WO2023011407A1

WO2023011407A1 - Communication method and apparatus

Info

Publication number: WO2023011407A1
Application number: PCT/CN2022/109421
Authority: WO
Inventors: 雷骜; 李�赫; 吴义壮
Original assignee: 华为技术有限公司
Priority date: 2021-08-04
Filing date: 2022-08-01
Publication date: 2023-02-09
Also published as: CN115706998A

Abstract

Provided in the present application are a communication method and apparatus. The method comprises: a first network element acquiring a first policy, wherein the first policy is a user plane security protection policy of a Uu interface that is used by a first relay device to establish a relay-type protocol data unit (PDU) session when a first terminal device accesses a network by means of the first relay device; the first network element determining a second policy according to the first policy, wherein the second policy is used for determining whether to enable user plane security protection for a PC5 interface between the first terminal device and the first relay device; and the first network element sending the second policy to the first terminal device and/or the first relay device. According to the solution of the present application, a first network element acquires a user plane security protection policy of a Uu interface, so as to determine a user plane security protection policy for a PC5 interface, such that the user plane security protection policy of the Uu interface matches that of the PC5 interface, thereby solving the problems of security protection downgrading, resource wasting, etc. caused by mismatching policies.

Description

Communication method and device

This application claims the priority of a Chinese patent application with application number 202110889754.7 and application title "Communication Method and Device" filed with the China Patent Office on August 4, 2021, the entire contents of which are incorporated herein by reference.

technical field

The present application relates to the technical field of communication, and more specifically, to a communication method and device.

Background technique

In order to improve the utilization rate of wireless spectrum, the cellular communication network introduces proximity services (Proximity services, ProSe) communication. When the terminal device is out of network coverage or the communication quality with the access network device is poor, the terminal device can perform auxiliary communication through the relay device. That is, the terminal device communicates with the relay device, and the relay device communicates with the access network device, so that the terminal device can access the network and obtain corresponding services. However, the security protection strategy of the Uu interface used by the relay device to establish a relay-type protocol data unit (protocol data unit, PDU) session may be different from the security protection strategy of the PC5 interface used by the relay device to establish a PC5 connection with the terminal device. Matching, resulting in the degradation of security protection, waste of resources and other issues. Therefore, how to make the relay device establish a relay type PDU session and match the strategy used by the PC5 connection is an urgent problem to be solved.

Contents of the invention

The present application provides a communication method and device.

In a first aspect, a communication method is provided, and the method includes:

The first network element obtains the first policy, and the first policy is when the first terminal device accesses the network through the first relay device, the Uu interface user plane security used by the first relay device to establish a relay-type protocol data unit PDU session protection strategy.

The first network element determines a second policy according to the first policy, and the second policy is used to determine whether to enable user plane security protection of the PC5 interface between the first terminal device and the first relay device.

The first network element sends the second policy to the first terminal device and/or the first relay device.

According to the solution of this application, the first network element can obtain the Uu interface user plane security protection policy, and determine the PC5 interface user plane security protection policy according to the Uu interface user plane security protection policy, so that the Uu interface and PC5 interface user plane security protection strategy matches. If the user plane security protection policies of the Uu interface and the PC5 interface match, that is, the Uu interface and the PC5 interface use the same level of user plane security protection, the user plane security protection of both the Uu interface and the PC5 interface can be enabled or disabled. In contrast, if the user plane security protection policies of the Uu interface and the PC5 interface do not match, for example, the user plane security protection of the Uu interface is enabled but the user plane security protection of the PC5 interface is not enabled, the first terminal device and the first relay The PC5 connection established between the devices is weak against external attacks, and the Uu interface user plane security protection of the first relay device does not play its due role, or the Uu interface user plane security protection is not enabled, and the PC5 interface is enabled User plane security protection, when the first relay device does not need to enable the Uu interface user plane security protection, the PC5 connection established between the first terminal device and the first relay device enables the user plane security protection, resulting in Waste of device processing and network resources. Therefore, adopting the solution of the present application can match the user plane security protection policy of the Uu interface and the PC5 interface, and solve problems such as security protection degradation and resource waste caused by policy mismatch.

With reference to the first aspect, in some implementation manners of the first aspect, the second policy is the user plane security protection policy of the PC5 interface or whether to enable the user plane security protection of the PC5 interface. The first network element determines the second strategy according to the first strategy, including:

When the first policy indicates enabling the user plane security protection of the Uu interface, the first network element determines a second policy, and the second policy indicates enabling the user plane security protection of the PC5 interface. When the first policy indicates that the user plane security protection of the Uu interface is not enabled, the first network element determines a second policy, and the second policy indicates that the user plane security protection of the PC5 interface is not enabled. When the first policy indicates preference to enable user plane security protection of the Uu interface, the first network element determines a second policy, and the second policy indicates preference to enable user plane security protection of the PC5 interface. With reference to the first aspect, in some implementations of the first aspect, when the first policy indicates that the user plane security protection of the Uu interface is preferred, the method further includes:

The first network element determines whether to enable user plane security protection of the PC5 interface. The first network element sends first indication information to the first remote terminal and/or the first relay device, where the first indication information is used to indicate whether to enable user plane security protection of the PC5 interface.

In combination with the first aspect, in some implementations of the first aspect, the method further includes:

The first network element obtains the third policy, and the third policy is the Uu interface signaling plane security protection policy used by the first relay device to establish a relay-type PDU session when the first terminal device accesses the network through the first relay device . The first network element determines a fourth policy according to the third policy, and the fourth policy is used to determine whether to enable the signaling plane security protection of the PC5 interface between the first terminal device and the first relay device. The first network element sends the fourth policy to the first remote terminal and/or the first relay device.

According to the scheme of the present application, the first network element can obtain the Uu interface signaling plane security protection policy, and determine the PC5 interface signaling plane security protection policy according to the Uu interface signaling plane security protection policy, so that the Uu interface and the PC5 interface signal Match the face security protection policy.

With reference to the first aspect, in some implementation manners of the first aspect, the third policy is the signaling plane security protection policy of the PC5 interface or whether to enable the signaling plane security protection of the PC5 interface. The first network element determines a fourth strategy according to the third strategy, including:

When the third policy indicates enabling the signaling plane security protection of the Uu interface, the first network element determines a fourth policy, and the fourth policy indicates enabling the signaling plane security protection of the PC5 interface. When the third policy indicates that the signaling plane security protection of the Uu interface is not enabled, the first network element determines a fourth policy, and the fourth policy indicates that the signaling plane security protection of the PC5 interface is not enabled.

With reference to the first aspect, in some implementations of the first aspect, when the second policy indicates enabling the user plane security protection of the PC5 interface, the method further includes:

The first network element determines a fourth policy according to the second policy, and the fourth policy indicates enabling signaling plane security protection of the PC5 interface.

The first network element determines ProSe parameters corresponding to the first terminal device and/or the first relay device. The first network element sends a first request message to the second network element, where the first request message is used to request a first policy, and the first request message includes a ProSe parameter.

The first network element obtains the first policy, including:

The first network element obtains the first policy from the second network element.

The first network element determines ProSe parameters corresponding to the first terminal device and/or the first relay device. The first network element obtains the first policy, including:

The first network element acquires the first policy locally at least according to the ProSe parameter.

In a second aspect, a communication method is provided, and the method includes:

A second correspondence is obtained, where the second correspondence is a one-to-one correspondence between N ProSe parameters of adjacent services and N second strategies, where N is a positive integer. Wherein, the second correspondence is associated with the first correspondence, the first correspondence is a one-to-one correspondence between N ProSe parameters and N first policies, and the first policy is a Uu interface user plane security protection policy. Get the first ProSe parameter. According to the second correspondence, determine the second strategy corresponding to the first ProSe parameter, and the second strategy corresponding to the first ProSe parameter is used to determine whether to enable the user plane security protection of the PC5 interface between the first terminal device and the first relay device . The PC5 connection is established according to the second policy corresponding to the first ProSe parameter.

According to the solution of the present application, the first terminal device and the first relay device may respectively acquire the second correspondence, and the second correspondence is associated with the first correspondence. On this basis, when the first terminal device and the first relay device obtain the same first ProSe parameter, the second policy corresponding to the first ProSe parameter can be determined, and the PC5 connection can be established using this policy. In addition, since the second correspondence is associated with the first correspondence, the Uu interface user plane security protection policy used by the first relay device when establishing the relay PDU session is the same as the PC5 interface user plane security protection policy used to establish the PC5 connection matching.

With reference to the second aspect, in some implementation manners of the second aspect, the method further includes:

A fourth correspondence is acquired, where the fourth correspondence is a one-to-one correspondence between N ProSe parameters of adjacent services and N fourth strategies, where N is a positive integer. Wherein, the fourth correspondence is associated with the third correspondence, the third correspondence is a one-to-one correspondence between N ProSe parameters and N third strategies, and the third strategy is a Uu interface signaling plane security protection strategy. According to the fourth correspondence, determine the fourth policy corresponding to the first ProSe parameter, and the fourth policy corresponding to the first ProSe parameter is used to determine whether to enable the signaling plane security of the PC5 interface between the first terminal device and the first relay device Protect.

According to the solution of the present application, the first terminal device and the first relay device may respectively acquire the fourth correspondence, and the fourth correspondence is associated with the third correspondence. On this basis, when the first terminal device and the first relay device have acquired the same first ProSe parameter, a fourth strategy corresponding to the first ProSe parameter can be determined, and the PC5 connection can be established using this strategy. In addition, since the fourth correspondence is associated with the third correspondence, the Uu interface signaling plane security protection strategy used by the first relay device when establishing a relay PDU session is the same as the PC5 interface signaling plane security policy used to establish a PC5 connection. match the protection strategy.

