or non-access stratum security is active. Since the first message is sent before receiving the security mode command completion message, the first message has not received security protection, so the first user configuration information is easily obtained by an attacker. Since the second user configuration information is sent after the security protection is activated, the second user configuration information can be protected, thereby improving the security of data transmission.

In a possible implementation manner, the network device is an access network element or a mobility management network element. When the network device is a base station, the security mode command completion message is used to indicate activation of security protection at the access layer. When the network device is a mobility management network element, the security mode command completion message is used to indicate that the security protection of the non-access stratum is activated.

In a possible implementation manner, the network device sending the second message to the terminal device includes: the network device sending the second message to the terminal device according to indication information used to indicate that configuration information of the terminal device needs to be protected by security. In this way, after obtaining the indication information indicating that the configuration information of the terminal device needs to be protected by security, the solution provided by the embodiment of the present application can be enabled. If the indication information used to indicate that the configuration information of the terminal device needs to be protected by security is not obtained , then it may not be required to carry the user configuration information in the second message or the user configuration information carried in the second message is not required to be different from the first user configuration information, thereby improving data transmission efficiency.

In a possible implementation manner, the indication information used to indicate that the configuration information of the terminal device needs to be protected by security includes at least one of the following contents:

The third instruction information received by the network device, the third instruction information is used to indicate that the configuration information of the terminal device needs to be protected; the access layer security mode command completion message received by the network device, the access layer security mode command completion message is used It is used to indicate the activation of security protection at the access layer; the configuration information of the preset network equipment; the information used to indicate that the information type of the information to be sent matches the preset information type that needs to be protected by security; or, the capability information of the terminal equipment , the capability information of the network device. In this way, the flexibility of the scheme can be improved.

In a possible implementation manner, the third indication information includes at least one of the following contents: a security level of the terminal device, a session security requirement, a security capability of the terminal device, or a core network security policy corresponding to the terminal device. In this way, it can be determined whether to improve the security of the user configuration information of the terminal device according to information such as the security level of the terminal device, so that personalized customization can be provided, for example, different information protection policies can be provided for terminal devices with different security levels.

In a possible implementation manner, the preset information types that need to be protected by security include at least one of the following: media access control layer information that needs to be protected by security; information that needs to be protected by radio link control layer ; or, Physical layer information to be protected by security. In this way, since the underlying information is not protected by integrity and confidentiality security, the underlying information can be protected through the solution provided by this application, thereby improving information security and reducing the possibility of information leakage.

In a second aspect, the present application provides a communication method, the method further includes: the network device sends a third message to the terminal device, the third message includes first indication information, and the first indication information is used to indicate the first corresponding relationship of the terminal device , the first correspondence is the correspondence between the information type identifier and the index value. The network device sends a fourth message to the terminal device, where the fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence relationship. Since the fourth message no longer carries the information type identifier, but the index value corresponding to the information type identifier, after the attacker obtains the fourth message, it can increase the difficulty of cracking, and may not be able to obtain the correct information type identifier, so that further Improve the security of data transmission.

In a possible implementation manner, the information type identifier includes a logical channel identifier. This can increase the difficulty for an attacker to obtain the logical channel identifier, thereby improving the security of information transmission.

In a possible implementation manner, the first indication information includes at least one of the following contents: the first corresponding relationship; in this way, the terminal device does not need to recalculate the first corresponding relationship, so that the calculation amount of the terminal device can be reduced.

In a possible implementation manner, the preset rule is used to generate the first correspondence; in this way, the amount of data to be transmitted by the network device can be reduced.

In a possible implementation manner, a preset calculation formula used to generate the first correspondence relationship. In this way, the amount of data to be transmitted by the network device can be reduced. And it can also improve the flexibility of the scheme.

In a possible implementation manner, the index value in the first correspondence can be obtained through one of the following: calculated by a randomization algorithm; obtained according to a preset rule; according to the information type identifier and the preset first calculated by a calculation formula; or calculated according to a preset value and a preset second calculation formula. In this way, the flexibility of the scheme can be improved.

In a possible implementation manner, the first correspondence includes a correspondence between a first information type identifier and a first index value, and the second correspondence includes a correspondence between the first information type identifier and a second index value. The first index value and the first index value are different. Wherein, the second correspondence is the correspondence between an information type identifier and an index value corresponding to a terminal equipment other than the terminal equipment; or, the first correspondence is the correspondence corresponding to the first bearer of the terminal equipment, and the second correspondence The relationship is the correspondence between the information type identifier corresponding to the second bearer of the first terminal device and the index value. That is to say, the correspondence between the information type identifier and the index value can be at the granularity of the terminal device or at the granularity of the bearer, and can be set flexibly. Compared with using a set of correspondence for all terminal devices, this embodiment can Further improve security.

In a possible implementation manner, the third message is protected by security. In this way, the first corresponding relationship can be protected, and it is difficult for an attacker to obtain the first corresponding relationship, so the security of data transmission can be improved. The third message is a radio resource control layer message, so it can be better compatible with the existing technology.

In a possible implementation manner, the fourth message is a medium access control layer message, a radio link control layer message; or a physical layer message. The fourth message is not secured. In this way, the information received by the radio resource control layer can be used to protect the information of at least one of the medium access control layer, the radio link control layer, or the physical layer, thereby improving the security of the underlying information. And because at least one message transmission in the media access control layer, the radio link control layer, or the physical layer may not be protected by security, because the media access control layer, radio link control layer, or A message of at least one of the radio link control layer or the physical layer can improve the security of information in such underlying messages.

In a possible implementation manner, the fourth message is: a message of a media access control control element. In this way, the media access control control element message can be better protected, and the security of the media access control control element message can be improved.

In a possible implementation manner, the fourth message is a secondary cell activation message, and the fourth message is used to request activation of the secondary cell. In this way, the security of the secondary cell activation message can be improved.

In a possible implementation manner, the network device sending the fourth message to the terminal device includes: the network device sending the fourth message to the terminal device according to indication information used to indicate that configuration information of the terminal device needs to be protected by security. In this way, it is possible to flexibly choose whether to further protect the information according to whether to obtain the indication information used to indicate that the configuration information of the terminal device needs to be protected, thereby improving the flexibility of the solution.

Regarding the content of the indication information obtained by the network device and used to indicate that the configuration information of the terminal device needs to be protected by security, refer to the related introduction of the foregoing first aspect, and details will not be repeated here.

In a third aspect, the present application provides a communication method, and the method further includes: a network device sending a third message to a terminal device. The third message includes the second indication information. The second indication information is used to indicate a third correspondence, and the third correspondence includes correspondences between cell identities and cell index numbers of the N1 secondary cells of the terminal device. N1 is a positive integer; wherein, the third correspondence is obtained based on N0 cells, N0 cells include N1 secondary cells and preset N2 interfering cells, N2 is a positive integer, and N0 is the sum of N1 and N2. The network device sends a fourth message to the terminal device, the fourth message includes a first field, and the first field carries: activation indication information corresponding to cell index numbers of N0 cells, activation indication information corresponding to cell index numbers of cells among the N0 cells It is used to indicate whether the cell is activated or deactivated. Since the index number is generated for the cell according to the interfering cell and the secondary cell, and the activation indication information of the interfering cell is added to the first field, it is difficult for the attacker to obtain the correct activation cell information from the information in the first field. This increases the difficulty for attackers to obtain private information.

In a possible implementation manner, the third correspondence further includes: a correspondence between a cell identifier of at least one interfering cell among the N2 interfering cells and a cell index number. In this way, the terminal device can determine which cells corresponding to the activation indication information in the fourth message are interfering cells, so that part of the information can be discarded, and then the correct cell index number of the activated cell can be obtained.

In a possible implementation manner, the third message further includes indication information for indicating that the cell corresponding to the cell identifier of the interfering cell is the interfering cell. In this way, the terminal device can determine which cells corresponding to the cell index numbers are interfering cells, thereby laying a foundation for subsequently removing information corresponding to the interfering cells from the first field.

In a possible implementation manner, for at least one interfering cell among the N2 interfering cells, the activation indication information corresponding to the cell index number of the interfering cell indicates that the interfering cell is activated. In this way, it can increase the difficulty for an attacker to obtain the correct number of activated cells.

In a possible implementation manner, the cell index number of the cell in the N0 cells is: the serial number of the cell obtained by sorting the N1 secondary cells and the N2 interfering cells;

The first field sequentially carries the activation instruction information corresponding to the N0 cells according to the serial numbers of the cells in the N0 cells. In this way, it can be further compatible with the existing technology.

In a possible implementation manner, N1 is an integer greater than 1, there are at least two secondary cells, and the cell sequence numbers of at least one interfering cell are included between the cell sequence numbers of the two secondary cells. In this way, it can further increase the difficulty for an attacker to obtain the correct number of secondary cells.

In a possible implementation manner, the third correspondence is the correspondence between the cell IDs of the N0 cells and the cell index numbers, and the third correspondence includes the correspondence between the cell IDs of the first interfering cell and the first cell index numbers relation. The fourth correspondence includes the correspondence between the cell identifier of the first interfering cell and the index number of the second cell. The first cell index number and the second cell index number are different. Wherein, the fourth correspondence is the correspondence between the secondary cell of the terminal equipment other than the terminal equipment and the preset cell identifier and cell index number of at least one interfering cell. Alternatively, the third correspondence is the correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is the cell identity and cell identity of at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interfering cell Correspondence between index numbers. That is to say, the correspondence between the cell ID and the cell index number can be at the granularity of the terminal device or at the granularity of the bearer, and can be flexibly set. Compared with using a set of correspondence for all terminal devices, this embodiment can Further improve security.

In a possible implementation manner, the fourth message is a medium access control layer message, a radio link control layer message, or a physical layer message. The fourth message is not secured. In this way, the information received by the radio resource control layer can be used to protect the information of at least one of the medium access control layer, the radio link control layer, or the physical layer, thereby improving the security of the underlying information. And because at least one message transmission in the media access control layer, the radio link control layer, or the physical layer may not be protected by security, because the media access control layer, radio link control layer, or A message of at least one of the radio link control layer or the physical layer can improve the security of information in such underlying messages.

In a fourth aspect, the present application provides a communication method, the method includes a terminal device receiving a first message from a network device, the first message is not protected by security, and the first message includes first user configuration information of the terminal device. The terminal device receives the second message from the network device, the second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information. The terminal device performs data transmission according to the configuration information of the second user. Since the first message is not protected by security, the first user configuration information is easily obtained by an attacker, and since the second user configuration information transmitted through the second message protected by security is different from the first user configuration information, the attacker cannot It is easy to obtain the configuration information of the second user from the second message protected by security, so that the security of data transmission can be improved.

In a possible implementation manner, at least one item of the first user configuration information or the second user configuration information includes at least one of the following contents: a scrambling code identifier; a partial bandwidth; The position; the number of start symbols of the physical downlink control channel; the length of the downlink control information; the candidate set; or, the time domain table of the physical downlink shared channel. In this way, the confidentiality of the physical layer parameters in the downlink control information can be improved, thereby reducing the possibility of leakage.

In a possible implementation manner, the terminal device performs data transmission according to the second user configuration information, including: the terminal device transmits the physical layer, media access control layer or radio link control layer according to the second user configuration information in the second message at least one of the messages. In this way, the information received by the radio resource control layer can be used to protect the information of at least one of the medium access control layer, the radio link control layer, or the physical layer, thereby improving the security of the underlying information.

For the content and beneficial effects of the first message and the second message, please refer to the relevant introduction of the first aspect above, and details are not repeated here.

In a fifth aspect, the present application provides a communication method, the method further includes: the terminal device receives a third message from the network device, the third message includes first indication information, and the first indication information is used to indicate the first correspondence corresponding to the terminal device. relationship, the first corresponding relationship is the corresponding relationship between the information type identifier and the index value. The terminal device receives a fourth message sent from the network device to the terminal device, where the fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence. The terminal device determines the information type identifier corresponding to the index value in the fourth message according to the first indication information. Since the fourth message no longer carries the information type identifier, but the index value corresponding to the information type identifier, after the attacker obtains the fourth message, it can increase the difficulty of cracking, and may not be able to obtain the correct information type identifier, so that further Improve the security of data transmission.

In a possible implementation manner, the information type identifier includes: a logical channel identifier. This can increase the difficulty for an attacker to obtain the logical channel identifier, thereby improving the security of information transmission.

In a possible implementation manner, the first indication information includes: the first corresponding relationship; in this way, the terminal device does not need to recalculate the first corresponding relationship, so that the calculation amount of the terminal device can be reduced.

In a possible implementation manner, the first indication information includes: a first corresponding relationship; a preset rule for generating the first corresponding relationship; in this way, the amount of data to be transmitted by the network device can be reduced.

In a possible implementation manner, the first indication information includes: a first corresponding relationship; and a preset calculation formula used to generate the first corresponding relationship. In this way, the amount of data to be transmitted by the network device can be reduced. And it can also improve the flexibility of the scheme.

In a possible implementation manner, the first correspondence includes the correspondence between the first information type identifier and the first index value, and the second correspondence includes the correspondence between the first information type identifier and the second index value. The first index value is different from the first index value. Wherein, the second correspondence is a correspondence between an information type identifier and an index value corresponding to a terminal device other than the terminal device. Alternatively, the first correspondence is the correspondence corresponding to the first bearer of the terminal device, and the second correspondence is the correspondence between the information type identifier and the index value corresponding to the second bearer of the first terminal device. That is to say, the correspondence between the information type identifier and the index value can be at the granularity of the terminal device or at the granularity of the bearer, and can be set flexibly. Compared with using a set of correspondence for all terminal devices, this embodiment can Further improve security.