In a third aspect, a communication method is provided, and the method includes:

The third network element obtains the second policy, where the second policy is a PC5 interface user plane security protection policy used when the first terminal device establishes a PC5 connection with the first relay device.

The third network element determines the first strategy according to the second strategy, and the first strategy is a Uu interface user plane security protection strategy used by the first relay device to establish a relay-type protocol data unit PDU session.

The third network element establishes a relay-type PDU session for the first relay device according to the first policy.

According to the solution of this application, when the third network element needs to establish a relay-type PDU session for the first relay device, the third network element can use the PC5 The interface user plane security protection policy is used to determine the Uu interface user plane security protection policy used by the first relay device to establish a relay-type PDU session, so that the first relay device establishes the PC5 connection using the same strategy as the relay-type PDU session. The policy used by the PDU session matches.

With reference to the third aspect, in some implementation manners of the third aspect, the third network element determines the first strategy according to the second strategy, including:

When the second policy indicates enabling the user plane security protection of the PC5 interface, the third network element determines the first policy, and the first policy indicates enabling the user plane security protection of the Uu interface. When the second policy indicates that the user plane security protection of the PC5 interface is not enabled, the third network element determines the first policy, and the first policy indicates that the user plane security protection of the Uu interface is not enabled. When the second policy indicates preference to enable the user plane security protection of the PC5 interface, the third network element determines the first policy, and the first policy indicates preference to enable the user plane security protection of the Uu interface.

In combination with the third aspect, in some implementations of the third aspect, the method further includes:

The third network element acquires a fourth policy, where the fourth policy is a PC5 interface signaling plane security protection policy used when the first terminal device establishes a PC5 connection with the first relay device.

The third network element determines a third strategy according to the fourth strategy, and the first strategy is a Uu interface signaling plane security protection strategy used by the first relay device to establish a relay-type PDU session.

The third network element establishes a relay-type PDU session for the first relay device according to the third policy.

In a fourth aspect, a communication device is provided, and the communication device includes a module or a unit configured to execute the method in any possible implementation manner of the first aspect.

In a fifth aspect, a communication device is provided, including:

The transceiver unit is configured to obtain a second correspondence, where the second correspondence is a one-to-one correspondence between N adjacent service ProSe parameters and N second strategies, where N is a positive integer. Wherein, the second correspondence is associated with the first correspondence, the first correspondence is a one-to-one correspondence between N ProSe parameters and N first policies, and the first policy is a Uu interface user plane security protection policy.

The transceiver unit is further configured to obtain the first ProSe parameter.

The processing unit is configured to determine a second strategy corresponding to the first ProSe parameter according to the second correspondence, and the second strategy corresponding to the first ProSe parameter is used to determine whether to enable the PC5 interface between the first terminal device and the first relay device user plane security protection.

The processing unit is further configured to establish the PC5 connection according to the second policy corresponding to the first ProSe parameter.

In combination with the fifth aspect, in some implementations of the fifth aspect,

The transceiver unit is further configured to acquire a fourth correspondence, where the fourth correspondence is a one-to-one correspondence between N adjacent service ProSe parameters and N fourth strategies, where N is a positive integer. Wherein, the fourth correspondence is associated with the third correspondence, the third correspondence is a one-to-one correspondence between N ProSe parameters and N third strategies, and the third strategy is a Uu interface signaling plane security protection strategy.

The processing unit is further configured to determine a fourth strategy corresponding to the first ProSe parameter according to the fourth correspondence, and the fourth strategy corresponding to the first ProSe parameter is used to determine whether to enable the PC5 between the first terminal device and the first relay device. Interface signaling plane security protection.

In a sixth aspect, a communication device is provided, including:

The transceiver unit is configured to acquire a second policy, which is a PC5 interface user plane security protection policy used when the first terminal device establishes a PC5 connection with the first relay device.

The processing unit is configured to determine the first strategy according to the second strategy, and the first strategy is a Uu interface user plane security protection strategy used by the first relay device to establish a relay-type protocol data unit PDU session.

The processing unit is further configured to establish a relay-type PDU session for the first relay device according to the first policy.

With reference to the sixth aspect, in some implementation manners of the sixth aspect, the processing unit is configured to determine the first strategy according to the second strategy, including:

When the second policy indicates to enable the user plane security protection of the PC5 interface, the processing unit determines the first policy, and the first policy indicates to enable the user plane security protection of the Uu interface. When the second policy indicates that the user plane security protection of the PC5 interface is not enabled, the processing unit determines the first policy, and the first policy indicates that the user plane security protection of the Uu interface is not enabled. When the second policy indicates preference to enable the user plane security protection of the PC5 interface, the processing unit determines the first policy, and the first policy indicates preference to enable the user plane security protection of the Uu interface.

In combination with the sixth aspect, in some implementations of the sixth aspect,

The transceiver unit is further configured to acquire a fourth policy, which is a PC5 interface signaling plane security protection policy used when the first terminal device establishes a PC5 connection with the first relay device.

The processing unit is further configured to determine a third strategy according to the fourth strategy, where the first strategy is a Uu interface signaling plane security protection strategy used by the first relay device to establish a relay-type PDU session.

The processing unit is further configured to establish a relay-type PDU session for the first relay device according to the third strategy.

In a seventh aspect, a communication device is provided, including at least one processor. The memory is used to store computer programs. When the communication device is running, the processor executes the computer programs or instructions stored in the memory, so that the communication device executes the method in any possible implementation manner of the first aspect to the third aspect.

In an eighth aspect, a computer-readable storage medium is provided, including a computer program. When the computer program runs on a computer, the computer executes the method in any possible implementation manner of the first aspect to the third aspect.

In a ninth aspect, a chip is provided, and a processing circuit is disposed on the chip, and the processing circuit is configured to execute the method in any possible implementation manner of the first aspect to the third aspect.

In a tenth aspect, a computer program product is provided, and the computer program product includes: a computer program (also referred to as code, or instruction), when the computer program is executed, the computer executes any one of the first aspect to the third aspect. method in one possible implementation.

Description of drawings

Fig. 1 shows the architecture of a communication system to which the embodiment of the present application is applicable.

Fig. 2 shows an example of a schematic interaction diagram of the method proposed in this application.

Fig. 3 shows another example of a schematic interaction diagram of the method proposed in this application.

Fig. 4 shows another example of a schematic interaction diagram of the method proposed in this application.

Fig. 5 shows another example of a schematic interaction diagram of the method proposed in this application.

Fig. 6 shows a schematic block diagram of a communication device provided by the present application.

Fig. 7 shows another schematic block diagram of a communication device provided by this application.

Detailed ways

The technical solution in this application will be described below with reference to the accompanying drawings.

Some terms involved in this application will be described below with reference to FIG. 1 .

1. Core network

The core network includes, but is not limited to, data storage management network elements, mobility management network elements, network open network elements, user plane function network elements, and session management network elements.

Wherein, the data storage management network element is a network element used to store and manage the data of the terminal equipment, for example, in a 5G network, it may be a unified data management function network element (unified data management, UDM). In the future communication system, the unified data management function network element may still be a UDM network element, or may have other names, which are not limited in this application.

The mobility management network element is a network element used to manage the mobility of terminal equipment. For example, in a 4G network, it may be a mobility management entity (mobility management entity, MME), and in a 5G network, it may be Access and mobility management function (access and mobility management function, AMF) network element. In the future communication system, the access and mobility management functional network element may still be an AMF network element, or may have other names, which are not limited in this application.

The network exposure network element is responsible for providing network functions to third-party applications. For example, in a 5G network, it can be a network exposure function (NEF) network element. In the future communication system, the network element with the network opening function may still be an NEF network element, or may have other names, which are not limited in this application.

The user plane function network element is responsible for forwarding and receiving user data, for example, in a 5G network, it may be a user plane function (user plane function, UPF) network element. In the future communication system, the user plane functional network element may still be a UPF network element, or may have other names, which are not limited in this application.

The session management network element is responsible for the selection of user plane network elements, Internet protocol (internet protocol, IP) address allocation, session establishment, modification, release, etc. For example, in a 5G network, it may be a session management function (session management function, SMF) network element. In the future communication system, the network element with the session management function may still be an SMF network element, or may have other names, which are not limited in this application.

2. Access network equipment

An access network device is a device that provides wireless communication functions for terminal devices. For example, it can be an access point (access point, AP) in WLAN, a base transceiver station (BTS) in GSM or CDMA, or a It is a base station (nodeB, NB) in WCDMA, or a gNB in a new wireless system (new radio, NR) system, or an evolved base station (evolutional node B, eNB or eNodeB) in LTE. In a 5G network , and may also be a radio access network device (radio access network, RAN).

3. Terminal equipment

Terminal equipment may refer to user equipment (user equipment, UE), access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication device, user agent, or user device. The terminal device may also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a Functional handheld devices, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, drones, wearable devices, terminal devices in future 5G networks or future evolution of public land mobile networks (public land mobile network, PLMN), etc., which are not limited in this embodiment of the present application.

It should be understood that the terminal device in this application supports proximity-based services (Proximity-based services, ProSe) communication. That is, the terminal device can establish a side link (side link) connection with the relay device, and access the network through the relay device. The communication between the terminal device and the relay device is through the PC5 interface. When a terminal device accesses the network through a relay device, the terminal device can also be called a remote UE (remote UE).

4. Relay equipment

The relay device also supports ProSe communication. The relay device communicates with the remote UE through the PC5 interface, and the relay device communicates with the access network device through the Uu interface. The relay device may be a terminal device or a wireless access device (for example, an access device deployed by an operator).

The scheme proposed in this application will be described in detail below with reference to FIG. 2 . It should be understood that the solution shown in FIG. 2 can be applied to the communication system in FIG. 1 .

S201. The UDM acquires a first correspondence, where the first correspondence is a correspondence between a proximity-based services (ProSe) parameter and a user plane security protection policy (denoted as the first policy) of the Uu interface. Wherein, the first strategy is a user plane security protection strategy for the Uu interface used by the relay device to establish a relay-type protocol data unit (protocol data unit, PDU) session when the remote UE accesses the network through the relay device. The first policy is used to indirectly determine whether to enable the user plane security protection used by the relay type PDU session established by the relay device.

The following describes how the UDM acquires the first correspondence.

Method 1:

The first correspondence is preconfigured in the UDM.

Method 2:

The UDM obtains the first corresponding relationship from a ProSe application server (ProSe application server) or an application function (application function, AF) network element. It should be noted that the UDM can obtain the first corresponding relationship directly from the ProSe application server or the application function network element, or indirectly obtain the first corresponding relationship through the network exposure function (NEF) network element.

The first corresponding relationship will be described below.

Case 1:

The ProSe parameter is a relay service code (relay service code, RSC) parameter. That is, the first correspondence is the correspondence between the RSC parameter and the first policy. For example, the first corresponding relationship may be the content shown in Table 1.

Table 1

RSC#1RSC#1	第一策略#1First Strategy #1
RSC#2RSC#2	第一策略#2First Strategy #2
RSC#3RSC#3	第一策略#3First Strategy #3

Case 2:

The ProSe parameters are single network slice selection assistance information (single network slice selection assistance information, S-NSSAI) parameters and data network name (data network name, DNN) parameters. That is, the first correspondence is the correspondence between the S-NSSAI and/or the DNN and the first policy. For example, the first corresponding relationship may be the content shown in Table 2.

Table 2

S-NSSAI#1和/或DNN#1S-NSSAI#1 and/or DNN#1	第一策略#1First Strategy #1
S-NSSAI#2和/或DNN#2S-NSSAI#2 and/or DNN#2	第一策略#2First Strategy #2
S-NSSAI#3和/或DNN#3S-NSSAI#3 and/or DNN#3	第一策略#3First Strategy #3

It should be noted that if the ProSe parameter is S-NSSAI and/or DNN information, when the remote UE accesses the network through the relay device, the S-NSSAI parameter used by the relay device to establish a relay-type PDU session should be the same as that in the ProSe parameter The S-NSSAI parameters of the relay device shall be the same, and/or the DNN parameters used by the relay device to establish a relay type PDU session shall be the same as the DNN parameters in the ProSe parameters.

In a possible implementation manner, the relay device and the remote UE are served by the same UDM (for example, UDM#1), and the first corresponding relationship may be configured in UDM#1.

In another possible implementation, the relay device and the remote UE are served by different UDMs (for example, the relay device is served by UDM#1, and the remote UE is served by UDM#2), then UDM#1 and UDM The first corresponding relationship is configured in #2. That is, the same first correspondence is configured in UDM#1 and UDM#2.

S202. The SMF acquires the first correspondence.

This process is similar to S201, wherein there are two ways for SMF to obtain the first corresponding relationship, and the first corresponding relationship can also be divided into two situations. For details, please refer to the method for obtaining the first corresponding relationship in S201, which will not be described here. Let me repeat.

In a possible implementation manner, the method may not include S201, but may include S202; or, the method may include both S201 and S202; or, the method may include S201, but not include S202.

S203, the relay device #1 (an example of the first relay device) sends a first request message to the AMF, where the first request message is used to request the proximity-based services (Proximity-based services, ProSe) parameters corresponding to the relay device #1 , and/or the remote UE#1 (an example of the first terminal device) sends a second request message to the AMF, where the second request message is used to request the proximity-based services (Proximity-based services, ProSe) parameters corresponding to the remote UE#1. Correspondingly, the AMF receives the first request message from the relay device #1 and/or the AMF receives the second request message from the remote UE #1.

In a possible implementation manner, the first request message may also carry information #1, where the information #1 indicates that the relay device #1 has a relay capability. The second request message may also carry information #2, where the information #2 indicates that the remote UE #1 supports accessing the network through the relay device.

It should be noted that the relay device #1 and the remote UE#1 may be served by the same AMF, or may be served by different AMFs.

S204, the AMF determines that the relay device #1 has a relay capability, and/or determines that the remote UE#1 supports network access through the relay device.

It should be understood that the AMF may also determine the relay service supported by the relay device #1, and/or determine the relay service supported by the remote UE#1.

S205. The AMF sends the third request message and/or the fourth request message to the PCF. Correspondingly, the PCF receives the third request message and/or the fourth request message from the AMF.

Wherein, the third request message is triggered by the first request message, and is used to request the ProSe parameter corresponding to the relay device #1, and the fourth request message is triggered by the second request message, and is used to request the ProSe parameter corresponding to the remote UE #1 from the PCF .

Wherein, the AMF may carry the relay service information supported by the relay device #1 in the third request message; the AMF may carry the relay service information of the remote UE#1 in the fourth request message.

It should be noted that if the relay device #1 and the remote UE#1 can be served by the same AMF, the AMF can request the ProSe parameter of the relay device #1 and the ProSe parameter of the remote UE#1 from the same PCF, or, The AMF may also separately request the ProSe parameters of the relay device #1 and the ProSe parameters of the remote UE#1 from different PCFs.

If the relay device #1 and the remote UE#1 are served by different AMFs, the different AMFs may request the ProSe parameters of the relay device #1 and the ProSe parameters of the remote UE#1 from the same PCF, or the different AMFs may also request The ProSe parameters of the relay device #1 and the ProSe parameters of the remote UE #1 may be requested from different PCFs respectively.

S206, the PCF determines the ProSe parameter corresponding to the relay device #1, and/or determines the ProSe parameter corresponding to the remote UE#1.

The PCF determines the ProSe parameters corresponding to the relay device #1 according to the relay service supported by the relay device #1. And/or the PCF determines the ProSe parameter corresponding to the remote UE#1 according to the relay service supported by the remote UE#1.

The ProSe parameters are described below.

Case 1:

Corresponding to case 1 in S201, the ProSe parameter may be an RSC parameter.

Case 2:

Corresponding to case 2 in S201, the ProSe parameters may be S-NSSAI parameters and/or DNN parameters.

It should be understood that the PCF may first determine the RSC parameters, and then determine the S-NSSAI parameters and/or the DNN parameters according to the RSC parameters.

It should be understood that if the remote UE#1 can subsequently access the network through the relay device #1, the ProSe parameters corresponding to the remote UE#1 are the same as the ProSe parameters corresponding to the relay device #1. In the following, it is assumed that the remote UE#1 can access the network through the relay device #1, and the ProSe parameter corresponding to the remote UE#1 and the ProSe parameter corresponding to the relay device #1 are recorded as ProSe parameter #1.

It should be noted that if the ProSe parameter is an S-NSSAI parameter and/or a DNN parameter, when the remote UE#1 accesses the network through the relay device #1, the S-NSSAI parameter used by the relay device #1 to establish a relay type PDU session The NSSAI parameters and/or DNN parameters shall be the same as the S-NSSAI parameters and/or DNN parameters in the ProSe parameters.

S207. The PCF sends a fifth request message to the UDM, where the fifth request message includes ProSe parameter #1. Correspondingly, the UDM receives the fifth request message from the PCF.

ProSe parameter #1 included in the fifth request message will be described below.

Case 1:

Corresponding to case 1 in S201, ProSe parameter #1 may be RSC parameter #1.

Case 2:

Corresponding to case 2 in S201, ProSe parameter #1 may be S-NSSAI parameter #1 and/or DNN parameter #1.

S208. The UDM determines the first policy #1 according to the first correspondence and the ProSe parameter #1.

Several situations in which the UDM determines the first policy #1 according to the first correspondence and the ProSe parameter #1 are introduced below.

Case 1:

Corresponding to case 1 in S201, the first corresponding relationship configured in the UDM is the corresponding relationship between the RSC parameter and the first policy, and the ProSe parameter #1 included in the third request message is the RSC parameter #1, then the UDM according to the RSC parameter # 1 and the first corresponding relationship, the first policy #1 is determined.

Case 2:

Corresponding to case 2 in S201, the first correspondence configured in the UDM is the correspondence between the S-NSSAI parameter and/or the DNN parameter and the first policy, and the ProSe parameter #1 included in the third request message is the S-NSSAI parameter #1 and/or DNN parameter #1, the UDM determines the first strategy #1 according to the S-NSSAI parameter #1 and/or DNN parameter #1 and the first corresponding relationship.

S209. The UDM sends the first policy #1 to the PCF. Accordingly, the PCF receives the first policy #1.

It should be understood that, under any one or several of the following three situations, the method further includes the following S210-S212.

Case A: The method does not include S201 but includes S202.

Situation B: The method includes S201, but in S208 the UDM does not determine the first policy #1; or in S209 the UDM does not send the first policy #1 to the PCF.