In a possible implementation manner, the third message is protected by security. In this way, the first corresponding relationship can be protected, and it is difficult for an attacker to obtain the first corresponding relationship, so the security of data transmission can be improved.

In a possible implementation manner, the third message is a radio resource control layer message, so that it can be better compatible with the existing technology.

For the contents and beneficial effects of the third message and the fourth message, please refer to the relevant introduction of the second aspect above, and details will not be repeated here.

In a sixth aspect, the present application provides a communication method, the method further includes: the terminal device receives a third message from the network device, the third message includes second indication information, the second indication information is used to indicate the third correspondence, and the third The corresponding relationship includes the corresponding relationship between the cell identifiers of the N1 secondary cells of the terminal device and the cell index number; N1 is a positive integer; wherein, the third corresponding relationship is obtained based on N0 cells, and the N0 cells include N1 secondary cells and preset N2 interfering cells, N2 is a positive integer, and N0 is the sum of N1 and N2. The terminal device receives from the network device, the fourth message includes a first field, and the first field carries: activation indication information corresponding to the cell index numbers of N0 cells, and the activation indication information corresponding to the cell index numbers of the cells in the N0 cells is used for Indicates whether the cell is active or not. The terminal device determines the activated secondary cell among the N2 secondary cells according to the second indication information. Since the index number is generated for the cell according to the interfering cell and the secondary cell, and the activation indication information of the interfering cell is added to the first field, it is difficult for the attacker to obtain the correct activation cell information from the information in the first field. This increases the difficulty for attackers to obtain private information.

In a possible implementation manner, the third correspondence further includes: a correspondence between a cell identifier of at least one interfering cell among the N2 interfering cells and a cell index number. In this way, the terminal device can determine which cells corresponding to the activation indication information in the fourth message are interfering cells, so that this part of information can be discarded, and then the correct cell index number of the activated cell can be obtained.

In a possible implementation manner, the cell index number of the cell in the N0 cells is: the serial number of the cell obtained by sorting the N1 secondary cells and the N2 interfering cells. The first field sequentially carries the activation instruction information corresponding to the N0 cells according to the serial numbers of the cells in the N0 cells. In this way, it can be further compatible with the existing technology.

In a possible implementation manner, the third correspondence is the correspondence between the cell IDs of the N0 cells and the cell index numbers, and the third correspondence includes the correspondence between the cell IDs of the first interfering cell and the first cell index numbers relation. The fourth correspondence includes the correspondence between the cell identifier of the first interfering cell and the index number of the second cell. The first cell index number and the second cell index number are different. Wherein, the fourth correspondence relationship is a correspondence relationship between a secondary cell of a terminal equipment other than the terminal equipment corresponding to a cell identifier and a cell index number of at least one preset interfering cell. Alternatively, the third correspondence is the correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is the cell identity and cell identity of at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interfering cell Correspondence between index numbers. That is to say, the correspondence between the cell ID and the cell index number can be at the granularity of the terminal device or at the granularity of the bearer, and can be flexibly set. Compared with using a set of correspondence for all terminal devices, this embodiment can Further improve security.

For the content and beneficial effects of the third message and the fourth message, please refer to the relevant introduction of the aforementioned third aspect, and details will not be repeated here.

Corresponding to any communication method from the first aspect to the sixth aspect, the present application further provides a communication device. The communication device may be any device at the sending end or device at the receiving end that performs data transmission in a wireless manner. For example, a communication chip, a terminal device, or a network device (such as a base station, etc.). In the communication process, the device at the sending end and the device at the receiving end are relative. In some communication processes, the communication device can be used as the above-mentioned network equipment or a communication chip that can be used in network equipment; in some communication processes, the communication device can be used as the above-mentioned terminal equipment or a communication chip that can be used in terminal equipment.

In a seventh aspect, a communication device is provided, including a communication unit and a processing unit, so as to implement any implementation manner of any communication method in the first aspect to the sixth aspect. The communication unit is used to perform functions related to transmission and reception. Optionally, the communication unit includes a receiving unit and a sending unit. In one design, the communication device is a communication chip, and the communication unit may be an input-output circuit or port of the communication chip.

In another design, the communication unit may be a transmitter and a receiver, or the communication unit may be a transmitter and a receiver.

Optionally, the communication device further includes various modules that can be used to implement any implementation manner of any communication method from the first aspect to the sixth aspect.

In an eighth aspect, a communication device is provided, and the communication device is the above-mentioned terminal device or network device. Includes processor and memory. Optionally, a transceiver is also included, the memory is used to store computer programs or instructions, the processor is used to call and run the computer programs or instructions from the memory, and when the processor executes the computer programs or instructions in the memory, the The communication device executes any implementation manner of any communication method in the foregoing first aspect to the sixth aspect.

Optionally, there are one or more processors, and one or more memories.

Optionally, the memory may be integrated with the processor, or the memory may be separated from the processor.

Optionally, the transceiver may include a transmitter (transmitter) and a receiver (receiver).

In a ninth aspect, a communication device is provided, including a processor. The processor is coupled with the memory, and may be used to execute any one of the first aspect to the sixth aspect, and the method in any possible implementation manner of the first aspect to the sixth aspect. Optionally, the communication device further includes a memory. Optionally, the communication device further includes a communication interface, and the processor is coupled to the communication interface.

In an implementation manner, the communication device is a terminal device. When the communication device is a terminal device, the communication interface may be a transceiver, or an input/output interface. Optionally, the transceiver may be a transceiver circuit. Optionally, the input/output interface may be an input/output circuit.

In another implementation manner, the communication device is a network device. When the communication device is a network device, the communication interface may be a transceiver, or an input/output interface. Optionally, the transceiver may be a transceiver circuit. Optionally, the input/output interface may be an input/output circuit.

In yet another implementation manner, the communication device is a chip or a chip system. When the communication device is a chip or a chip system, the communication interface may be an input/output interface, an interface circuit, an output circuit, an input circuit, pins or related circuits on the chip or the chip system. A processor may also be embodied as processing circuitry or logic circuitry.

In a tenth aspect, a system is provided, and the system includes the above-mentioned terminal device and network device.

In an eleventh aspect, a computer program product is provided, and the computer program product includes: a computer program (also referred to as code, or an instruction), when the computer program is executed, the computer executes any possible The method in the implementation manner, or causing the computer to execute the method in any one of the implementation manners from the first aspect to the sixth aspect above.

In a twelfth aspect, a computer-readable storage medium is provided, and the computer-readable medium stores a computer program (also referred to as code, or an instruction) which, when running on a computer, enables the computer to perform any of the above-mentioned first aspects. A method in a possible implementation manner, or causing a computer to execute the method in any one of the implementation manners from the first aspect to the sixth aspect above.

In a thirteenth aspect, a chip system is provided, and the chip system may include a processor. The processor is coupled with the memory, and may be used to execute any one of the first aspect to the sixth aspect, and the method in any possible implementation manner of any one of the first aspect to the sixth aspect. Optionally, the chip system further includes a memory. Memory, used to store computer programs (also called code, or instructions). A processor, configured to call and run a computer program from a memory, so that the device installed with the system-on-a-chip executes any one of the first to sixth aspects, and any possible one of any one of the first to sixth aspects method in the implementation.

In a fourteenth aspect, a processing device is provided, including: an input circuit, an output circuit, and a processing circuit. The processing circuit is used to receive signals through the input circuit and transmit signals through the output circuit, so that any one of the first aspect to the sixth aspect, and the method in any possible implementation manner of the first aspect to the sixth aspect are realized.

In a specific implementation process, the above-mentioned processing device may be a chip, the input circuit may be an input pin, the output circuit may be an output pin, and the processing circuit may be a transistor, a gate circuit, a flip-flop, and various logic circuits. The input signal received by the input circuit may be received and input by, for example but not limited to, the receiver, the output signal of the output circuit may be, for example but not limited to, output to the transmitter and transmitted by the transmitter, and the input circuit and the output The circuit may be the same circuit, which is used as an input circuit and an output circuit respectively at different times. The embodiment of the present application does not limit the specific implementation manners of the processor and various circuits.

Description of drawings

Figure 1 is a schematic diagram of a 5G network architecture based on a service architecture;

Figure 2 is a schematic diagram of a 5G network architecture based on a point-to-point interface;

Figure 3a is a schematic structural diagram of a control plane protocol stack under a 5G communication system;

Figure 3b is a schematic structural diagram of a user plane protocol stack in a 5G communication system;

FIG. 4 is a schematic structural diagram of a communication device provided in an embodiment of the present application;

FIG. 5 is a schematic flowchart of a communication method provided by an embodiment of the present application;

FIG. 6 is a schematic flowchart of another communication method provided by the embodiment of the present application;

FIG. 7 is a schematic flowchart of another communication method provided by the embodiment of the present application;

FIG. 8 is a schematic structural diagram of a possible MAC PDU provided by the embodiment of the present application;

FIG. 9 is a schematic flowchart of another communication method provided by the embodiment of the present application;

FIG. 10 is a schematic flowchart of another communication method provided by the embodiment of the present application;

FIG. 11 is a schematic structural diagram of another communication device provided by an embodiment of the present application.

Detailed ways

The communication system applicable to this application may include terminal equipment and network equipment, and the network equipment may be an access network equipment (such as the following (wireless) access network (radio access network, (R) AN) network element), or a core network equipment, or a module, component or chip inside an access network device, or a module, component or chip inside a core network device, and the like. The communication system applicable to this application can be the fifth generation (5th generation, 5G) network architecture, of course, it can also be used in other network architectures, such as the Global System of Mobile communication (GSM) system, code division multiple access (Code Division Multiple Access, CDMA) system, Wideband Code Division Multiple Access (WCDMA) system, General Packet Radio Service (GPRS), Long Term Evolution (LTE) system, Advanced long term evolution (LTE-A) system, Universal Mobile Telecommunications System (UMTS), evolved Long Term Evolution (eLTE) system and future 6G and other mobile communications system.

In the embodiment of the application, the embodiment of the application is introduced by taking the application of the embodiment of the application to the 5G network architecture as an example. There are many possible architectures for the 5G network architecture. Figure 1 is a possible 5G network architecture provided by the embodiment of the application. A schematic diagram of the network architecture. The communication system architecture applicable to the embodiment of the present application is introduced below in conjunction with FIG. 1. As shown in FIG. 1, the network architecture generally includes the following devices, network elements, and networks:

1. Terminal equipment.

In FIG. 1, the terminal equipment is shown as an example of user equipment (user equipment, UE). In a specific implementation, the terminal device in the embodiment of the present application may be a device for implementing a wireless communication function. Wherein, the terminal equipment may be a user equipment (user equipment, UE), an access terminal, a terminal unit, a terminal station, a mobile station, or a mobile station in a 5G network or a future evolved public land mobile network (PLMN). , remote station, remote terminal, mobile device, wireless communication device, terminal agent or terminal device, etc. An access terminal may be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a Functional handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices or wearable devices, virtual reality (virtual reality, VR) terminal devices, augmented reality (augmented reality, AR) terminal devices, industrial control (industrial Wireless terminals in control, wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, wireless terminals in transportation safety Terminals, wireless terminals in smart cities, wireless terminals in smart homes, etc. Terminals can be mobile or fixed.

The above-mentioned terminal device can establish a connection with the operator network through an interface provided by the operator network (such as N1, etc.), and use services such as data and/or voice provided by the operator network. The terminal device can also access the DN through the operator's network, and use the operator's service deployed on the DN, and/or the service provided by a third party. Wherein, the above-mentioned third party may be a service party other than the operator's network and the terminal device, and may provide other services such as data and/or voice for the terminal device. Among them, the specific form of expression of the above-mentioned third party can be determined according to the actual application scenario, and is not limited here.

2. (wireless) access network (radio access network, (R) AN) network element: used to provide network access functions for authorized terminal equipment in a specific area, and can use different quality network elements according to the level of terminal equipment and business requirements. transport tunnel.

(R)AN is a sub-network of the operator's network, and is an implementation system between service nodes and terminal equipment in the operator's network. To access the operator's network, the terminal equipment first passes through the RAN, and then can be connected to the service node of the operator's network through the RAN. The RAN device in this application is a device that provides a wireless communication function for a terminal device, and the RAN device is also called an access network device. The RAN equipment in this application includes but is not limited to: next-generation base station (g nodeB, gNB) in 5G, evolved node B (evolved node B, eNB), radio network controller (radio network controller, RNC), node B (node B, NB), base station controller (base station controller, BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved nodeB, or home node B, HNB), baseband unit (baseBand unit, BBU), transmission point (transmitting and receiving point, TRP), transmission point (transmitting point, TP), mobile switching center, etc.

3. User plane network element: used for packet routing and forwarding and quality of service (QoS) processing of user plane data.

As shown in Figure 1, in a 5G communication system, the user plane network element may be a user plane function (user plane function, UPF) network element, for example, may include an intermediate user plane function (intermediate user plane function, I-UPF) network element, or at least one of the anchor user plane function (PDU Session anchor user plane function, PSA-UPF) network element. In the future communication system, the user plane network element may still be a UPF network element, or may have other names, which are not limited in this application.

4. Data network (data network, DN) network element: used to provide a network for transmitting data.

As shown in Figure 1, in a 5G communication system, the data network may be DN1 and DN2. In future communication systems, the data network may still be a DN, or may have other names, which are not limited in this application.

5. Mobility management network element: mainly used for mobility management and access management, etc., and can be used to implement functions other than session management in mobility management network element (mobility management entity, MME) functions, for example, legal functions such as monitoring and access authorization/authentication.

As shown in FIG. 1, in a 5G communication system, the access and mobility management may be an access and mobility management function (access and mobility management function, AMF) network element. In the future communication system, the access and mobility management may still be an AMF network element, or may have other names, which are not limited in this application.

6. Session management network element: mainly used for session management, Internet protocol (internet protocol, IP) address allocation and management of terminal equipment, selection of manageable user plane functions, policy control and charging interface endpoints and downlink data notification etc.

As shown in Figure 1, in a 5G communication system, the session management network element may be a session management function (session management function, SMF) network element, for example, may include an intermediate session management function (intermediate session management function, I-SMF) network element, or at least one item in an anchor session management function (anchor session management function, A-SMF) network element. In the future communication system, the session management network element may still be an SMF network element, or may have other names, which are not limited in this application.

7. Policy control network element: a unified policy framework for guiding network behavior, providing policy rule information, etc. for control plane functional network elements (such as AMF, SMF network elements, etc.).

As shown in FIG. 1, in a 5G communication system, the policy control network element may be a policy control function (policy control function, PCF) network element. In the future communication system, the policy control network element may still be a PCF network element, or may have other names, which are not limited in this application.

8. Authentication service network element: used for authentication services, generating keys to realize two-way authentication of terminal equipment, and supporting a unified authentication framework.

As shown in FIG. 1, in a 5G communication system, the authentication service network element may be an authentication server function (authentication server function, AUSF) network element. In the future communication system, the authentication service function network element may still be an AUSF network element, or may have other names, which are not limited in this application.

9. Data management network element.

As shown in Figure 1, in the 5G communication system, the data management network element can be a unified data management (unified data management, UDM) network element, which can be used to process terminal device identification, access authentication, registration and mobility management Wait. In the future communication system, the unified data management may still be a UDM network element, or may have other names, which are not limited in this application.

As shown in Figure 1, in the 5G communication system, the data management network element can also be a unified database (Unified Data Repository, UDR). It is responsible for the access function of contract data, policy data, application data and other types of data. For example, the PCF may obtain policy decision-related or corresponding subscription information from the UDR. In future communication systems, the unified database may still be UDR, or may have other names, which are not limited in this application.

10. Application network element: used for data routing for application impact, access to network elements with open network functions, and interaction with the policy framework for policy control, etc.

As shown in FIG. 1, in a 5G communication system, the application network element may be an application function (application function, AF) network element. In the future communication system, the application network element may still be an AF network element, or may have other names, which are not limited in this application.

11. Network storage network element: used to maintain real-time information of all network function services in the network.

In a 5G communication system, the network storage network element may be a network registry function (network repository function, NRF) network element. In the future communication system, the network storage network element may still be an NRF network element, or may have other names, which are not limited in this application.

12. Network slice selection network element: used to provide network slice selection function.

As shown in Figure 1, in the 5G communication system, the network slice selection network element can be a network slice selection function (Network Slice Selection Function, NSSF) network element. In the future communication system, the network slice selection network element can still be NSSF A network element, or, may also have other names, which are not limited in this application.

13. Network capability opening network element: used to provide network customization functions.

As shown in Figure 1, in the 5G communication system, the network capability exposure network element can be a network exposure function (network exposure function, NEF) network element. In the future communication system, the network capability exposure network element can still be a NEF network element. element, or may have other names, which are not limited in this application.

The applicable communication system architecture in this embodiment of the present application may also include other network elements, such as a network analysis function network element and a service communication function network element.

Among them, the network element with the network analysis function is used to provide the network slice instance-level data analysis function. For example, it is possible to obtain data, then use the data for training and analysis, and make corresponding inferences based on the analysis results. In a 5G communication system, the network analysis function network element may be a network analysis function (network analytics function, NWDAF) network element.

In Figure 1, Nnssf, Nausf, Nnef, Npcf, Nudm, Naf, Namf, Nsmf, N1, N2, N3, N4, and N6 are interface serial numbers. For the meanings of these interface serial numbers, refer to the meanings defined in the 3GPP standard protocol, and there is no limitation here.

It can be understood that the above-mentioned network element or function may be a network element in a hardware device, a software function running on dedicated hardware, or a virtualization function instantiated on a platform (for example, a cloud platform). The above-mentioned network elements or functions can be divided into one or more services, and further, there may also be services that exist independently of network functions. In this application, an instance of the above-mentioned function, or an instance of a service included in the above-mentioned function, or a service instance existing independently of the network function may be referred to as a service instance.

It should be noted that the embodiments of the present application are not limited to the above-mentioned system architecture, and can also be applied to other communication systems in the future, such as the 6th generation communication (the 6th generation, 6G) system architecture and the like. Moreover, the names of the various network elements used above in the embodiments of the present application may keep the same function in the future communication system, but the names will be changed.

Exemplarily, FIG. 2 exemplarily shows a schematic diagram of a service-based architecture-based 5G network architecture provided by an embodiment of the present application.

For the introduction of the functions of the network elements in FIG. 2 , reference may be made to the introduction of the functions of the corresponding network elements in FIG. 1 , which will not be repeated here. The main difference between Figure 2 and Figure 1 is that the interfaces between network elements in Figure 2 are point-to-point interfaces rather than service-oriented interfaces.

In the architecture shown in Figure 2, the interface names and functions between each network element are as follows:

1. N7: The interface between PCF and SMF, which is used to deliver protocol data unit (protocol data unit, PDU) session granularity and business data flow granularity control policy.

2. N15: the interface between the PCF and the AMF, used to issue UE policies and access control-related policies.

3. N5: the interface between the AF and the PCF, used for sending application service requests and reporting network events.

4. N4: The interface between SMF and UPF, which is used to transfer information between the control plane and the user plane, including controlling the distribution of forwarding rules for the user plane, QoS control rules, traffic statistics rules, etc., and reporting of user plane information .

5. N11: The interface between SMF and AMF, used to transfer PDU session tunnel information between RAN and UPF, transfer control messages sent to UE, transfer radio resource control information sent to RAN, etc.

6. N2: the interface between the AMF and the RAN, used to transmit radio bearer control information from the core network side to the RAN.

7. N1: The interface between the AMF and the UE, which has nothing to do with access, and is used to transfer QoS control rules to the UE.

8. N8: The interface between AMF and UDM, which is used for AMF to obtain subscription data and authentication data related to access and mobility management from UDM, and for AMF to register UE current mobility management related information with UDM.

9. N10: the interface between the SMF and the UDM, used for the SMF to obtain session management-related subscription data from the UDM, and for the SMF to register UE current session-related information with the UDM.

10. N35: interface between UDM and UDR, used for UDM to obtain user subscription data information from UDR.

11. N36: the interface between the PCF and the UDR, used for the PCF to obtain policy-related subscription data and application data-related information from the UDR.

12. N12: The interface between AMF and AUSF, used for AMF to initiate an authentication process to AUSF, which can carry SUCI as a subscription identifier;

13. N13: interface between UDM and AUSF, used for AUSF to obtain user authentication vector from UDM to execute the authentication process.

14. N22: an interface between the NSSF and the AMF, used for the AMF to receive slice selection information from the NSSF.

Fig. 3a exemplarily shows a schematic structural diagram of a control plane protocol stack in a 5G communication system, and Fig. 3b exemplarily shows a structural schematic diagram of a user plane protocol stack in a 5G communication system. As shown in Figure 3a, the control plane protocol stack of the terminal device may include: non-access (non-access stratum, NAS) layer, radio resource control (Radio Resource Control, RRC) layer, packet data convergence protocol (Packet Data Convergence Protocol) , PDCP) layer, radio link control (radio link control, RLC) layer, media access control (media access control, MAC) layer, physical (physical, PHY) layer. The control plane protocol stack of gNB may include: RRC layer, PDCP layer, RLC layer, MAC layer and PHY layer. AMF's control plane protocol stack may include a NAS layer.

As shown in Figure 3b, the user plane protocol stack of the terminal device may include: a service data adaptation protocol (service data adaptation protocol, SDAP) layer, a PDCP layer, an RLC layer, a MAC layer, and a PHY layer. The user plane protocol stack of gNB may include: SDAP layer, PDCP layer, RLC layer, MAC layer and PHY layer.

The following introduces the protocol stack in the communication system in conjunction with Fig. 3a and Fig. 3b:

1. NAS layer.

The NAS layer is the non-access layer, which can be mainly used for the connection and mobility control between the terminal equipment and the AMF. Although the AMF receives messages from the base station, it is not initiated by the base station. The base station only transparently transmits the message sent by the terminal device to the AMF and cannot identify or change this part of the message, so it is called NAS message. The NAS message is the interaction between the terminal device and the AMF, such as mobility and connection process messages such as attachment, bearer establishment, and service request.

2. RRC layer.

The RRC layer can be mainly used to handle all signaling between the terminal equipment and the network elements of the 5G communication system (messages between the user and the base station), including system information, admission control, security management, cell reselection, measurement reporting, Handover and mobility, NAS messaging, radio resource management, etc.

3. SDAP layer.

The SDAP layer is located above the packet data convergence protocol (PDCP) layer, and directly carries Internet protocol (internet protocol, IP) data packets, which can be used for the user plane. Responsible for the mapping between the quality of service (QoS) flow and the data resource bearer (data radio bearer, DRB) (data radio bearer), and add the quality of service flow identification (QoS flow identification, QFI) mark to the data packet.

4. PDCP layer.

The main functions of the 5G PDCP layer may include at least one of the following:

(1) User plane IP header compression (the compression algorithm can be jointly determined by the mobile phone and the base station);

(2) encryption/decryption (control plane/user plane);

(3) Control plane integrity verification (4G only has control plane, 5G user plane can be selectively verified);

(4) sorting and duplication detection;

(5) For the Option3X architecture under the NSA network, the PDCP of the gNodeB performs offloading and has a routing function.

5. RLC layer.

The RLC layer is located below the PDCP layer, and entities can be divided into transparent mode (Transparent mode, TM)_entity, unacknowledged mode (unacknowledged mode, UM) entity, unacknowledged mode (acknowledged mode, AM) entity, AM data transmission and reception share one entity , the UM and TM transceiver entities are separated, and the main functions are as follows:

(1) TM transparent mode (broadcast message), UM non-confirmation mode (voice service, delay requirement), AM confirmation mode (common service, high accuracy);

(2) Segmentation and reassembly (UM/AM, the packet size of the segment is determined by MAC, the wireless environment is better, and the wireless environment is poorer);

(3) Error correction (only for AM, automatic repeat request (automatic repeat request, ARQ), high accuracy).

6. MAC layer.

The function of the 5GMAC layer is similar to that of 4G. The main function is scheduling. The functions include: resource scheduling, mapping between logical channels and transport channels, multiplexing/demultiplexing, and HARQ (asynchronous uplink and downlink).

7. Physical (PHY) layer.

The main functions of the 5G physical layer may include: error detection, forward error correction (forward error correction, FEC) encryption and decryption, rate matching, physical channel mapping, adjustment and demodulation, frequency synchronization and time synchronization, wireless measurement, multi-input Multi-output technology (multi input multi output, MIMO) processing.

It should be noted that the RLC layer, the MAC layer, and the PHY layer are below the PDCP layer, and the messages transmitted on these layers are not protected by security, for example, they may not be protected by the security protection of the PDCP layer, or they may also be called not protected by confidentiality and Integrity protection.

In a possible implementation manner, the terminal device or network device in the embodiment of the present application may also be called a communication device, which may be a general-purpose device or a dedicated device, which is not specifically limited in the embodiment of the present application.

In yet another possible implementation, the relevant functions of the terminal device or network device in the embodiment of this application can be implemented by one device, or by multiple devices, or by one or more Function modules are implemented, which is not specifically limited in this embodiment of the present application. It can be understood that the above functions can be network elements in hardware devices, software functions running on dedicated hardware, or a combination of hardware and software, or instantiated on a platform (for example, a cloud platform) virtualization capabilities.

For example, related functions of the terminal device or network device in the embodiment of the present application may be implemented by the communication device 300 in FIG. 4 . FIG. 4 is a schematic structural diagram of a communication device 300 provided by an embodiment of the present application. The communication device 300 includes one or more processors 301, communication lines 302, and at least one communication interface (in FIG. 4, it is only exemplary to include a communication interface 304 and a processor 301 for illustration), optional can also include memory 303 .

Processor 301 may be a chip. For example, the processor 301 may be a field programmable gate array (field programmable gate array, FPGA), may be an application specific integrated circuit (ASIC), may also be a system chip (system on chip, SoC), or It can be a central processing unit (central processor unit, CPU), or a network processor (network processor, NP), or a digital signal processing circuit (digital signal processor, DSP), or a microcontroller (micro controller) unit, MCU), it can also be a programmable controller (programmable logic device, PLD) or other integrated chips.

In the implementation process, each step of the method in the embodiment of the present application may be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software. The steps of the methods disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor. The software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register. The storage medium is located in the memory 303, and the processor 301 reads the information in the memory 303, and completes the steps of the above method in combination with its hardware.

It should be noted that the processor 301 in the embodiment of the present application may be an integrated circuit chip, which has a signal processing capability. In the implementation process, each step of the above-mentioned method embodiments may be completed by an integrated logic circuit of hardware in a processor or instructions in the form of software. The above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components . Various methods, steps, and logic block diagrams disclosed in the embodiments of the present application may be implemented or executed. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register. The storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware.

Communication line 302 may include a path for connecting between different components.

The communication interface 304 may be a transceiver module for communicating with other devices or communication networks, such as Ethernet, RAN, wireless local area networks (wireless local area networks, WLAN) and the like. For example, the transceiver module may be a device such as a transceiver or a transceiver. Optionally, the communication interface 304 may also be a transceiver circuit located in the processor 301 to realize signal input and signal output of the processor.