Case C: The operator configures the PCF to obtain the first policy #1 from the SMF.

S210, the PCF sends a sixth request message to the SMF, where the sixth request message includes ProSe parameter #1. Correspondingly, the SMF accepts the sixth request message from the PCF.

This process is similar to S207. For details, refer to the description of S207. The only difference is that the UDM in S207 is replaced by the SMF in this step, which will not be repeated here.

S211. The SMF determines a first policy #1 according to the first correspondence and the ProSe parameter #1.

This process is similar to S208, for details, please refer to the description of S208, the only difference is that the UDM in S208 is replaced by the SMF in this step, which will not be repeated here.

S212. The SMF sends the first policy #1 to the PCF. Correspondingly, the PCF receives the first policy #1 from the SMF.

S213, the PCF determines the second strategy (referred to as the second strategy #1) according to the first strategy #1, and the second strategy #1 is used to determine whether to enable the user of the PC5 interface between the remote UE#1 and the relay device #1 Surface security protection. Several situations in which the PCF determines the second policy #1 according to the first policy #1 are introduced below.

Case 1:

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates enabling the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is REQUIRED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 indicates enabling the user plane security protection of the PC5 interface, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is REQUIRED.

Specifically, the second policy #1 is a user plane confidentiality and/or integrity protection policy of the PC5 interface. The first policy #1 indicates to enable the user plane confidentiality protection and/or the user plane integrity protection of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity protection policy of the Uu interface is REQUIRED. Correspondingly, the second policy #1 indicates to enable the user plane confidentiality protection and/or the user plane integrity protection of the PC5 interface, that is, the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is REQUIRED. Optionally, if the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is REQUIRED, then the second policy #1 also indicates that the signaling plane confidentiality protection and/or integrity protection of the PC5 interface is enabled. sexual protection.

Case 2:

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that the user plane security protection of the Uu interface is not enabled, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is NOT NEEDED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 indicates that the user plane security protection of the PC5 interface is not enabled, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is NOT NEEDED.

Specifically, the second policy #1 is a user plane confidentiality and/or integrity protection policy of the PC5 interface. The first policy #1 indicates that the user plane confidentiality and/or user plane integrity protection of the Uu interface is not enabled, that is, the first policy #1 is that the user plane confidentiality and/or integrity protection policy of the Uu interface is NOT NEEDED. Correspondingly, the second policy #1 indicates that the user plane confidentiality and/or user plane integrity protection of the PC5 interface is not enabled, that is, the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is NOT NEEDED.

Optionally, if the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is NOT NEEDED, then the second policy #1 also indicates that the signaling plane confidentiality protection and/or integrity protection of the PC5 interface is not enabled or integrity protection.

Case 3:

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 indicates preference to enable the user plane security protection of the PC5 interface, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is PREFERRED.

Specifically, the second policy #1 is a user plane confidentiality and/or integrity protection policy of the PC5 interface. The first policy #1 indicates preference to enable the user plane confidentiality and/or user plane integrity protection of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity protection policy of the Uu interface is PREFERRED, corresponding Specifically, the second policy #1 indicates preference to enable the user plane confidentiality and/or user plane integrity protection of the PC5 interface, that is, the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is PREFERRED .

Optionally, if the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is PREFERRED, then the second policy #1 also indicates preference to enable the signaling plane confidentiality protection and/or Integrity protection.

Case 4:

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. The PCF can determine whether the user plane security protection of the PC5 interface needs to be enabled between the remote UE #1 and the relay device #1, and determine the second policy #1 accordingly.

In a possible implementation, in the case where the first policy #1 indicates that the Uu interface is preferred for user plane security, the PCF can apply ProSe according to the default configuration of the operator, the existing network load, or the PDU session corresponding to the relay type. The provided requirements determine whether the user plane security protection of the PC5 interface needs to be enabled between the remote UE#1 and the relay device#1, and the specific method is not specifically limited here.

Specifically, the second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. If the PCF determines that the user plane security protection of the PC5 interface needs to be enabled, the PCF determines the second policy #1, and the second policy #1 indicates to enable the user plane security protection of the PC5 interface, that is, the second policy #1 is the user plane security protection of the PC5 interface. The confidentiality and/or integrity protection policy is REQUIRED.

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. If the PCF determines that it is necessary not to enable the user plane security protection of the PC5 interface, the PCF determines the second policy #1, and the second policy #1 indicates that the user plane security protection of the PC5 interface is not enabled, that is, the second policy #1 is the PC5 interface The user plane confidentiality and/or integrity protection policy is NOT NEEDED.

Optionally, if the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is REQUIRED, then the second policy #1 also indicates that the signaling plane confidentiality protection and/or integrity protection of the PC5 interface is enabled. sexual protection.

Case 5:

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 indicates preference to enable the user plane security protection of the PC5 interface, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is PREFERRED.

In addition, the PCF may determine whether to enable the user plane security protection of the PC5 interface according to the operator's default configuration, the existing network load, or the requirements provided by the ProSe application corresponding to the relay type PDU session, and generate the first indication information. The first indication information is used to indicate whether the user plane security protection of the PC5 interface needs to be enabled between the remote UE #1 and the relay device #1.

Specifically, the second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates preference to enable the user plane confidentiality and/or integrity security of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity security protection policy of the Uu interface is PREFERRED. Correspondingly, the second policy #1 indicates preference to enable the user plane confidentiality and/or user plane integrity protection of the PC5 interface, that is, the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is PREFERRED. In addition, if the PCF determines that the user plane security protection of the PC5 interface needs to be enabled, the PCF generates first indication information, where the first indication information indicates enabling the user plane confidentiality and/or integrity protection of the PC5 interface.

The second policy #1 is a user plane security protection policy for the PC5 interface. The first policy #1 indicates preference to enable the user plane confidentiality and/or integrity security of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity security protection policy of the Uu interface is PREFERRED. Correspondingly, the second policy #1 indicates preference to enable the user plane confidentiality and/or user plane integrity protection of the PC5 interface, that is, the second policy #1 is that the user plane confidentiality and/or integrity protection policy of the PC5 interface is PREFERRED. In addition, if the PCF determines that the user plane security protection of the PC5 interface needs not to be enabled, the PCF generates first indication information, and the first indication information indicates that the user plane confidentiality and/or integrity protection of the PC5 interface is not enabled.

Case 6:

The second policy #1 indicates whether to enable the user plane security protection of the PC5 interface. The first policy #1 indicates enabling the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is REQUIRED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 directly instructs to enable the user plane security protection of the PC5 interface.

Specifically, the second policy #1 indicates whether to enable user plane confidentiality and/or integrity protection of the PC5 interface. The first policy #1 indicates that the user plane confidentiality protection and/or the user plane integrity protection of the Uu interface are enabled, that is, the first policy #1 is that the user plane confidentiality and/or integrity protection policy of the Uu interface is REQUIRED, and the corresponding Specifically, the second policy #1 directly indicates to enable the user plane confidentiality protection and/or the user plane integrity protection of the PC5 interface.

Optionally, if the second policy #1 directly indicates to enable the user plane confidentiality and/or integrity protection of the PC5 interface, the second policy #1 also indicates to enable the signaling plane confidentiality and/or integrity protection of the PC5 interface .

Case 7:

The second policy #1 indicates whether to enable the user plane security protection of the PC5 interface. The first policy #1 indicates that the user plane security protection of the Uu interface is not enabled, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is NOT NEEDED. The PCF determines the second policy #1 according to the first policy #1, and the second policy #1 directly indicates that the user plane security protection of the PC5 interface is not enabled.

Specifically, the second policy #1 indicates whether to enable user plane confidentiality and/or integrity protection of the PC5 interface. The first policy #1 indicates that the user plane confidentiality and/or user plane integrity protection of the Uu interface is not enabled, that is, the first policy #1 is that the user plane confidentiality and/or integrity protection policy of the Uu interface is NOT NEEDED, Correspondingly, the second policy #1 directly indicates not to enable user plane confidentiality and/or user plane integrity protection of the PC5 interface.

Case 8:

The second policy #1 indicates whether to enable the user plane security protection of the PC5 interface. The first policy #1 indicates that it is preferred to enable the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED. The PCF can determine whether the user plane security protection of the PC5 interface needs to be enabled between the remote UE #1 and the relay device #1, and determine the second policy #1 accordingly.

In a possible implementation, the PCF can determine whether the connection between the remote UE #1 and the relay device #1 needs Enable the user plane security protection of the PC5 interface. The specific method is not limited here.

Specifically, the second policy #1 indicates whether to enable user plane confidentiality and/or integrity security protection of the PC5 interface. The first policy #1 indicates preference to enable the user plane confidentiality and/or integrity security of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity security protection policy of the Uu interface is PREFERRED. If the PCF determines that the user plane confidentiality and/or integrity security protection of the PC5 interface needs to be enabled, the PCF determines the second policy #1, and the second policy #1 directly indicates that the user plane confidentiality and/or integrity protection of the PC5 interface is enabled .

The second policy #1 indicates whether to enable the user plane confidentiality and/or integrity security protection of the PC5 interface. The first policy #1 indicates preference to enable the user plane confidentiality and/or integrity security of the Uu interface, that is, the first policy #1 is that the user plane confidentiality and/or integrity security protection policy of the Uu interface is PREFERRED. If the PCF determines that it is necessary not to enable the user plane confidentiality and/or integrity security protection of the PC5 interface, the PCF determines the second policy #1, and the second policy #1 directly indicates that the user plane confidentiality and/or integrity of the PC5 interface is not enabled. sexual protection.