The memory 303 may be a device having a storage function. It can be understood that the memory 303 in the embodiment of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available such as static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM ) and direct memory bus random access memory (direct rambus RAM, DR RAM). It should be noted that the memory of the systems and methods described herein is intended to include, but not be limited to, these and any other suitable types of memory. The memory may exist independently and be connected to the processor through the communication line 302 . Memory can also be integrated with the processor.

Wherein, the memory 303 is used to store computer-executed instructions for implementing the solution of the present application, and the execution is controlled by the processor 301 . The processor 301 is configured to execute computer-executed instructions stored in the memory 303, so as to implement the methods provided in the embodiments of the present application.

Or, optionally, in the embodiment of the present application, the processor 301 may also perform processing-related functions in the methods provided in the following embodiments of the present application, and the communication interface 304 is responsible for communicating with other devices or communication networks. The example does not specifically limit this.

Optionally, the computer-executed instructions in the embodiments of the present application may also be referred to as application program codes, which is not specifically limited in the embodiments of the present application.

In a specific implementation, as an embodiment, the processor 301 may include one or more CPUs, for example, CPU0 and CPU1 in FIG. 4 .

In a specific implementation, as an embodiment, the communications device 300 may include multiple processors, for example, the processor 301 and the processor 308 in FIG. 4 . Each of these processors may be a single-core processor or a multi-core processor. The processor here may include but not limited to at least one of the following: central processing unit (central processing unit, CPU), microprocessor, digital signal processor (DSP), microcontroller (microcontroller unit, MCU), or artificial intelligence Various types of computing devices that run software such as processors, each computing device may include one or more cores for executing software instructions to perform calculations or processing.

In a specific implementation, as an embodiment, the communication device 300 may further include an output device 305 and an input device 306 . Output device 305 is in communication with processor 301 and can display information in a variety of ways. For example, the output device 305 may be a liquid crystal display (liquid crystal display, LCD), a light emitting diode (light emitting diode, LED) display device, a cathode ray tube (cathode ray tube, CRT) display device, or a projector (projector) Wait. The input device 306 communicates with the processor 301 and can receive user input in various ways. For example, the input device 306 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.

The above-mentioned communication device 300 may sometimes also be referred to as a communication device, which may be a general-purpose device or a special-purpose device. For example, the communication device 300 can be a desktop computer, a portable computer, a network server, a personal digital assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, an embedded device, the above-mentioned terminal device, the above-mentioned network device, or a 4 devices with similar structures. The embodiment of the present application does not limit the type of the communication device 300 .

The following is a further introduction to the embodiment of this application based on the above content. Before that, it should be noted that in the description of this application, unless otherwise specified, "/" means that the objects associated with each other are an "or" relationship , for example, A/B can mean A or B; "and/or" in this application is only an association relationship describing associated objects, which means that there can be three kinds of relationships, for example, A and/or B can mean: A exists alone, A and B exist at the same time, and B exists alone, where A and B can be singular or plural. And, in the description of the present application, unless otherwise specified, "plurality" means two or more than two. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one item (piece) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple . In addition, in order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish the same or similar items with basically the same function and effect. Those skilled in the art can understand that words such as "first" and "second" do not limit the number and execution order, and words such as "first" and "second" do not necessarily limit the difference. Meanwhile, in the embodiments of the present application, words such as "exemplary" or "for example" are used as examples, illustrations or illustrations. Any embodiment or design scheme described as "exemplary" or "for example" in the embodiments of the present application shall not be interpreted as being more preferred or more advantageous than other embodiments or design schemes. To be precise, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete manner for easy understanding.

In addition, the network architecture and business scenarios described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. With the evolution of the network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

Based on the above content, FIG. 5 exemplarily shows a schematic flow chart of a communication method provided by an embodiment of the present application. The communication method can be executed by a network device and a terminal device, where the terminal device can be, for example, the aforementioned FIG. 1 and FIG. 2 , the terminal device in FIG. 3a, FIG. 3b or FIG. 4, the network device may be, for example, the access network element (such as gNB) or the mobility management network in the aforementioned FIG. 1, FIG. 2, FIG. 3a, FIG. 3b or FIG. The element (such as AMF) may also be other network elements, and only these two network elements are used as examples here. It can also be executed by chips or components inside the network equipment and chips or components inside the terminal equipment. As shown in Figure 5, the method includes:

S501. The network device sends a first message to the terminal device. Correspondingly, the terminal device receives the first message from the network device. The first message is not protected by security, and the first message includes first user configuration information of the terminal device.

In a possible implementation manner, the first user configuration information may be an RRC message. This first message is sent before security activation and is not secured. The network device performs data transmission with the terminal device according to the first user configuration information.

S502. The network device acquires indication information used to indicate that the configuration information of the terminal device needs to be protected by security.

It should be noted that S502 is an optional step and is not required. In the figure, S502 is marked as a dotted line, which means that S502 can be executed or not. That is, S502 may not be executed before S503, but S502 may also be executed. Wherein, if S502 is executed before S503, there is no necessary sequence relationship between S502 and S501, and S501 can be executed first and then S502, or S502 can be executed first, and then S501 can be executed. In yet another possible implementation manner, S502 may also occur after the security protection of the terminal device's access layer or non-access layer is activated. Do explain.

In the embodiment of the present application, there are many ways for the network device to obtain the indication information used to indicate that the configuration information of the terminal device needs to be protected by security, and the following will introduce them respectively:

Embodiment a1

The indication information used to indicate that the configuration information of the terminal device needs to be protected by security is: the third indication information received by the network device. The third indication information is used to indicate that the configuration information of the terminal device needs to be protected by security.

In this embodiment a1, other network elements, such as core network elements, may send the third indication information to the network device (such as gNB or AMF), and correspondingly, the network device receives the third indication information.

In a possible implementation manner, the third indication information includes at least one of the following:

The security level of the terminal device, the session security requirement, the security capability of the terminal device, or the core network security policy corresponding to the terminal device.

The following takes the third indication information as an example of the security level of the terminal device as an example, and other contents are similar and will not be repeated here. The network element of the core network issues the security level of the terminal equipment to the network equipment. In one possible implementation mode, the network element side of the core network issues the security level of the terminal equipment for the terminal equipment with a higher security level. Another In a possible implementation manner, the network element of the core network may deliver the security level of the terminal device to the terminal device having security level information, that is, the network element of the core network may or may not screen according to the security level of the terminal device. In yet another possible implementation manner, for the network device side, after receiving the security level of the terminal device, the network device may infer that the configuration information of the terminal device needs to be protected by security. Alternatively, the network device may also judge according to the received security level of the terminal device whether the security level satisfies the preset security level requirements, and if so, infer that the configuration information of the terminal device needs to be protected by security.

Embodiment a2

The indication information used to indicate that the configuration information of the terminal device needs to be protected by security is: the security mode command completion message received by the network device. The security mode command complete message is used to indicate the activation of access stratum or non-access stratum security protection.

In yet another possible implementation manner, the indication information used to indicate that the configuration information of the terminal device needs to be protected by security is: a security mode command completion message received by the network device and verified successfully, and the successful verification may indicate that the security The mode command complete message was successfully received.

When the network device is an access network element, such as a gNB, the security mode command completion message may be an access layer security mode command completion message, and the message may be used to indicate activation of access layer security protection. When the network device is a mobility management network element, such as an AMF, the security mode command completion message may be a non-access stratum security mode command completion message, and the message may be used to indicate activation of non-access stratum security protection.

Embodiment a3

The indication information used to indicate that the configuration information of the terminal device needs to be protected by security is: preset configuration information of the network device, or a preset policy of the network device.

There are many possible forms of configuration information or policies for network devices. For example, a network device is set to preset one or more durations. Within the preset duration, the configuration information of terminal devices that need to transmit signaling needs to be received safety protection. In this example, the network device may determine that the configuration information of the terminal device needs to be protected by security if it is determined that the current time is within the preset time period according to the preset time period.

In yet another possible implementation manner, the network device can set that terminal devices in a characteristic area need to be protected by security. In this case, the network device can determine whether the terminal device needs to be protected by security according to the area to which the terminal device belongs. The area may be the signal coverage area of the network device.

Embodiment a4

The indication information used to indicate that the configuration information of the terminal device needs to be protected by security is: the information used to indicate that the information type of the information to be sent matches the preset information type that needs to be protected by security.

In a possible implementation manner, some types of information that need to be protected by security may also be preset, such as some sensitive information that requires confidentiality protection, such as proprietary configuration information (UE specific config) of the terminal equipment, For example, cell configuration information (such as cell group config) and/or radio bearer configuration (such as radio bearer config) of the terminal device may be included.

In yet another possible implementation manner, the preset information types to be protected include at least one of the following:

MAC layer information that needs to be protected by security; information on the RLC layer that needs to be protected by radio link control; or information on the physical PHY layer that needs to be protected by security. Because the level of protection of the underlying information of the MAC layer, RLC layer and PHY layer is slightly insufficient in the prior art, therefore, in the embodiment of the present application, it is possible to target the sensitive MAC layer, RLC layer or PHY layer that needs confidentiality protection Additional protection of information, which can further improve the security of user information and reduce the possibility of information leakage.

Embodiment a5

The indication information used to indicate that the configuration information of the terminal device needs to be protected by security includes: capability information of the terminal device and capability information of the network device.

In this embodiment, if the capability information of the terminal device indicates that the terminal has capability support: the configuration information of the terminal device is protected by security, and the capability information of the network device indicates that the network device supports: security for the configuration information of the terminal device protection, the network device may determine to acquire the indication information used to indicate that the configuration information of the terminal device needs to be protected by security.

For example, if the capability information of the terminal device indicates that: the terminal device can support the network device to reconfigure user configuration information for it, and the network device also supports reconfiguring user configuration information for the terminal device, then the network device can determine to obtain An indication that the configuration information of the terminal device needs to be protected by security.

S503. The network device sends the second message to the terminal device. Correspondingly, the terminal device receives the second message from the network device. The second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information.

In a possible implementation manner, the user configuration information may include specific configuration information (UE specific config) of the terminal equipment. For another example, the user configuration information may include at least one item of cell configuration information (such as cell group config) or radio bearer configuration (such as radio bearer config) of the terminal device.

In yet another possible implementation manner, the user configuration information may include downlink control information. The first user configuration information includes first downlink control information; the second user configuration information includes second downlink control information.

In yet another possible implementation manner, at least one item of the first user configuration information or the second user configuration information includes at least one of the following:

scramble ID;

Partial bandwidth (bandwidth part, BWP);

The position of the start symbol of the physical downlink control channel (PDCCH);

The number of start symbols of PDCCH;

downlink control information (DCI) length;

a candidate set; or,

A time-domain table of a physical downlink shared channel (PDSCH).

Table 1 below exemplarily shows examples of the first user configuration information and the second user configuration information.

Table 1 Example of first user configuration information and second user configuration information

As shown in Table 1, for a parameter item, the value of the parameter item in the second user configuration information can be different from the parameter value in the first parameter item. For example, taking the time domain table of PDSCH as an example, the parameter is at most 16 In the first user configuration information, the contents of each row from row 0 to row 15 can be indicated, and the contents of rows 0 to 15 in the first user configuration information can be randomly changed in order to obtain the second user configuration information, such as Change the content of line 0 in the first user configuration information to line 5, so that the difficulty for an attacker to crack can be increased. The PDCCH may indicate to the terminal device which row to use.

In this embodiment of the application, the difference between the first user configuration information and the second user configuration information may mean that there is at least one parameter item in the second user configuration information, and the parameter value of the parameter item in the second user configuration information is the same as that in the second user configuration information The parameter values in the user configuration information are different. It may also mean that the parameter value of each parameter item in the second user configuration information is different from the parameter value of the parameter item in the first user configuration information. The parameter items in the second user configuration information may be the same as the parameter items in the first user configuration information. In yet another possible implementation manner, the parameter items in the second user configuration information may be different from the parameter items in the first user configuration information, for example, the parameter items in the second user configuration information may be less than or more than the first user configuration information. A parameter item in user configuration information.

In a possible implementation manner, at least one or all parameter items in the first user configuration information and the second user configuration information may be different. Or all the parameter items in the first user configuration information and the second user configuration information are the same, but the value of at least one parameter item or all parameter items may be different. In yet another possible implementation manner, the configuration objects or content of the first user configuration information and the second user configuration information may be the same, but the object values are different.

In a possible implementation manner, in the case where S502 is included before S503, S503 may be replaced by: the network device sends to the terminal device the information carrying the second user's Second message of configuration information.

In yet another possible implementation manner, if the network device does not obtain the indication information used to indicate that the configuration information of the terminal device needs to be protected by security, it may not be required to carry the information different from the first user configuration information in the second message. The second user configuration information. In this case, the second message may not carry or not carry the user configuration information, for example, it may carry the first user configuration information, but it is no longer required that the user configuration information carried in the second message User configuration information is different. If the second message does not carry user configuration information, the terminal device can transmit data with the network device according to the first user configuration information in the first message; if the second message carries user configuration information, the terminal device can transmit data according to Data is transmitted between the user configuration information carried in the second message and the network device. Since the first message is not protected by security, the first user configuration information in the first message is more likely to be leaked, and although the second message is protected by security, if the user configuration information carried in the second message is not required to be consistent with If the configuration information of the first user is different, the attacker may further steal other information according to the configuration information of the first user in the obtained first message, resulting in a relatively serious degree of information leakage.

S504, the network device performs data transmission with the terminal device according to the second user configuration information.

From the above content, it can be seen that since the first message is not protected by security, the first user configuration information in the first message is more likely to be leaked, while the second message is protected by security, and the second message is required to carry The configuration information of the second user is different from the configuration information of the first user. Therefore, the possibility of the attacker obtaining the configuration information of the second user is relatively small, and the possibility of further stealing other information based on the configuration information of the second user is also small. Thereby, the degree of information leakage can be reduced.

Based on the content shown in FIG. 5 , FIG. 6 exemplarily shows a schematic flowchart of another communication method provided by the embodiment of the present application. In the following, the network device is the gNB, the first message is the RRC establishment response, and the second message is the RRC reconfiguration message as an example to introduce in conjunction with FIG. 6 . As shown in Figure 6, the method includes:

S601. The terminal device sends a random access request to the network device. A network device receives a random access request from a terminal device.

In a possible implementation manner, when the terminal device is in an idle state, the terminal device and the network device are in an out-of-synchronization state, and the terminal device lacks available uplink resources. Once the terminal device needs to send uplink data or download downlink data, it needs to switch from the idle state to the connected state through a random access process. When the terminal device initiates a random access procedure, S601 may be executed.

The random access request can be a random access preamble.

S602. The network device sends a random access response to the terminal device, and performs uplink authorization on the terminal device in the random access response. The terminal device receives the random access response from the network device.

The random access response may be a random access response.

S603, the terminal device may send an RRC establishment request (also called an RRC establishment request message). The network device can receive the RRC establishment request from the terminal device.

The RRC establishment request may be an RRC setup request.

S604, the network device sends an RRC establishment response (also referred to as RRC establishment, or an RRC establishment response message) to the terminal device. The RRC setup response includes first user configuration information. The terminal device may receive the RRC setup response from the network device.

In this embodiment of the present application, S604 may be an example of the foregoing S501, and the first message may be an RRC establishment response in S604.

The RRC establishment response can be written as RRC setup, or RRC setup response.

User configuration information may include user-specific configuration information (eg, UE-specific config).

The user configuration information may include at least one item of cell configuration information (such as cell group config) or radio bearer configuration (such as radio bearer config) of the terminal device. The cell configuration information (such as cell group config) may include the configuration of the signaling radio bearer (signaling radio bearer, SRB) 1 message in the MAC layer, the phy layer, and the RLC layer.

S605. The terminal device performs a registration process or a service request process in the core network, and activates access layer or non-access security.

In a possible implementation manner, when the network device receives the security mode command completion message and the verification is successful, it means that the security of the access layer or the non-access layer is activated.

S606. The network device acquires indication information used to indicate that the configuration information of the terminal device needs to be protected by security. For this S606, reference may be made to the related content of the aforementioned S502, which will not be repeated here.

It should be noted that S606 is an optional step, which may or may not be executed. In the figure, S606 is a dotted line, indicating that S606 is an optional step to be executed.

S607. The network device sends an RRC reconfiguration message to the terminal device, where the RRC reconfiguration message includes second user configuration information, and the second user configuration information is different from the first user configuration information.

For S607, reference may be made to relevant content in the aforementioned S503, which will not be repeated here.

The RRC reconfiguration message may be RRC reconfig.

The second message may be an RRC reconfiguration message.

S608. The terminal device sends an RRC reconfiguration complete message to the network device.

In a possible implementation manner, after successfully parsing the content in the RRC reconfiguration message, the terminal device returns an RRC reconfiguration complete message after verifying that the integrity protection is successful.

It should be noted that S601 to S604 can be transmitted on a public channel, and the security protection has not been activated yet. All messages are available to the attacker. After S605, the terminal device and the network device can be configured according to the user configuration information, and subsequent messages can be transmitted on a channel specific to the terminal device.

It should be noted that in the embodiment of the present application, multiple RRC reconfiguration messages may be initiated after S605. In a possible implementation manner, the user configuration information carried in subsequent RRC reconfiguration messages may be required to be consistent with the first user configuration information. The information is different. In yet another possible implementation manner, it may be required that any one of the user configuration message and the first user configuration message carried in the RRC reconfiguration message is different from that carried in the previous RRC reconfiguration message. In this way, security can be further improved.

From the above content, it can be seen that before the security activation of the non-access layer or the access layer, the messages are transmitted in plain text, so the attacker can obtain the configuration information of the first user. Since the RRC reconfiguration message occurs in the non-access layer or After the access layer security is activated, it is protected by integrity and confidentiality security. Therefore, the attacker cannot obtain the configuration information of the second user in the RRC reconfiguration message.

However, if the second user configuration information is not required to be different from the first user configuration information, based on certain factors, such as configuration speed, etc., the RRC reconfiguration message may not carry the user configuration information (in this case, the terminal device according to the transmission of data between a user configuration information and a network device), or it is more likely that the user configuration information carried in the RRC reconfiguration message is the same as the first user configuration information, so the attacker may use the acquired first user configuration information To obtain data packets between terminal equipment and network equipment, and monitor and tamper with PHY layer, MAC layer, and RLC layer messages. Further, it may lead to misconfiguration of resources between terminal devices and network devices, degradation of transmission performance, and even interruption of connections. Attackers eavesdropping on messages may also lead to privacy leaks of terminal devices.

However, in the embodiment of the present application, the second user configuration information different from the first user configuration information is required to be carried in the RRC reconfiguration message. Therefore, when an attacker wants to obtain the data packet of the terminal device, he cannot obtain it based on the first user configuration information. , but need to guess the physical layer parameter configuration of the terminal device, such as parameters in DCI such as scrambling code ID, BWP, position/number of PDCCH start symbols, DCI length, different candidate sets, etc. Since the DCI information in the second user configuration information is invisible to the attacker, the data can be hidden to a certain extent, which can increase the difficulty of the attack, thereby reducing the possibility of information leakage.

Based on the above content, FIG. 7 exemplarily shows a schematic flow chart of a communication method, which can be executed by a network device and a terminal device, where the terminal device can be, for example, the aforementioned FIG. 1, FIG. 2, FIG. 3a, and FIG. 3b Or the terminal device in FIG. 4, the network device may be, for example, the access network element (such as gNB) or the mobility management network element (such as AMF) in the aforementioned FIG. 1, FIG. 2, FIG. 3a, FIG. 3b or FIG. 4, It may also be other network elements, and only these two network elements are used as examples here. It can also be executed by chips or components inside the network equipment and chips or components inside the terminal equipment. As shown in Figure 7, the method includes:

S701. The network device sends a third message to the terminal device. The terminal device receives the third message from the network device. The third message includes first indication information, where the first indication information is used to indicate a first correspondence relationship corresponding to the terminal device, and the first correspondence relationship is a correspondence relationship between an information type identifier and an index value.

In a possible implementation manner, the third message is protected by security. In this way, the transmission process of the first indication information can be more secure.

In yet another possible implementation manner, the third message may occur after the aforementioned S605, that is, after the terminal device performs a registration process or a service request process in the core network, and activates the access layer or non-access security, thus, the first Three messages can be protected, thereby improving the security of information transmission. In yet another possible implementation manner, the third message is a radio resource control RRC layer message, such as the aforementioned RRC reconfiguration message, the aforementioned RRC reconfiguration message in S607, or other RRC reconfiguration messages. information. In this way, the third message can be protected by security, so that the security of information transmission can be improved.

The index value in the first correspondence can be obtained by one of the following:

Calculated by randomization algorithm;

Obtained according to preset rules;

Calculated according to the information type identification and the preset first calculation formula; or,

Calculated according to the preset value and the second preset calculation formula.

The first indication information may be the first correspondence, or indication information used to indicate the first correspondence, and the terminal device may calculate or determine the information type identifier and the index value according to the indication information used to indicate the first correspondence. Correspondence. For example, if the index value is obtained through a preset rule, the first indication information may be the preset rule, and the terminal device may determine the correspondence between the information type identifier and the index value according to the preset rule. For another example, if the index value is calculated by the information type identifier and the preset first calculation formula, the first indication information can also be the preset first calculation formula, and the terminal device can determine the The corresponding relationship between the information type identifier and the index value is displayed. For another example, if the index value is calculated by the preset value and the preset second calculation formula, the first indication information can also be the preset second calculation formula and the preset value, and the terminal device can The preset second calculation formula determines the corresponding relationship between the information type identifier and the index value.

The granularity of the "correspondence between information type identifiers and index values" in the embodiment of the present application may be the granularity of the terminal device, that is, the "correspondence between information type identifiers and index values" corresponding to the terminal device can be established for each terminal device, The "correspondence relationship between information type identifiers and index values" corresponding to two terminal devices may be different. For example, the terminal device corresponding to the foregoing first correspondence is referred to as a first terminal device, and the first correspondence corresponding to the first terminal device includes a correspondence between a first information type identifier and a first index value. The second terminal device (the second terminal device refers to a terminal device different from the terminal device corresponding to the aforementioned first correspondence, for the sake of distinction, it is referred to as the second terminal device herein) corresponds to the second correspondence, and the second correspondence includes The correspondence between the first information type identifier and the second index value. The first index value and the first index value are different. That is, for at least one information type identifier, two different values may be obtained in the "correspondence relationship between information type identifiers and index values" corresponding to two different terminal devices. That is to say, the embodiment of the present application does not use the same set of correspondence between information type identifiers and index values for all terminal devices, but can be set separately for different terminal devices, thereby further improving security.

In the embodiment of the present application, the granularity of "correspondence between information type identifier and index value" may be the granularity of bearer, that is, for each bearer of a terminal device, the "information type identifier and index value" corresponding to the bearer of the terminal device can be established. The corresponding relationship between the two bearers of the terminal device may be different from the corresponding relationship between the information type identifier and the index value. For example, the aforementioned first correspondence corresponds to the first bearer of the first terminal device, and the first correspondence corresponding to the first bearer includes a correspondence between the first information type identifier and the first index value. The second bearer of the first terminal device also corresponds to a second correspondence, and the second correspondence includes a correspondence between the first information type identifier and the second index value. The first index value and the first index value are different. That is, for at least one information type identifier, two different values can be obtained in the "correspondence relationship between information type identifiers and index values" corresponding to at least two bearers of the same terminal device. That is to say, the embodiment of the present application does not use the same set of correspondence between information type identifiers and index values for all bearers of the terminal device, but can be set separately for different bearers of the terminal device, thereby further improving security.

S702. The network device sends a fourth message to the terminal device. The terminal device receives the fourth message from the network device. The fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence.

S703. The terminal device determines the information type identifier corresponding to the index value in the fourth message according to the first indication information.

In a possible implementation manner, before S702 or S701, the method may further include: the network device acquires indication information for indicating that the configuration information of the terminal device needs to be protected by security. In a possible implementation manner, the foregoing S702 may be replaced with: the network device sends the fourth message to the terminal device according to the indication information used to indicate that the configuration information of the terminal device needs to be protected by security. For the relevant content of this step, please refer to the above-mentioned introduction about the implementation manner a1 to the implementation manner a5 in S502, which will not be repeated here. For example, based on the aforementioned embodiment a5, for example, the capability information of the terminal device indicates that the terminal device is capable of supporting the determination of the first correspondence according to the first indication information, and determines the index value corresponding to the index value in the fourth message according to the first correspondence. information type identification, and the network device has the ability to generate the first correspondence, and according to the first correspondence, the field carrying the information type identification in the fourth message carries the index value corresponding to the field carrying the information type identification, then the network device determines to obtain The instruction information used to indicate that the configuration information of the terminal device needs to be protected by security.

It can be seen from the above scheme that by establishing the "correspondence relationship between the information type identifier and the index value", it is not necessary to carry the information type identifier in the fourth message, but the index value corresponding to the information type identifier is carried in the fourth message, so , even if the attacker obtains the fourth message, if there is no "correspondence between the information type identifier and the index value", it is difficult to correctly obtain the information type identifier of the fourth message, thereby further improving security.

In yet another possible implementation manner, the fourth message is a MAC layer message, an RLC layer message, or a PHY layer message. The fourth message is not secured. In this way, on the one hand, the transmission efficiency of the message can be taken into account, and on the other hand, because the information type identifier in the fourth message is protected, that is, the fourth message does not carry the information type identifier, but carries its corresponding index value, so The possibility of leakage of the information type identifier in the fourth message can be reduced, thereby further improving security.

In a possible implementation manner, the fourth message is: a message including a MAC Control Element (MAC Control Element, MAC CE). The fourth message may be sent after the aforementioned network device receives the RRC reconfiguration complete message sent by the terminal device (the RRC reconfiguration message is the aforementioned third message).

Fig. 8 exemplarily shows a schematic structural diagram of a possible MAC PDU. As shown in Fig. 8, a MAC PDU may consist of 1 MAC header (MAC header)+0 or more MAC service data units (service data unit, SDU)+0 or more MAC CE+possible padding.

Wherein, the MAC header (MAC header) is composed of one or more MAC sub-headers (MAC sub-header). The field corresponding to each MAC sub-header can be a MAC PDU, or a MAC CE, or padding.

The MAC sub-header (MAC sub-header) in the MAC PDU can contain the following types:

In addition to the last MAC sub-header (MAC sub-header) in the MAC PDU and the MAC sub-header (MAC sub-header) for the fixed-length MAC CE, there can be 6 other MAC sub-headers (MAC sub-header) Domain composition: R/R/E/LCID/F/L. The last MAC sub-header (MAC sub-header) in the MAC PDU and the MAC sub-header (MAC sub-header) for the fixed-length MAC CE consist of 4 fields: R/R/E/LCID. The MAC sub-header (MAC sub-header) corresponding to padding also consists of 4 fields: R/R/E/LCID.

Among them: R: It can represent a reserved bit, which is set to 0.

E: It can be used to indicate whether the following is the data field or the MAC header field. 1 means that the next Mac sub-header is next, and 0 means that the next is the data field.

F: It can indicate whether the length of the L field is 7 bits or 15 bits. When the length indicated by L exceeds 127, it is set to 1, otherwise it is 0.

L: It can indicate the data length of MAC CE or MAC SDU.