S214, the PCF sends the second policy #1 to the remote UE #1 and/or the relay device #1. Correspondingly, the remote UE #1 and/or the relay device #1 receives the second policy #1.

Optionally, if S213 is performed according to Case 5, the PCF simultaneously sends the first indication information to the remote UE#1 and/or the relay device#1.

According to the solution of this application, the PCF can obtain the Uu interface user plane security protection policy, and determine the PC5 interface user plane security protection policy according to the Uu interface user plane security protection policy, so that the Uu interface matches the PC5 interface user plane security protection policy . In contrast, if the user plane security protection policies of the Uu interface and the PC5 interface do not match, for example, the user plane security protection of the Uu interface is enabled but the user plane security protection of the PC5 interface is not enabled, the remote UE#1 and the relay device The PC5 connection established between #1 has a weak ability to resist external attacks, and the user plane security protection of the Uu interface on the relay device #1 does not play its due role, resulting in a waste of resources. Therefore, adopting the solution of the present application can match the user plane security protection policy of the Uu interface and the PC5 interface, and solve problems such as security protection degradation and resource waste caused by policy mismatch.

In a possible implementation manner, the method further includes the following S215-S217.

S215. The PCF acquires the signaling plane security protection policy (referred to as the third policy #1) of the Uu interface corresponding to the relay device #1 and/or the remote UE #1.

Wherein, the third policy #1 is a Uu interface signaling plane security protection policy used by the relay device #1 to establish a relay type PDU session when the remote UE#1 accesses the network through the relay device #1. It should be understood that if the relay device #1 can subsequently access the network through the remote UE#1, the signaling plane security protection policy of the Uu interface corresponding to the relay device #1 and the remote UE#1 may be the same.

It should be understood that, in a possible implementation manner, the integrity protection of the signaling plane of the Uu interface is forcibly enabled, and whether to enable the confidentiality protection of the signaling plane of the Uu interface is determined by the operator.

Optionally, whether the signaling plane integrity and/or confidentiality protection of the Uu interface is enabled is determined by the operator.

The following describes how the PCF obtains the third policy #1:

Method 1:

A third policy #1 is pre-configured in the PCF.

Method 2:

The PCF acquires the third policy #1 from the relay device #1 and/or the access network device corresponding to the remote UE #1.

Method 3:

PCF obtains the third policy #1 from relay device #1 and/or remote UE#1 corresponding to other core network elements. For example, other core network elements can be UDM, AMF, SMF or 5G DDNMF, which is not limited here .

S216, the PCF determines the fourth strategy (referred to as the fourth strategy #1) according to the third strategy #1, and the fourth strategy #1 is used to determine whether to enable the PC5 interface signaling between the remote UE#1 and the relay device #1 Surface security protection.

Several situations in which the PCF determines the fourth strategy #1 according to the third strategy #1 are introduced below.

Case 1:

The third policy #1 indicates to enable the integrity and/or confidentiality protection of the signaling plane of the Uu interface, and the fourth policy #1 indicates to enable the integrity and/or confidentiality protection of the signaling plane of the PC5 interface.

Case 2:

The third policy #1 indicates that the signaling plane integrity and/or confidentiality protection of the Uu interface is not enabled, and the fourth policy #1 indicates that the signaling plane integrity and/or confidentiality protection of the PC5 interface is not enabled.

According to the solution of this application, PCF can obtain the Uu interface signaling plane security protection policy, and determine the PC5 interface signaling plane security protection policy according to the Uu interface signaling plane security protection policy, so that the signaling planes of the Uu interface and PC5 interface are safe Protection policies match.

Optionally, instead of determining the fourth policy #1 according to the third policy #1, the PCF determines the fourth policy #1 according to the second policy #1. Specifically, if the second policy #1 indicates to enable the PC5 interface For user plane confidentiality and/or integrity protection, the PCF determines a fourth policy #1 according to the second policy #1, and the fourth policy #1 indicates enabling the signaling plane confidentiality protection and/or integrity protection of the PC5 interface. In a possible implementation, if the second policy #1 is that the user plane integrity protection/confidentiality protection of the PC5 interface is REQUIRED, then the PCF determines the fourth policy #1 according to the second policy #1, and the fourth policy # 1 indicates that the signaling plane integrity protection/confidentiality protection of the PC5 interface is REQUIRED. In another possible implementation, if the second policy #1 is that the user plane integrity protection/confidentiality protection of the PC5 interface is REQUIRED, then the PCF determines the fourth policy #1 according to the second policy #1, and the fourth policy #1 directly indicates to enable the signaling plane integrity protection/confidentiality protection of the PC5 interface.

S217, the PCF sends the fourth policy #1 to the remote UE #1 and/or the relay device #1. Correspondingly, the remote UE #1 and/or the relay device #1 receives the fourth policy #1.

It should be understood that, in a possible implementation manner, if the second policy #1 determined by the PCF indicates enabling the user plane security protection of the PC5 interface, the PCF may determine to enable the signaling plane security protection of the PC5 interface. That is, the fourth policy #1 and/or the second policy #1 also indicate to enable the signaling plane security protection of the PC5 interface.

S218, when the remote UE #1 and the relay device #1 establish the PC5 connection, establish the user plane security of the PC5 connection according to the second policy #1.

In a possible implementation manner, when the remote UE #1 and the relay device #1 establish the PC5 connection, the signaling plane security of the PC5 connection is established according to the fourth policy #1.

In a possible implementation, if the second policy #1 can indicate to enable the signaling plane confidentiality and/or integrity protection of the PC5 interface at the same time, when the remote UE #1 and the relay device #1 establish the PC5 connection , establish the signaling plane security of the PC5 connection according to the second policy #1.

Optionally, if S213 is performed according to case 5, when the remote UE#1 and the relay device#1 establish the PC5 connection, establish the user plane security of the PC5 connection according to the first indication information.

In a possible implementation, when S213 is performed according to case 5, when the remote UE#1 negotiates with the relay device#1 about the way to enable the user plane security protection of the PC5 connection, it may preferentially establish the The user plane security of the PC5 connection; or, the user plane security of the PC5 connection may not be established according to the first instruction information, and the second policy #1 is still used to establish the user plane security of the PC5 connection, which is not limited in this application .

The solution proposed by this application will be described in detail below with reference to FIG. 3 . It should be understood that the solution shown in FIG. 3 may be applied to the communication system in FIG. 1 .

S301. The PCF acquires a first correspondence.

The manner in which the PCF obtains the first correspondence is introduced below.

Method 1:

The first correspondence is preconfigured in the PCF.

Method 2:

The PCF obtains the first corresponding relationship from a ProSe application server (ProSe application server) or an application function (application function, AF) network element. It should be noted that the PCF can obtain the first corresponding relationship directly from the ProSe application server or the application function network element, or indirectly through the network exposure function (NEF).

Same as in S201, the first correspondence may also include two situations, the only difference is that the UDM in S201 is replaced by the PCF in this step, which will not be repeated here.

S302, the relay device #1 sends a first request message to the AMF, and/or the remote UE#1 sends a second request message to the AMF. Correspondingly, the AMF receives the first request message from the relay device #1 and/or the AMF receives the second request message from the remote UE #1.

For details, reference may be made to the description of S203, which will not be repeated here.

S303. The AMF determines that the relay device #1 has a relay capability, and/or determines that the remote UE#1 supports network access through the relay device.

This process is the same as S204, for details, please refer to the description of S204.

S304. The AMF sends the third request message and/or the fourth request message to the PCF. Correspondingly, the PCF receives the third request message and/or the fourth request message from the AMF.

Wherein, the third request message is triggered by the first request message, and is used to request the ProSe parameter corresponding to the relay device #1, and the fourth request message is triggered by the second request message, and is used to request the ProSe parameter corresponding to the remote UE #1 from the PCF . This process is the same as S205, for details, please refer to the description of S205.

S305, the PCF determines the ProSe parameter corresponding to the relay device #1, and/or determines the ProSe parameter corresponding to the remote UE#1.

This process is the same as S206, for details, please refer to the description of S206.

S306. The PCF determines a first policy #1 according to the first correspondence and the ProSe parameter #1.

This process is similar to S208. That is, the actions performed by the UDM in S208 are performed by the PCF in S306.

S307. The PCF determines the second policy #1 according to the first policy #1. The second policy #1 is used to determine whether to enable the user plane security protection of the PC5 interface between the remote UE #1 and the relay device #1.

This process is the same as S213, for details, please refer to the description of S213.

S308. The PCF sends the second policy #1 to the remote UE #1 and/or the relay device #1. Correspondingly, the remote UE #1 and/or the relay device #1 receives the second policy #1.

This process is the same as S214, for details, please refer to the description of S214.

It should be understood that, similar to S215-S217, the PCF can also determine the fourth policy #1, and send the fourth policy #1 to the remote UE #1 and/or the relay device #1. In order to avoid repetition, no further description is given here .

S309, when the remote UE #1 and the relay device #1 establish the PC5 connection, establish the user plane security of the PC5 connection according to the second policy #1.

This process is the same as S218, for details, please refer to the description of S218.

The scheme proposed in this application will be described in detail below with reference to FIG. 4 . It should be understood that the solution shown in FIG. 4 may be applied to the communication system in FIG. 1 .