LCID: short for logical channel ID (LCID). The LCID field can be used to carry the code point or initial index value of the LCID. The information carried by the LCID field is used to indicate the MAC SDU corresponding to the MAC sub-header, or the type of the corresponding MAC CE, or the corresponding padding. The corresponding relationship between the value of the LCID and the code point or initial index value of the LCID is shown in Table 2 below.

Table 2 DL-Shared CHannel (Shared CHannel, SCH) in the value of LCID and the code point or initial index of LCID

Schematic diagram of the corresponding relationship between the quoted values

In the embodiment of the present application, the MAC sub-header (MAC sub-header) may include an information type identifier, which is used to indicate the information type of the information carried by the field corresponding to the MAC sub-header (MAC sub-header). Information type identification may also be called information purpose identification, information role identification, and so on. In a possible implementation manner, the information type identifier may be a code point or an initial index value of a logical channel identifier (logical channel ID, LCID). In this embodiment of the present application, in order to distinguish, the index value corresponding to the LCID defined in the standard is called the initial index value. The index value in the first correspondence in the embodiment of the present application is referred to as an index value. In the embodiment of the present application, the corresponding relationship between the index value and the information type identifier can be established. Taking the code point whose information type identifier is LCID as an example, a possible index value, LCID code point and Correspondence between LCID values.

Table 3 Correspondence between index value, LCID code point and LCID value in DL-SCH

As shown in Table 3, the fourth message is a secondary cell activation message, and the fourth message is used to request activation of the secondary cell. In this case, the information type identifier (LCID code point) in the fourth message should be 58. It is determined according to Table 3 that the corresponding index value is 50, then the field used to carry the information type identifier in the fourth message carries 50 instead of 58. After the assailant obtains the fourth message, if he does not know the correspondence between the index value and the information type identifier, he will determine that the message is SP SRS activation signaling according to the 50 carried in the fourth message, and he does not know the The fourth message is a secondary cell activation message. It can be seen that the scheme provided by the embodiment of the present application can realize the hiding and protection of the information type identification in the message header of the fourth message, so that the security can be further improved, so that the attacker cannot correctly understand the message type and increase the attack speed. The attack difficulty of the attacker.

Based on the above content, FIG. 9 exemplarily shows a schematic flowchart of another communication method provided by the embodiment of the present application. The communication method can be executed by a network device and a terminal device, where the terminal device can be, for example, the aforementioned FIG. 1 and FIG. 2. The terminal device in Figure 3a, Figure 3b or Figure 4, the network device can be, for example, the access network element (such as gNB) or mobility management network element (such as gNB) in Figure 1, Figure 2, Figure 3a, Figure 3b or Figure 4 mentioned above The network element (such as AMF) may also be other network elements, and only these two network elements are used as examples here. It can also be executed by chips or components inside the network equipment and chips or components inside the terminal equipment. As shown in Figure 9, the method includes:

S901. The network device sends a third message to the terminal device. The terminal device receives the third message from the network device. The third message includes second indication information, where the second indication information is used to indicate the third correspondence. The third correspondence includes the correspondence between cell identities and cell index numbers of the N1 secondary cells of the terminal device. N1 is a positive integer. Wherein, the third corresponding relationship is obtained based on N0 cells, and N0 cells include N1 secondary cells and preset N2 interfering cells, N2 is a positive integer, and N0 is the sum of N1 and N2.

In the embodiment of the present application, the primary cell numbers the N1 secondary cells and the preset N2 interfering cells together, so as to obtain the cell index numbers corresponding to the N1 secondary cells and the N2 interfering cells. In a possible implementation manner, the third correspondence may further include cell index numbers of the N2 interfering cells.

In a possible implementation manner, the cell index number of each cell may be randomly generated, and there may not be a sorting relationship among the cells. In yet another possible implementation manner, the cells may be sorted according to their identifiers, and the cell index numbers of the cells are sequentially generated. In this case, in a possible implementation manner, when N1 is an integer greater than 1, at least one interfering cell is arranged between two secondary cells.

The second indication information may be the third correspondence, or indication information for indicating the third correspondence, and the terminal device may determine the correspondence between the cell identifier and the cell index number according to the indication information for indicating the third correspondence. For example, if the cell index number is obtained through a preset rule, the second indication information may be the preset rule, and the terminal device may determine the correspondence between the cell ID and the cell index number according to the preset rule. For example, the preset rule may be based on The cell identifiers are sorted, and three interfering cells are continuously added after the first cell, and the index numbers of the cells are obtained according to the sequence numbers of the sorted cells.

In the embodiment of the present application, the granularity of the "correspondence between cell identifiers and cell index numbers" may be the granularity of terminal devices, that is, the "correspondence between cell identifiers and cell index numbers" corresponding to the terminal device can be established for each terminal device, The "correspondence relationship between cell identifiers and cell index numbers" corresponding to the two terminal devices may be different. For example, the terminal device corresponding to the aforementioned third correspondence is called the first terminal equipment, and the third correspondence corresponding to the first terminal equipment includes the correspondence between the first cell identifier and the first cell index number. The second terminal device (the second terminal device refers to a terminal device different from the terminal device corresponding to the aforementioned third correspondence, for the sake of distinction, referred to herein as the second terminal device) corresponds to the third correspondence, and the third correspondence includes The corresponding relationship between the first cell identifier and the second cell index number. The first cell index number is different from the first cell index number. That is, for at least one cell ID, two different cell index numbers can be obtained in the "correspondence relationship between cell IDs and cell index numbers" corresponding to two different terminal devices. That is to say, in the embodiment of the present application, the same set of correspondence between cell identifiers and cell index numbers is not used for all terminal devices, but can be set separately for different terminal devices, thereby further improving security.

The granularity of "correspondence between cell ID and cell index number" in the embodiment of the present application may be the granularity of bearer, that is, for each bearer of a terminal device, the "cell ID and cell index" corresponding to the bearer of the terminal device can be established. The corresponding relationship between the two bearers of the terminal device may be different from the corresponding relationship between the cell ID and the cell index number. For example, the foregoing third correspondence corresponds to the first bearer of the first terminal device, and the third correspondence corresponding to the first bearer includes a correspondence between the first cell identifier and the first cell index number. The second bearer of the first terminal device also corresponds to a third correspondence, and the third correspondence includes a correspondence between the first cell identifier and the second cell index number. The first cell index number is different from the first cell index number. That is, for at least one cell ID, two different values may be obtained in the "correspondence between cell IDs and cell index numbers" corresponding to at least two bearers of the same terminal device. That is to say, in the embodiment of the present application, the same set of correspondence between cell identifiers and cell index numbers is not used for all bearers of the terminal equipment, but can be set separately for different bearers of the terminal equipment, thereby further improving security.

S902. The network device sends a fourth message to the terminal device. The fourth message includes a first field, and the first field carries: activation indication information corresponding to the cell index numbers of N0 cells, activation information corresponding to the cell index numbers of the N0 cells The indication information is used to indicate whether the cell is activated or not activated.

In a possible implementation manner, the cell index numbers of the cells among the N0 cells may be index numbers allocated for the cells, and there may not be a sorting relationship among them. In another possible implementation manner, the cell index number of the cell in the N0 cells is: the serial number of the cell obtained by sorting the N1 secondary cells and the N2 interfering cells. That is, the index number can show the sorting relationship between the cells, for example, the sorting can be performed according to the cell ID.

In yet another possible implementation manner, the first field sequentially carries the activation indication information corresponding to the N0 cells according to the serial numbers of the cells in the N0 cells. Therefore, the terminal device can determine the cell index number corresponding to the activation indication information according to the sorting of the activation indication information. In yet another possible implementation manner, the fourth message may also carry indication information for indicating a correspondence between the activation indication information and the cell index number. In this case, it is not required that the arrangement of the activation indication information satisfy a certain ordering relationship. The terminal device may determine the cell index number corresponding to each activation indication information according to the indication information used to indicate the correspondence between the activation indication information and the cell index number.

In a possible implementation manner, before S902 or S91, it may further include: the network device acquires indication information for indicating that the configuration information of the terminal device needs to be protected by security. In a possible implementation manner, the foregoing S902 may be replaced with: the network device sends the fourth message to the terminal device according to the indication information used to indicate that the configuration information of the terminal device needs to be protected by security. For the relevant content of this step, please refer to the above-mentioned introductions about the implementation manner a1 to the implementation manner a5 in S502 and S702, which will not be repeated here. For example, based on the aforementioned embodiment a5, for example, the capability information indication of the terminal device: the terminal device has the ability to identify the activation indication information of the interfering cell, and the network device has the ability to generate the third corresponding relationship according to the secondary cell and the interfering cell, and according to the first Three correspondences, the fourth message is capable of carrying the activation indication information corresponding to the interfering cell and the secondary cell; then the network device determines to obtain the indication information used to indicate that the configuration information of the terminal device needs to be protected by security.

S903. The terminal device determines an activated secondary cell among the N2 secondary cells according to the first field of the fourth message and the foregoing third correspondence.

It should be noted that, in a possible implementation manner, the two schemes of FIG. 9 and FIG. 7 in the embodiment of the present application may be implemented separately, for example, only the scheme of FIG. 9 is used, or only the scheme of FIG. 7 is applied. The schemes of FIG. 9 and FIG. 7 may also be used in combination, for example, the second indication information and the aforementioned first indication information may be carried in the third message. In the fourth message, the information type identifier is encrypted, and the index value is used to replace the information type identifier, and the information of the interfering cell may also be added in the secondary cell in S902, so as to encrypt the message content.

In yet another possible implementation manner, the aforementioned scheme in FIG. 5 can be implemented alone, or can be used in combination with at least one of FIG. 9 or FIG. 7 , such as combining FIG. 5 with FIG. 7 and FIG. 9 , such In this case, the aforementioned second message and the third message may be the same message, or may be two messages, such as two RRC reconfiguration messages.

Regarding the relevant content in the third message and the fourth message in the embodiment of the present application, the contents in FIG. 7 and FIG. 9 can be referred to each other. The only difference is that the embodiment of the present application does not repeat the description about the repeated content.

Enhanced Mobile Broadband (eMBB) is an important scenario for 5G applications. Typical applications of this scenario include 2k/4k video and VR/AR, etc. These applications require ultra-high transmission data rates: the upstream peak rate must reach 10Gbits per second (Gbit/s); the downstream peak rate must reach 20Gbit/s. The peak rate is closely related to the bandwidth available to the user. If the data is regarded as vehicles on the highway, the bandwidth of the cell is the number of lanes of the highway. Under the same conditions, the more lanes there are, the faster the maximum speed the vehicle can reach.

The cell bandwidth of 5G can reach up to 100MHz in the low frequency band and 400MHz in the high frequency band. Taking the maximum bandwidth of 100MHz on the low-frequency band as an example, the peak user downlink rate can only reach 1.6+Gbit/s (the subcarrier spacing is 30kHz, 4 streams are transmitted in parallel, the modulation method is 256QAM, and the subframe ratio is 4:1). Such a peak rate is still far from meeting the requirements of the eMBB scenario.

In order to increase the peak rate and meet the requirements of the eMBB scenario, the only way to increase the cell bandwidth is. The purpose of carrier aggregation (CA) is to expand the bandwidth used by terminal equipment and increase the peak rate when the business is busy. For example, in a 3-carrier aggregation scenario, a terminal device can use 3 carriers at the same time. Among the three carriers, one carrier is called a primary carrier (Primary Carrier, PCC), and the cell corresponding to the PCC is called a primary cell (PCell). The other two carriers are called secondary carriers (Secondary Carrier, SCC), and the cell corresponding to the SCC may be called a secondary cell (SCell). Each end device can be connected to one PCell. The terminal equipment performs an initial connection establishment process or a connection reestablishment process in the cell. The PCell can be responsible for handling all signaling with the terminal equipment. Each terminal device can connect to multiple SCells. SCell is added during RRC reconfiguration to provide additional radio resources. There may be no RRC connection between the terminal equipment and the SCell.

Based on the content in FIG. 9 above, FIG. 10 exemplarily shows a schematic flowchart of another communication method provided by the embodiment of the present application, as shown in FIG. 10:

S1001. The terminal device reports a measurement report of the secondary cell to the primary cell of the base station. The primary cell receives the measurement report of the secondary cell from the terminal device.

The measurement report message of the secondary cell may be secondary cell channel measurement. The measurement report of the secondary cell may be an RRC message, which may be protected by security, or the message is protected by integrity and confidentiality.

In a possible implementation manner, the terminal device can be triggered periodically or by a specific event to start measuring the signal quality of the secondary cell, and record the characteristics of the network environment at a certain time and point during the call process by taking a certain measurement content as a unit .

The terminal device can measure the secondary cell, and send the measurement report of the secondary cell to the primary cell in the network device. For example, there are four secondary cells, and the cell IDs may be #102, #398, #209, and #452 respectively.

S1002, the primary cell may send to the terminal device indication information for indicating the correspondence between the secondary cell and the cell index number of the terminal device. This information may be carried in the third message of S901 above. For related content of S1002, refer to the introduction about the third message in FIG. 7 or FIG. 9 , and details are not repeated here.

In a possible implementation manner, the third message may be secondary cell configuration information, which may be secondary cell configuration.

In S1002, the primary cell may number the secondary cell, and send a message including the numbering information of the secondary cell to the terminal device. In a possible implementation manner, the message may be sent in an RRC message, and the message may be protected by integrity and encryption.

S1003. The primary cell sends a secondary cell activation message to the terminal device.

In a possible implementation manner, the fourth message in FIG. 7 and FIG. 9 may be the secondary cell activation message in S1003, which may be secondary cell activation. The fourth message is used to activate the secondary cell. The secondary cell activation message is a MAC layer message, and the message is not protected by security, or not protected by integrity and confidentiality.

In a possible implementation manner, when the primary cell receives a large amount of downlink data and can increase the peak rate by activating the secondary cell, the primary cell sends a secondary cell activation message to the UE to activate at least one secondary cell.

S1004. The terminal device selects a corresponding secondary cell for activation according to the secondary cell activation message, and establishes a data transmission channel from the terminal device to the secondary cell, and then performs data transmission with the secondary cell.

In the following, the cell IDs of the four secondary cells of the terminal device are respectively #102, #398, #209, and #452, and the fourth message is a secondary cell activation message as an example for illustration. Table 4 exemplarily shows a schematic table in which the primary cell only numbers N1 secondary cells (N1 is 4). Table 5 exemplarily shows a corresponding relationship between the cell index numbers generated according to Table 4 and the corresponding activation indication information.

Table 4 Schematic diagram of primary cell numbering only for N1 secondary cells (N1 is 4)

小区索引号 Cell Index Number	11	22	33	44
小区标识Community ID	#452#452	#209#209	#398#398	#102#102

Table 5 Schematic table of the corresponding relationship between the cell index number and the corresponding activation indication information generated according to Table 4

小区索引号 Cell Index Number	11	22	33	44	55	66	77
小激活指示信息 Small activation instructions	11	11	00	11	00	00	00

It can be seen from Table 4 and Table 5 that, for example, if the main cell needs to activate the cell with the number 1/2/4, it can carry "1101000" in the first field of the fourth message, because the first field is based on the cell index number. The ordering relationship places the activation indication information corresponding to each cell index number in sequence. A bit of 1 indicates that the cell corresponding to the cell index number corresponding to the bit is activated, and a bit of 0 indicates inactivation. Therefore, it can be determined that the cell numbered 1/2/4 is activated according to "1101000" in the first field. Further, the terminal device can determine the numbered cell as 1/2 according to the correspondence between the secondary cell and the cell index number, such as Table 4. The cell identifiers of the cells of /4 are respectively: #452, #209, and #102. In this example, the secondary cell activation message is a MAC CE message, the code point or initial index value of the LCID in the MAC header is 58, and the message header of the secondary cell activation message can carry the index value in the scheme shown in Figure 7 above , for example, according to the aforementioned Table 3, 50 can be carried.

It can be seen from Table 4 and Table 5 that since the fourth message is not protected by security, the content in the fourth message is plain text, and an attacker can obtain the content in the fourth message. In a possible situation, the attacker can count the number of 1 bits in the first field, and then obtain the number of activated cells. On the other hand, the attacker can walk in a certain area and record the corresponding relationship between the location path and the number of activated cells. According to the obtained sample data, the corresponding relationship between the location information and the number of cells can be generated. Combined with the number of cells obtained in the fourth message, the location information of the terminal device can be further inferred. It can be seen that the schemes in Table 4 and Table 5 may easily lead to leakage of private information of the terminal device, such as location information.

To solve this problem, the embodiment of this application proposes the solution shown in FIG. 9 above. As described in 902 above, when the terminal device has N1 secondary cells, the first field does not only carry the cell activation indication of N1 secondary cells. Instead, it may carry cell activation indication information of N0 cells, and the N0 cells include N1 secondary cells and N2 interfering cells. Table 6 and Table 7 are used for illustration below. Table 6 exemplarily shows a schematic diagram of numbering N1 secondary cells (N1 is 4) and N2 interfering cells by the primary cell. Table 7 exemplarily shows the corresponding relationship between the cell index numbers generated according to Table 6 and the corresponding activation indication information.

Table 6 Schematic diagram of primary cell numbering only for N1 secondary cells (N1 is 4)

小区索引号 Cell Index Number	11	22	33	44	55	66	77
小区标识Community ID	#452#452	#000#000	#000#000	#000#000	#209#209	#398#398	#102#102

Table 7 Schematic table of the corresponding relationship between the cell index number and the corresponding activation indication information generated according to Table 6

小区索引号 Cell Index Number	11	22	33	44	55	66	77
激活指示信息 Activation instructions	11	11	11	00	11	00	11

It can be seen from Table 6 and Table 7 that the primary cell has added an interfering cell to the secondary cell, and uniformly numbered the secondary cell and the interfering cell. The interfering cell is the cell whose cell ID is #000 in Table 6. The cell numbers are shown in Table 6. If the primary cell needs to activate "#452, #209, #102", the cell numbers of which are 1/5/7, then "1110101" can be carried in the first field of the fourth message.

The terminal device can sequentially determine the cell index number of the activated secondary cell according to the information carried in the first field, and further determine the cell identity of the activated secondary cell according to the "third correspondence between the cell ID of the secondary cell and the cell index number" . In yet another possible implementation manner, the third correspondence may also include the correspondence between the cell ID of the interfering cell and the cell index number, and indicate that the preset cell ID (such as #000) of the terminal device is the interfering cell, then The terminal device may ignore the activation indication information corresponding to the cell identifier #000. The activation indication information corresponding to #000 may also be called noise information, which is used to interfere and confuse attackers. However, the terminal equipment can remove the noise information, and then obtain the correct identification of the cell to be activated.

In a possible implementation manner, the cell activation indication information of the interfering cell may be set to any value, 0 or 1, for example, all may be set to 0, for example, "1000101" may be carried in the first field of the fourth message. In this case, after obtaining the information in the first field, the attacker does not know that the secondary cell and the interfering cell are numbered together, but thinks that the numbering is only for the secondary cell, so it can be inferred that the terminal device has 7 The number of secondary cells. It can be seen that since the attacker cannot understand the noise information in the fourth message, the attack difficulty can be increased, and the information can be kept secret and hidden. For example, the quantity information of the secondary cell can be kept secret and hidden.

In yet another possible implementation manner, the activation indication information corresponding to at least one interfering cell may be set to 1. That is, for at least one interfering cell, the activation indication information of the interfering cell is used to indicate that the interfering cell is activated. For example, "1100101" may be carried in the first field of the fourth message. In this case, after obtaining the information in the first field, the attacker does not know that the secondary cell and the interfering cell are numbered together, but thinks that the numbering is only for the secondary cell, so it can be inferred that the terminal device has 7 The number of secondary cells, and the activated number is 4. It can be seen that the quantity information of the secondary cell can be kept secret and hidden.

It can be understood that, in the above embodiments, the methods and/or steps implemented by the terminal device may also be implemented by components (such as chips or circuits) that can be used for the terminal device. The methods and/or steps implemented by network equipment may also be implemented by components (such as chips or circuits) that can be used in network equipment.

The foregoing mainly introduces the solution provided by the embodiment of the present application from the perspective of interaction between various network elements. Based on the above embodiments and the same idea, FIG. 11 is a schematic diagram of a communication device provided by an embodiment of the present application.

The communication device may be the terminal device in the above method embodiment, or a device including the above terminal device, or a component that can be used in the terminal device, or a chip or a circuit (for example, a chip or a circuit in the first policy control network element ). The communication device may be the network device in the above-mentioned method embodiment, or a device including the above-mentioned network device, or a component that can be used in the network device, or a chip or a circuit (for example, a chip or a circuit in the second policy control network element ).

The communication device 1100 includes a processing module 1102 and a communication module 1101 . Further, the communication device 1100 may include a storage module 1103 or may not include a storage module 1103 . The dotted line in the storage module 1103 in the figure further indicates that the storage module is optional.

Wherein, the processing module 1102 can be a processor or a controller, such as a general-purpose central processing unit (central processing unit, CPU), a general-purpose processor, a digital signal processing (digital signal processing, DSP), an application specific integrated circuit (application specific integrated circuit) circuits, ASIC), field programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, transistor logic devices, hardware components or any combination thereof. It can implement or execute the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor can also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of DSP and a microprocessor, and so on. The processing module 1102 can execute computer-executable instructions stored in the storage module.

The storage module 1103 may be a memory. Optionally, the storage module can be a storage module in the chip, such as a register, a cache, etc., and the storage module can also be a storage module outside the chip in the communication device, such as a read-only memory (read-only memory, ROM). ) or other types of static storage devices that can store static information and instructions, random access memory (random access memory, RAM), etc.

The communication module 1101 is an interface circuit of the communication device for receiving signals from other devices. For example, when the device is implemented as a chip, the communication module 1101 is an interface circuit for the chip to receive signals from other chips or devices, or an interface circuit for the chip to send signals to other chips or devices. The communication module 1101 may be, for example, a transceiver. Optionally, the transceiver may include a radio frequency circuit. The communication module 1101 may be, for example, an input/output interface, a pin, or a circuit.

Specifically, the functions/implementation process of the communication module 1101 and the processing module 1102 in FIG. 11 can be realized by calling the computer-executed instructions stored in the memory 303 by the processor 301 in the communication device 300 shown in FIG. 4 . Alternatively, the function/implementation process of the processing module 1102 in FIG. 11 can be implemented by calling the computer execution instructions stored in the memory 303 by the processor 301 in the communication device 300 shown in FIG. /The implementation process can be implemented through the communication interface 304 in the communication device 300 shown in FIG. 4 .

For example, taking the communication device 1100 as an example of the network device in the above method embodiment, the processing module 1102 is configured to send the first message to the terminal device through the communication module 1101 and send the second message to the terminal device. The first message is not protected by security, and the first message includes first user configuration information of the terminal device. The second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information. Data transmission is performed between the terminal device and the second user configuration information.

For example, taking the communication apparatus 1100 as an example of the network device in the above method embodiment, the processing module 1102 is configured to send the third message to the terminal device through the communication module 1101 . Send the fourth message to the terminal device. The third message includes first indication information, where the first indication information is used to indicate a first correspondence relationship corresponding to the terminal device, and the first correspondence relationship is a correspondence relationship between an information type identifier and an index value. The fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence.

For example, taking the communication apparatus 1100 as an example of the network device in the above method embodiment, the processing module 1102 is configured to send the third message to the terminal device through the communication module 1101 . Send the fourth message to the terminal device. The third message includes second indication information, and the second indication information is used to indicate a third correspondence, and the third correspondence includes the correspondence between cell identities and cell index numbers of N1 secondary cells of the terminal device; N1 is a positive integer ; Wherein, the third corresponding relationship is obtained based on N0 cells, N0 cells include N1 secondary cells and preset N2 interfering cells, N2 is a positive integer, and N0 is the sum of N1 and N2. The fourth message includes a first field, and the first field carries: activation indication information corresponding to the cell index numbers of N0 cells, and the activation indication information corresponding to the cell index numbers of the cells in the N0 cells is used to indicate whether the cell is activated or not activated.

For example, taking the communication device 1100 as the terminal device in the above method embodiment as an example, the processing module 1102 is configured to receive the first message from the network device through the communication module 1101 and receive the second message from the network device. The first message is not protected by security, and the first message includes first user configuration information of the terminal device. The second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information. Data transmission is performed between the terminal device and the second user configuration information.

For example, taking the communication apparatus 1100 as an example of the network device in the above method embodiment, the processing module 1102 is configured to receive the third message from the network device through the communication module 1101 . A fourth message is received from the network device. The third message includes first indication information, where the first indication information is used to indicate a first correspondence relationship corresponding to the terminal device, and the first correspondence relationship is a correspondence relationship between an information type identifier and an index value. The fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence.

For example, taking the communication apparatus 1100 as an example of the network device in the above method embodiment, the processing module 1102 is configured to receive the third message from the network device through the communication module 1101 . A fourth message is received from the network device. The third message includes second indication information, and the second indication information is used to indicate a third correspondence, and the third correspondence includes the correspondence between cell identities and cell index numbers of N1 secondary cells of the terminal device; N1 is a positive integer ; Wherein, the third corresponding relationship is obtained based on N0 cells, N0 cells include N1 secondary cells and preset N2 interfering cells, N2 is a positive integer, and N0 is the sum of N1 and N2. The fourth message includes a first field, and the first field carries: activation indication information corresponding to the cell index numbers of N0 cells, and the activation indication information corresponding to the cell index numbers of the cells in the N0 cells is used to indicate whether the cell is activated or not activated.

Wherein, all relevant content of each step involved in the above-mentioned method embodiment can be referred to the function description of the corresponding function module, and will not be repeated here.

It can be understood that, in order to realize the above functions, the communication device includes hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that the present application can be implemented in the form of hardware or a combination of hardware and computer software in combination with the units and algorithm steps of each example described in the embodiments disclosed herein. Whether a certain function is executed by hardware or computer software drives hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

According to the method provided in the embodiment of the present application, the present application also provides a computer program product, the computer program product including: computer program code or instruction, when the computer program code or instruction is run on the computer, the computer is made to execute the , the method of any one of the embodiments shown in FIG. 6 , FIG. 7 , FIG. 9 or FIG. 10 .

According to the methods provided in the embodiments of the present application, the present application also provides a computer-readable storage medium, the computer-readable medium stores program codes, and when the program codes are run on a computer, the computer executes the steps shown in Figures 5 and 6. , the method of any one of the embodiments shown in FIG. 7 , FIG. 9 or FIG. 10 .

According to the method provided in the embodiment of the present application, the present application further provides a chip system, where the chip system may include a processor. The processor is coupled with the memory, and may be used to execute the method in any one of the embodiments shown in FIG. 5 , FIG. 6 , FIG. 7 , FIG. 9 or FIG. 10 . Optionally, the chip system further includes a memory. Memory, used to store computer programs (also called code, or instructions). The processor is configured to call and run the computer program from the memory, so that the device installed with the system-on-a-chip executes the method of any one of the embodiments shown in FIG. 5 , FIG. 6 , FIG. 7 , FIG. 9 or FIG. 10 .

According to the method provided in the embodiment of the present application, the present application further provides a system, which includes the aforementioned terminal device and network device.