S401. The relay device #1 and/or the remote UE#1 acquires a second correspondence, where the second correspondence is a correspondence between a ProSe parameter and a second policy. The second policy is used to determine whether to enable the user plane security protection of the PC5 interface between the remote UE and the relay device.

It should be understood that the second correspondence may be associated with the first correspondence, and the first correspondence is as described in S201 above. In a possible implementation manner, the second correspondence may be determined according to the first correspondence. That is, the association between the second correspondence and the first correspondence is: the user plane security protection policy of the PC5 interface is determined according to the user plane security protection policy of the Uu interface, and the specific determination method can refer to the description in S213, and will not be repeated here .

In a possible implementation manner, the relay device #1 and the remote UE#1 may also obtain a fourth correspondence, the fourth correspondence is the correspondence between the ProSe parameter and the fourth policy, and the fourth policy is used to determine Whether the signaling plane security protection of the PC5 interface between the remote UE#1 and the relay device #1 is enabled.

It should be understood that the fourth correspondence is associated with the third correspondence. The third corresponding relationship is the corresponding relationship between the ProSe parameter and the third strategy, and the third strategy is the signaling plane security protection strategy of the Uu interface. In a possible implementation manner, the fourth correspondence may be determined according to the third correspondence. That is, the association between the fourth correspondence and the third correspondence is: the signaling plane security protection policy of the PC5 interface is determined according to the signaling plane security protection policy of the Uu interface.

The following describes how the relay device #1 acquires the second correspondence and/or the fourth correspondence, and the manner in which the remote UE#1 acquires the second correspondence and/or the fourth correspondence

Method 1:

Configure the second correspondence and/or the fourth correspondence in the universal integrated circuit card (UICC) used by the relay device #1, and when the remote UE#1 accesses the network through the relay device #1 , the relay device #1 inserts the UICC into the relay device #1, and the relay device #1 uses the UICC to establish a relay-type PDU session with the network.

Similarly, the second correspondence and/or the fourth correspondence are configured in the remote UE#1 using the UICC, and when the remote UE#1 accesses the network through the relay device #1, the remote UE#1 inserts the UICC into the remote In UE#1, the remote UE#1 uses the UICC to establish a connection with the relay device#1.

It should be noted that a user equipment (user equipment, UE) is composed of a mobile equipment (mobile equipment, ME) and a UICC. Specifically, the mobile device is a hardware device that does not have the ability to access the network except for emergency functions. After being inserted into the UICC, it can register and subsequently interact with the network as a UE.

Method 2:

Pre-configure the second correspondence and/or the fourth correspondence in a mobile equipment (mobile equipment, ME) of the relay device #1.

It should be understood that the second correspondence and/or the fourth correspondence may be pre-configured in relay device #1 before the UICC is inserted.

Similarly, the second correspondence and/or the fourth correspondence are pre-configured in a mobile equipment (mobile equipment, ME) of the remote UE#1.

It should be understood that, before the UICC is not inserted, the second correspondence and/or the fourth correspondence may be preconfigured in the remote UE#1.

Method 3:

Relay device #1 acquires the second correspondence and/or the fourth correspondence from the ProSe application server.

Similarly, the remote UE#1 acquires the second correspondence and/or the fourth correspondence from the ProSe application server.

The second corresponding relationship and the fourth corresponding relationship will be described below.

Case 1:

ProSe parameters are RSC parameters. That is, the second correspondence is the correspondence between the RSC parameter and the second policy. The fourth correspondence is the correspondence between the RSC parameter and the fourth policy. For example, the second correspondence and the fourth correspondence may be the contents shown in Table 3.

table 3

RSC#1RSC#1	第二策略#1Second Strategy #1	第四策略#1Fourth Strategy #1
RSC#2RSC#2	第二策略#2Second Strategy #2	第四策略#2Fourth Strategy #2
RSC#3RSC#3	第二策略#3Second Strategy #3	第四策略#3Fourth Strategy #3

Case 2:

The ProSe parameters are S-NSSAI parameters and/or DNN parameters. That is, the second correspondence is the correspondence between the S-NSSAI and/or the DNN and the second policy. The fourth correspondence is the correspondence between the S-NSSAI and/or the DNN and the fourth policy. For example, the second correspondence and the fourth correspondence may be the contents shown in Table 4.

Table 4

S-NSSAI#1和/或DNN#1S-NSSAI#1 and/or DNN#1	第二策略#1Second Strategy #1	第四策略#1Fourth Strategy #1
S-NSSAI#2和/或DNN#2S-NSSAI#2 and/or DNN#2	第二策略#2Second Strategy #2	第四策略#2Fourth Strategy #2
S-NSSAI#3和/或DNN#3S-NSSAI#3 and/or DNN#3	第二策略#3Second Strategy #3	第四策略#3Fourth Strategy #3

S402, the relay device #1 sends a first request message to the AMF, and/or the remote UE#1 sends a second request message to the AMF. Correspondingly, the AMF receives the first request message from the relay device #1, and/or receives the second request message from the remote UE#1.

This process is the same as S203, for details, please refer to the description of S203.

S403, the AMF determines that the relay device #1 has a relay capability, and/or determines that the remote UE#1 supports network access through the relay device.

S404. The AMF sends the third request message and/or the fourth request message to the PCF. Correspondingly, the PCF receives the third request message and/or the fourth request message from the AMF.

This process is the same as S205, for details, please refer to the description of S205.

S405, the PCF determines the ProSe parameter corresponding to the relay device #1, and/or determines the ProSe parameter corresponding to the remote UE#1.

S406, the PCF sends the ProSe parameter #1 to the remote UE#1, and/or sends the ProSe parameter #1 to the relay device #1. Correspondingly, the remote UE #1 receives the ProSe parameter #1, and/or the relay device #1 receives the ProSe parameter #1.

S407, the remote UE#1 determines a second policy #1 according to the second correspondence and the ProSe parameter #1. And/or the relay device #1 determines the second policy #1 according to the second correspondence and the ProSe parameter #1.

In a possible implementation manner, the remote UE#1 may also determine the fourth policy #1 according to the fourth correspondence and the ProSe parameter #1. And/or the relay device #1 may also determine the fourth policy #1 according to the fourth correspondence and the ProSe parameter #1.

S408, when the remote UE #1 and the relay device #1 establish the PC5 connection, establish the user plane security of the PC5 connection according to the second policy #1.

According to the solution of the present application, the remote UE#1 and the relay device #1 can obtain the second correspondence and the fourth correspondence respectively, and the second correspondence is associated with the first correspondence, and the fourth correspondence is associated with the The third correspondence is associated. On this basis, when the remote UE#1 and the relay device #1 have acquired the same ProSe parameter #1, the second strategy #1 and the fourth strategy #1 corresponding to the ProSe parameter #1 can be determined, and these strategies can be used to Establish a PC5 connection. In addition, since the second correspondence is associated with the first correspondence, and the fourth correspondence is associated with the third correspondence, the Uu interface security protection policy used by relay device #1 when establishing a relay PDU session is related to establishing a PC5 connection The security protection policy of the PC5 interface used matches.

The scheme proposed in this application will be described in detail below with reference to FIG. 5 . It should be understood that the solution shown in FIG. 5 can be applied to the communication system in FIG. 1 .

S501. The relay device #1 sends a first request message to the AMF, where the first request message is used to request the ProSe parameter corresponding to the relay device #1.

And/or the remote UE#1 sends a second request message to the AMF, where the second request message is used to request the ProSe parameter corresponding to the remote UE#1.

S502. The AMF determines that the relay device #1 has a relay capability, and/or determines that the remote UE#1 supports network access through the relay device.

It should be understood that the AMF may also determine the relay service provided by the remote UE#1, and/or determine the relay service supported by the relay device #1.

S503. The AMF sends the third request message and/or the fourth request message to the PCF. Correspondingly, the PCF receives the third request message from the AMF and/or receives the fourth request message.

Wherein, the AMF may carry the relay service information supported by the relay device #1 in the third request message, and/or carry the relay service information of the remote UE#1 in the fourth request message.

S504, the PCF determines the ProSe parameter corresponding to the relay device #1, and/or determines the ProSe parameter corresponding to the remote UE#1.

In addition, the PCF may also determine the user plane security protection policy of the PC5 interface of the relay device #1 according to the second correspondence relationship. And/or the PCF may also determine the user plane security protection policy of the PC5 interface of the remote UE#1 according to the second correspondence.

In a possible implementation manner, the PCF may also determine the signaling plane security protection policy of the PC5 interface of the relay device #1 according to the fourth correspondence. And/or the PCF may also determine the signaling plane security protection policy of the PC5 interface of the remote UE#1 according to the fourth correspondence.

It should be understood that the second correspondence and the fourth correspondence may be preconfigured in the PCF. The second correspondence is the correspondence between the ProSe parameter and the second policy, the second policy is the user plane security protection policy of the PC5 interface, and the second policy is used to determine whether to enable the PC5 between the remote UE#1 and the relay device #1 Interface user plane security protection. The fourth correspondence is the correspondence between the ProSe parameter and the fourth policy, the fourth policy is the signaling plane security protection policy of the PC5 interface, and the fourth policy is used to determine whether to enable the connection between the remote UE#1 and the relay device #1 The signaling plane security protection of the PC5 interface.