In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. A computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application are generated in whole or in part. A computer can be a general purpose computer, special purpose computer, computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g. Coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (such as infrared, wireless, microwave, etc.) transmission to another website site, computer, server or data center. The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device including a server, a data center, and the like integrated with one or more available media. Available media can be magnetic media (e.g., floppy disk, hard disk, magnetic tape), optical media (e.g., high-density digital video disc (digital video disc, DVD)), or semiconductor media (e.g., solid state disk (solid state disc, SSD) )Wait.

It should be pointed out that a part of the patent application documents contains content protected by copyright. Copyright is reserved by the copyright owner other than to make copies of the contents of the patent file or records of the Patent Office.

The network equipment in each of the above device embodiments corresponds to the terminal equipment and the network equipment or terminal equipment in the method embodiments, and the corresponding modules or units perform corresponding steps, for example, the communication module (transceiver) performs receiving or sending in the method embodiments Steps, other steps except sending and receiving can be executed by a processing module (processor). For the functions of the specific units, reference may be made to the corresponding method embodiments. Wherein, there may be one or more processors.

The terms "component", "module", "system" and the like are used in this specification to refer to a computer-related entity, hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be components. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. A component may, for example, be based on a signal having one or more packets of data (e.g., data from two components interacting with another component between a local system, a distributed system, and/or a network, such as the Internet via a signal interacting with other systems). Communicate through local and/or remote processes.

Those of ordinary skill in the art can appreciate that various illustrative logical blocks (illustrative logical blocks) and steps (steps) described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. accomplish. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated. to another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

A unit described as a separate component may or may not be physically separated, and a component displayed as a unit may or may not be a physical unit, that is, it may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, each functional unit in each embodiment of the present application may be integrated into one processing module, each unit may exist separately physically, or two or more units may be integrated into one unit. If the functions are realized in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium.

The above is only the specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application, and should cover Within the protection scope of this application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims

A communication method, characterized in that, comprising:

The network device sends a first message to the terminal device, the first message is not protected by security, and the first message includes first user configuration information of the terminal device;

The network device sends a second message to the terminal device, the second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is related to the The configuration information of the first user is different;

The network device performs data transmission with the terminal device according to the second user configuration information.
The method according to claim 1, wherein the second message is a radio resource control layer message; and/or,

The second user configuration information is used to assist message transmission of at least one of a medium access control layer, a radio link control layer, or a physical layer.
The method according to claim 1 or 2, further comprising:

The network device sends a third message to the terminal device, where the third message includes first indication information, and the first indication information is used to indicate a first correspondence corresponding to the terminal device, and the first correspondence The relationship is the correspondence between the information type identifier and the index value;

The network device sends a fourth message to the terminal device, where the fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence.
The method according to any one of claims 1-3, wherein the third message is a radio resource control layer message; and/or,

The fourth message is a medium access control layer message, a radio link control layer message, or a physical layer message.
The method according to any one of claims 1-4, wherein the method further comprises:

The network device sends a third message to the terminal device, the third message includes second indication information, the second indication information is used to indicate a third correspondence, and the third correspondence includes the terminal equipment The corresponding relationship between the cell identities of the N1 secondary cells and the cell index number; the N1 is a positive integer; wherein, the third corresponding relationship is obtained based on N0 cells, and the N0 cells include the N1 secondary cells and preset N2 interfering cells, where N2 is a positive integer, and N0 is the sum of N1 and N2;

The network device sends a fourth message to the terminal device, the fourth message includes a first field, and the first field carries: activation indication information corresponding to cell index numbers of N0 cells, and the cell index numbers of the N0 cells The activation indication information corresponding to the cell index number is used to indicate whether the cell is activated or deactivated.
The method according to claim 5, wherein the third correspondence includes the correspondence between the cell identities of the N0 cells and the cell index numbers, and the third correspondence includes the first interfering cell The corresponding relationship between the cell identifier and the first cell index number;

The fourth correspondence includes the correspondence between the cell identity of the first interfering cell and the second cell index number;

The first cell index number is different from the second cell index number;

Wherein, the fourth correspondence is a correspondence between the secondary cell of the other terminal equipment corresponding to the terminal equipment other than the terminal equipment and the preset cell identifier and cell index number of at least one interfering cell; or,

The third correspondence is a correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interference The corresponding relationship between the cell ID of the cell and the cell index number.
The method according to any one of claims 1-6, wherein the network device sends the second message to the terminal device, comprising:

The network device sends the second message to the terminal device according to the indication information that the configuration information of the terminal device needs to be protected by security.
The method according to claim 7, wherein the indication information indicating that the configuration information of the terminal device needs to be protected includes at least one of the following:

The third indication information received by the network device; the third indication information is used to indicate that the configuration information of the terminal device needs to be protected by security;

The access layer security mode command completion message received by the network device, the access layer security mode command completion message is used to indicate the activation of the access layer security protection;

Preset configuration information of the network device;

Information indicating that the information type of the information to be sent matches the preset information type to be protected by security; or,

Capability information of the terminal device, capability information of the network device.
A communication method, characterized in that, comprising:

The terminal device receives a first message from the network device, the first message is not protected by security, and the first message includes first user configuration information of the terminal device;

The terminal device receives a second message from the network device, the second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is related to the The first user configuration information is different;

The terminal device performs data transmission according to the second user configuration information.
The method according to claim 9, wherein the second message is a radio resource control layer message; and/or,

The terminal device performing data transmission according to the second user configuration information includes: the terminal device transmitting the physical layer, media access control layer or radio link control layer according to the second user configuration information in the second message A message for at least one item in the layer.
The method according to claim 9 or 10, further comprising:

The terminal device receives a third message from the network device, where the third message includes first indication information, where the first indication information is used to indicate a first correspondence corresponding to the terminal device, and the first The corresponding relationship is the corresponding relationship between the information type identifier and the index value;

The terminal device receives a fourth message sent from the network device to the terminal device, where the fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence .
The method according to any one of claims 9-11, wherein the third message is a radio resource control layer message; and/or,

The fourth message is a medium access control layer message, a radio link control layer message, or a physical layer message.
The method according to any one of claims 9-12, wherein the method further comprises:

The terminal device receives a third message from the network device, where the third message includes second indication information, and the second indication information is used to indicate a third correspondence, and the third correspondence includes the terminal Correspondence between cell identities and cell index numbers of the N1 secondary cells of the device; the N1 is a positive integer; wherein, the third correspondence is obtained based on N0 cells, and the N0 cells include the N1 secondary cells and preset N2 interfering cells, where N2 is a positive integer, and N0 is the sum of N1 and N2;

The terminal device receives from the network device, the fourth message includes a first field, and the first field carries: activation indication information corresponding to cell index numbers of N0 cells, and cell index numbers of cells in the N0 cells The activation indication information corresponding to the number is used to indicate whether the cell is activated or deactivated.
The method according to claim 13, wherein the third correspondence is a correspondence between cell identities and cell index numbers of the N0 cells, and the third correspondence includes the first interfering cell The corresponding relationship between the cell identifier and the first cell index number;

The fourth correspondence includes the correspondence between the cell identity of the first interfering cell and the second cell index number;

The first cell index number is different from the second cell index number;

Wherein, the fourth correspondence is a correspondence between the secondary cell of the other terminal equipment corresponding to the terminal equipment other than the terminal equipment and the preset cell identifier and cell index number of at least one interfering cell; or,

The third correspondence is a correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interference The corresponding relationship between the cell ID of the cell and the cell index number.
A network device, characterized in that it includes a processing module and a communication module:

The processing module is used for:

Send a first message to the terminal device through the communication module, and send a second message to the terminal device, the first message is not protected by security, and the first message includes the first user configuration information of the terminal device; The second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is different from the first user configuration information.
The network device according to claim 15, wherein the second message is a radio resource control layer message; and/or,

The second user configuration information is used to assist message transmission of at least one of a medium access control layer, a radio link control layer, or a physical layer.
The network device according to claim 15 or 16, wherein the communication module is also used for:

sending a third message to the terminal device, where the third message includes first indication information, the first indication information is used to indicate a first correspondence corresponding to the terminal equipment, and the first correspondence is an information type The correspondence between the identifier and the index value;

Sending a fourth message to the terminal device, where the fourth message includes: an index value corresponding to the information type identifier corresponding to the fourth message in the first correspondence.
The network device according to any one of claims 15-17, wherein the third message is a radio resource control layer message; and/or,

The fourth message is a medium access control layer message, a radio link control layer message, or a physical layer message.
The network device according to any one of claims 15-18, wherein the communication module is further used for:

sending a third message to the terminal device, where the third message includes second indication information, where the second indication information is used to indicate a third correspondence, and the third correspondence includes N1 secondary The corresponding relationship between the cell identity of the cell and the cell index number; the N1 is a positive integer; wherein, the third corresponding relationship is obtained according to N0 cells, and the N0 cells include the N1 secondary cells and N2 preset interfering cells, the N2 is a positive integer, and the N0 is the sum of the N1 and the N2;

Send a fourth message to the terminal device, the fourth message includes a first field, and the first field carries: activation indication information corresponding to cell index numbers of N0 cells, where the cell index numbers of the N0 cells correspond to The activation indication information is used to indicate whether the cell is activated or not activated.
The network device according to claim 19, wherein the third correspondence includes the correspondence between the cell identities of the N0 cells and the cell index numbers, and the third correspondence includes the first interfering cell The corresponding relationship between the cell identity of the cell and the first cell index number;

The fourth correspondence includes the correspondence between the cell identity of the first interfering cell and the second cell index number;

The first cell index number is different from the second cell index number;

Wherein, the fourth correspondence is a correspondence between the secondary cell of the other terminal equipment corresponding to the terminal equipment other than the terminal equipment and the preset cell identifier and cell index number of at least one interfering cell; or,

The third correspondence is a correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interference The corresponding relationship between the cell ID of the cell and the cell index number.
The network device according to any one of claims 15-20, wherein the processing module is specifically used for:

Sending the second message to the terminal device through the communication module according to the indication information used to indicate that the configuration information of the terminal device needs to be protected by security.
The network device according to claim 21, wherein the indication information for indicating that the configuration information of the terminal device needs to be protected by security includes at least one of the following:

The third indication information received by the network device; the third indication information is used to indicate that the configuration information of the terminal device needs to be protected by security;

The access layer security mode command completion message received by the network device, the access layer security mode command completion message is used to indicate the activation of the access layer security protection;

Preset configuration information of the network device;

Information indicating that the information type of the information to be sent matches the preset information type to be protected by security; or,

Capability information of the terminal device, capability information of the network device.
A terminal device, characterized in that it includes a communication module and a processing module;

The processing module is used for:

receiving a first message from a network device through the communication module, the first message is not protected by security, and the first message includes first user configuration information of the terminal device;

Receive a second message from the network device through the communication module, the second message is protected by security, the second message includes second user configuration information of the terminal device, and the second user configuration information is related to the second user configuration information of the terminal device. The first user configuration information is different;

performing data transmission through the communication module according to the second user configuration information.
The terminal device according to claim 23, wherein the second message is a radio resource control layer message; and/or,

The processing module is specifically configured to: transmit a message of at least one of a media access control layer, a radio link control layer, or a physical layer through the communication module according to the second user configuration information.
The terminal device according to claim 23 or 24, wherein the processing module is further used for:

Receive a third message from the network device through the communication module, the third message includes first indication information, and the first indication information is used to indicate a first correspondence corresponding to the terminal device, the first indication information The one-to-one correspondence is the correspondence between the information type identifier and the index value;

A fourth message sent from the network device to the terminal device is received by the communication module, the fourth message includes: an index corresponding to the information type identifier corresponding to the fourth message in the first correspondence value.
The terminal device according to any one of claims 23-25, wherein the third message is a radio resource control layer message; and/or,

The fourth message is a medium access control layer message, a radio link control layer message, or a physical layer message.
The terminal device according to any one of claims 23-26, wherein the processing module is further configured to:

Receive a third message from the network device through the communication module, the third message includes second indication information, the second indication information is used to indicate a third correspondence, and the third correspondence includes the The corresponding relationship between cell identities and cell index numbers of the N1 secondary cells of the terminal device; the N1 is a positive integer; wherein, the third corresponding relationship is obtained based on N0 cells, and the N0 cells include all The N1 secondary cells and the preset N2 interfering cells, the N2 is a positive integer, and the N0 is the sum of the N1 and the N2;

Received from the network device through the communication module, the fourth message includes a first field, and the first field carries: activation indication information corresponding to the cell index numbers of N0 cells, and the cells of the cells in the N0 cells The activation indication information corresponding to the index number is used to indicate whether the cell is activated or not activated.
The terminal device according to claim 27, wherein the third correspondence is a correspondence between cell identities and cell index numbers of the N0 cells, and the third correspondence includes the first interfering cell The corresponding relationship between the cell identity of the cell and the first cell index number;

The fourth correspondence includes the correspondence between the cell identity of the first interfering cell and the second cell index number;

The first cell index number is different from the second cell index number;

Wherein, the fourth correspondence is a correspondence between the secondary cell of the other terminal equipment corresponding to the terminal equipment other than the terminal equipment and the preset cell identifier and cell index number of at least one interfering cell; or,

The third correspondence is a correspondence corresponding to the first bearer of the terminal device, and the fourth correspondence is at least one secondary cell corresponding to the second bearer of the first terminal device and at least one preset interference The corresponding relationship between the cell ID of the cell and the cell index number.
A communication device, characterized in that the device includes a processor and a communication interface,

said communication interface for inputting and/or outputting information;

The processor is configured to execute a computer-executable program, so that the method described in any one of claims 1-14 is executed.
A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program, and when the computer-executable program is invoked by a computer, the computer executes any of claims 1-14. one of the methods described.