It should be understood that if the remote UE#1 can subsequently access the network through the relay device #1, the ProSe parameters corresponding to the remote UE#1 are the same as the ProSe parameters corresponding to the relay device #1. In the following, it is assumed that remote UE#1 can access the network through relay device #1, and the ProSe parameter corresponding to remote UE#1 and the ProSe parameter corresponding to relay device #1 are recorded as ProSe parameter #1, and remote UE#1 and The user plane security protection strategy of the PC5 interface of the relay device #1 is recorded as the second strategy #1, and the signaling plane security protection strategy of the remote UE#1 and the PC5 interface of the relay device #1 is recorded as the fourth strategy #1 .

S505, the PCF sends the ProSe parameter #1 and the second policy #1 to the relay device #1 and/or the remote UE #1 through the AMF. Correspondingly, the relay device #1 and/or the remote UE #1 receives the ProSe parameter #1 and the second policy #1.

Optionally, the PCF also sends the fourth policy #1 to the relay device #1 and/or the remote UE #1 through the AMF. Correspondingly, the relay device #1 and/or the remote UE #1 receives the fourth policy #1.

In a possible implementation manner, the method further includes: S506, the PCF sends the second correspondence and/or the fourth correspondence to the AMF.

S507, the relay device #1 sends a seventh request message to the AMF, where the seventh request message requests establishment of a relay PDU session, and the seventh request message includes the ProSe parameter #1. Correspondingly, the AMF receives the seventh request message.

S508. The AMF determines, according to the seventh request message, that the relay device #1 can establish a PDU session serving the relay service.

In a possible implementation manner, the AMF may determine whether the relay device #1 can serve the relay service according to the subscription information of the relay device #1, which is not limited here.

In the case that the method includes S506, the method further includes the following S509-S510.

S509, the AMF determines the second policy #1 according to the second correspondence and the ProSe parameter #1, and/or the AMF determines the fourth policy #1 according to the fourth correspondence and the ProSe parameter #1.

S510, the AMF sends an eighth request message to the SMF, the eighth request message requests to establish a relay PDU session for the relay device #1, and the eighth request message includes the second policy #1, the fourth policy #1, and the ProSe parameter # 1. Correspondingly, the SMF receives the eighth request message.

In the case that the method does not include S506, the method also includes the following S511-S514.

S511. The AMF sends a seventh request message to the SMF. The seventh request message includes ProSe parameter #1. Correspondingly, the SMF receives the seventh request message.

S512. The SMF sends a ninth request message to the PCF, where the ninth request message is used to request the security protection policy of the PC5 interface of the relay device #1. The ninth request message includes ProSe parameter #1. Correspondingly, the PCF receives the ninth request message.

S513. The PCF determines the second policy #1 corresponding to the relay device #1 according to the second correspondence and the ProSe parameter #1, and/or the PCF determines the second policy #1 corresponding to the relay device #1 according to the fourth correspondence and the ProSe parameter #1. Four Strategies #1.

S514, the PCF sends the second policy #1 and/or the fourth policy #1 to the SMF. Correspondingly, the SMF receives the second policy #1 and/or the fourth policy #1 from the PCF.

S515, the SMF determines the user plane security protection policy (referred to as the first policy #1) of the Uu interface corresponding to the relay device #1 according to the second policy #1, wherein the first policy #1 is that the remote UE #1 passes through the relay device When #1 accesses the network, the relay device #1 establishes the Uu interface user plane security protection policy used by the relay type PDU session.

And/or the SMF determines the signaling plane security protection policy (referred to as the third policy #1) of the Uu interface corresponding to the relay device #1 according to the fourth policy #1, wherein the third policy #1 is that the remote UE #1 passes through When the relay device #1 accesses the network, the relay device #1 establishes the Uu interface signaling plane security protection policy used by the relay type PDU session.

Several situations in which the SMF determines the first strategy #1 according to the second strategy #1 and/or determines the third strategy #1 according to the fourth strategy #1 are introduced below.

Case 1:

The second policy #1 indicates to enable the user plane security protection of the PC5 interface, and the first policy #1 indicates to enable the user plane security protection of the Uu interface.

In a possible implementation, if the second policy #1 indicates to enable the user plane security protection of the PC5 interface, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is REQUIRED, then the SMF according to the second policy #1 determines the first policy #1, and the first policy #1 indicates to enable the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is REQUIRED.

In another possible implementation, if the second policy #1 is a direct instruction to enable the user plane security protection of the PC5 interface, the SMF determines the first policy #1 according to the second policy #1, and the first policy #1 indicates to enable The user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is REQUIRED.

The fourth policy #1 indicates enabling the signaling plane security protection of the PC5 interface, and the third policy #1 indicates enabling the signaling plane security protection of the Uu interface.

In a possible implementation, if the fourth policy #1 indicates to enable the signaling plane security protection of the PC5 interface, that is, the fourth policy #1 is that the signaling plane security protection policy of the PC5 interface is REQUIRED, then the SMF according to the The fourth policy #1 determines the third policy #1, and the third policy #1 indicates enabling the signaling plane security protection of the Uu interface, that is, the third policy #1 is that the signaling plane security protection policy of the Uu interface is REQUIRED.

In another possible implementation, if the fourth policy #1 directly indicates to enable the signaling plane security protection of the PC5 interface, the SMF determines the third policy #1 according to the fourth policy #1, and the third policy #1 indicates to enable The signaling plane security protection of the Uu interface, that is, the third policy #1 is that the signaling plane security protection policy of the Uu interface is REQUIRED.

Case 2:

The second policy #1 indicates that the user plane security protection of the PC5 interface is not enabled, and the first policy #1 indicates that the user plane security protection of the Uu interface is not enabled.

In a possible implementation, if the second policy #1 indicates that the user plane security protection of the PC5 interface is not enabled, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is NOT NEEDED, then the SMF according to the first The second policy #1 determines the first policy #1, and the first policy #1 indicates that the user plane security protection of the Uu interface is not enabled, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is NOT NEEDED.

In another possible implementation, if the second policy #1 directly indicates that the user plane security protection of the PC5 interface is not enabled, the SMF determines the first policy #1 according to the second policy #1, and the first policy #1 indicates that no Enable the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is NOT NEEDED.

The fourth policy #1 indicates that the signaling plane security protection of the PC5 interface is not enabled, and the third policy #1 indicates that the signaling plane security protection of the Uu interface is not enabled.

In a possible implementation, if the fourth policy #1 indicates that the signaling plane security protection of the PC5 interface is not enabled, that is, the fourth policy #1 is that the signaling plane security protection policy of the PC5 interface is NOT NEEDED, then the SMF Determine the third policy #1 according to the fourth policy #1, the third policy #1 indicates that the signaling plane security protection of the Uu interface is not enabled, that is, the third policy #1 is that the signaling plane security protection policy of the Uu interface is NOT NEEDED .

In another possible implementation, if the fourth policy #1 directly indicates that the signaling plane security protection of the PC5 interface is not enabled, the SMF determines the third policy #1 according to the fourth policy #1, and the third policy #1 indicates The signaling plane security protection of the Uu interface is not enabled, that is, the third policy #1 is that the signaling plane security protection policy of the Uu interface is NOT NEEDED.

Case 3:

The second policy #1 indicates preference to enable the user plane security protection of the PC5 interface, and the first policy #1 indicates preference to enable the user plane security protection of the Uu interface.

In a possible implementation manner, if the second policy #1 indicates that the user plane security protection of the PC5 interface is preferred, that is, the second policy #1 is that the user plane security protection policy of the PC5 interface is PREFERRED, then the SMF according to the second Policy #1 determines the first policy #1, and the first policy #1 indicates preference to enable the user plane security protection of the Uu interface, that is, the first policy #1 is that the user plane security protection policy of the Uu interface is PREFERRED.

The fourth policy #1 indicates preference to enable the signaling plane security protection of the PC5 interface, and the third policy #1 indicates preference to enable the signaling plane security protection of the Uu interface.

In a possible implementation, if the fourth policy #1 indicates preference to enable the signaling plane security protection of the PC5 interface, that is, the fourth policy #1 is that the signaling plane security protection policy of the PC5 interface is PREFERRED, then the SMF according to The fourth policy #1 determines the third policy #1, and the third policy #1 indicates preference to enable the signaling plane security protection of the Uu interface, that is, the third policy #1 is that the signaling plane security protection policy of the Uu interface is PREFERRED.

S516, the SMF establishes a relay PDU session for the relay device #1 according to the first policy #1 and/or the third policy #1.

According to the solution of this application, when the SMF needs to establish a relay-type PDU session for the relay device #1, the SMF can determine the The Uu interface security protection policy used to establish the relay-type PDU session for the relay device #1, so that the policy used by the relay device #1 to establish the PC5 connection matches the policy used to establish the relay-type PDU session.

According to the foregoing method, FIG. 6 is a communication device provided in an embodiment of the present application, where the communication device includes a transceiver unit 601 and a processing unit 602 . The transceiver unit 601 can be used to implement the receiving and sending functions in the method embodiments. Other functions in the method embodiments may be implemented by the processing unit 602 . The transceiver unit can be realized through the input interface and output interface in the data processing chip, and the sending and receiving in the method embodiment correspond to the output and input in the chip respectively. The transceiver unit 601 can also be divided into a receiving unit and a sending unit. The receiving unit can be used to realize the receiving function in the method embodiment, and the sending unit can be used to realize the sending function in the method embodiment. The receiving unit can be realized through the output interface of the data processing chip, and the sending unit can be realized through the input interface of the data processing chip. In addition, the transceiver unit and the processing unit may be implemented by the same chip, which is not limited in this application. It should be understood that the transceiver unit 601 in the embodiment of the present application may also be implemented by a transceiver (including a transmitter and a receiver) or a transceiver-related circuit component, and the processing unit 602 may also be implemented by a processor or a processor-related circuit component (or, Called the processing circuit) implementation.

Exemplarily, when the communication device is the remote UE#1 or the relay device #1, the transceiving unit 601 and the processing unit 602 can support the actions performed by the remote UE#1 or the relay device #1 in the above method example. For example, the transceiver unit 601 can complete the sending of the first request message and the second request message in the above method embodiments, and other processes in the technical solution described herein; the processing unit 602 can complete the establishment of the PC5 connection, and the Other processes in the technical plan.

Exemplarily, when the communication device is an AMF, the transceiving unit 601 and the processing unit 602 can support actions performed by the AMF in the foregoing method example. For example, the transceiver unit 601 can complete the sending of the third request message and the fourth request message in the above method embodiments, and other processes in the technical solutions described herein; the processing unit 602 can complete the determination that the relay device #1 has a relay Capabilities, remote UE#1 supports network access through relay equipment, and other processes in the technical solutions described herein.

Exemplarily, when the communication device is a PCF, the transceiving unit 601 and the processing unit 602 can support actions performed by the PCF in the foregoing method examples. For example, the transceiver unit 601 can complete the sending of the fifth request message in the above method embodiment, and other processes in the technical solution described herein; other processes in the program.

Exemplarily, when the communication device is a UDM, the transceiving unit 601 and the processing unit 602 can support actions performed by the UDM in the above method example. For example, the transceiver unit 601 can complete the sending of the first policy #1 in the above method embodiment, and other processes in the technical solution described herein; the processing unit 602 can complete the first policy #1 according to the determination, and the Other processes in the technical plan.

Exemplarily, when the communication device is an SMF, the transceiving unit 601 and the processing unit 602 can support actions performed by the SMF in the foregoing method example. For example, the transceiver unit 601 can complete the sending of the ninth request message in the above method embodiment, and other processes in the technical solution described herein; And other processes in the technical solutions described herein.

The embodiment of the present application also provides a communication device, as shown in FIG. 7 , including: a processor 701 , a communication interface 702 , and a memory 703 . Wherein, the processor 701, the communication interface 702, and the memory 703 can be connected to each other through a bus 707; the bus 707 can be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus etc. The above bus 707 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 7 , but it does not mean that there is only one bus or one type of bus. The processor 701 may be a central processing unit (central processing unit, CPU), a network processor (network processor, NP) or a combination of CPU and NP. The processor may further include hardware chips. The aforementioned hardware chip may be an application-specific integrated circuit (application-specific integrated circuit, ASIC), a programmable logic device (programmable logic device, PLD) or a combination thereof. The aforementioned PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof. Memory 703 may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory.

The processor 701 is used to implement data processing operations of the communication device. The communication interface 702 is used to realize the transceiving operation of the communication device.

Exemplarily, when the communication device is a remote UE#1 or a relay device #1, the processor 701, the communication interface 702 and the memory 703 can support the above method example completed by the remote UE#1 or the relay device #1 action. For example, the communication interface 702 can complete the sending of the first request message and the second request message in the above method embodiments, and other processes in the technical solutions described herein; the processor 701 can complete the establishment of the PC5 connection, and the Other processes in the technical plan.

Exemplarily, when the communication device is an AMF, the processor 701, the communication interface 702, and the memory 703 can support actions performed by the AMF in the foregoing method example. For example, the communication interface 702 can complete the sending of the third request message and the fourth request message in the above method embodiments, and other processes in the technical solutions described herein; the processor 701 can complete the determination that the relay device #1 has a relay Capabilities, remote UE#1 supports network access through relay equipment, and other processes in the technical solutions described herein.

Exemplarily, when the communication device is a PCF, the processor 701, the communication interface 702, and the memory 703 can support actions performed by the PCF in the foregoing method examples. For example, the communication interface 702 can complete the sending of the fifth request message in the above method embodiment, and other processes in the technical solution described herein; the processor 701 can complete the determination of the second strategy #1, and the technical solution described herein in other processes.

Exemplarily, when the communication device is a UDM, the processor 701, the communication interface 702, and the memory 703 can support actions performed by the UDM in the foregoing method examples. For example, the communication interface 702 can complete the sending of the first policy #1 in the above method embodiment, and other processes in the technical solutions described herein; the processor 701 can complete the determination of the first policy #1, and the technical solutions described herein other processes in the program.

Exemplarily, when the communication device is an SMF, the processor 701, the communication interface 702, and the memory 703 can support the actions performed by the SMF in the above method example. For example, the communication interface 702 can complete the sending of the ninth request message in the above method embodiment, and other processes in the technical solutions described herein; the processor 701 can complete the determination of the first strategy #1, the third strategy #1, and Other processes in the technical solutions described herein.

The technical solution of the embodiment of the present application can be applied to various communication systems, for example: global system of mobile communication (global system of mobile communication, GSM) system, code division multiple access (code division multiple access, CDMA) system, broadband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE Time division duplex (time division duplex, TDD), universal mobile telecommunications system (universal mobile telecommunications system, UMTS), global interconnection microwave access (worldwide interoperability for microwave access, WiMAX) communication system, the future fifth generation (5th generation, 5G) system or new radio (new radio, NR), etc.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

A communication method, characterized in that, comprising:

The first network element obtains the first policy, the first policy is the Uu interface user used by the first relay device to establish a relay-type protocol data unit PDU session when the first terminal device accesses the network through the first relay device Surface security protection strategy;

The first network element determines a second policy according to the first policy, and the second policy is used to determine whether to enable the user plane security of the PC5 interface between the first terminal device and the first relay device Protect;

The first network element sends the second policy to the first terminal device and/or the first relay device.
The method according to claim 1, characterized in that,

The second policy is the user plane security protection policy of the PC5 interface or whether to enable the user plane security protection of the PC5 interface;

The first network element determines a second strategy according to the first strategy, including:

When the first strategy indicates to enable the user plane security protection of the Uu interface, the first network element determines the second strategy, and the second strategy indicates to enable the user plane security protection of the PC5 interface;

When the first strategy indicates that the user plane security protection of the Uu interface is not enabled, the first network element determines the second strategy, and the second strategy indicates that the user plane security protection of the PC5 interface is not enabled;

When the first policy indicates preference to enable user plane security protection of the Uu interface, the first network element determines the second policy, and the second policy indicates preference to enable user plane security protection of the PC5 interface.
The method according to claim 1 or 2, characterized in that,

In the case where the first policy indicates preference to enable user plane security protection of the Uu interface, the method further includes:

The first network element determines whether to enable the user plane security protection of the PC5 interface;

The first network element sends first indication information to the first remote terminal and/or the first relay device, where the first indication information is used to indicate whether to enable user plane security protection of the PC5 interface.
The method according to any one of claims 1-3, further comprising:

The first network element acquires a third policy, the third policy is when the first terminal device accesses the network through the first relay device, the first relay device establishes a relay-type PDU session Uu interface signaling plane security protection strategy used;

The first network element determines a fourth strategy according to the third strategy, and the fourth strategy is used to determine whether to enable signaling of the PC5 interface between the first terminal device and the first relay device surface security protection;

The first network element sends the fourth policy to the first remote terminal and/or the first relay device.
The method according to claim 4, characterized in that,

The third policy is the signaling plane security protection policy of the PC5 interface or whether to enable the signaling plane security protection of the PC5 interface;

The first network element determines a fourth strategy according to the third strategy, including:

When the third strategy indicates enabling the signaling plane security protection of the Uu interface, the first network element determines the fourth strategy, and the fourth strategy indicates enabling the signaling plane security protection of the PC5 interface;

When the third policy indicates that the signaling plane security protection of the Uu interface is not enabled, the first network element determines the fourth policy, and the fourth policy indicates that the signaling plane security protection of the PC5 interface is not enabled.
The method according to any one of claims 1-3, characterized in that,

When the second policy indicates to enable the user plane security protection of the PC5 interface, the method further includes:

The first network element determines a fourth policy according to the second policy, and the fourth policy indicates enabling signaling plane security protection of the PC5 interface.
The method according to any one of claims 1-6, characterized in that,

The method also includes:

determining, by the first network element, ProSe parameters corresponding to the first terminal device and/or the first relay device;

The first network element sends a first request message to the second network element, the first request message is used to request the first policy, and the first request message includes the ProSe parameter;

The obtaining of the first policy by the first network element includes:

The first network element acquires the first policy from the second network element.
The method according to any one of claims 1-6, characterized in that,

The method also includes:

determining, by the first network element, ProSe parameters corresponding to the first terminal device and/or the first relay device;

The obtaining of the first policy by the first network element includes:

The first network element acquires the first policy locally at least according to the ProSe parameter.
A communication device, characterized by comprising:

A transceiver unit, configured to obtain a first policy, the first policy being the Uu interface used by the first relay device to establish a relay-type protocol data unit PDU session when the first terminal device accesses the network through the first relay device User plane security protection strategy;

A processing unit, configured to determine a second policy according to the first policy, and the second policy is used to determine whether to enable the user plane security protection of the PC5 interface between the first terminal device and the first relay device ;

The first network element sends the second policy to the first remote terminal and/or the first relay device.
The device according to claim 9, characterized in that,

The second policy is the user plane security protection policy of the PC5 interface or whether to enable the user plane security protection of the PC5 interface;

The processing unit is configured to determine a second strategy according to the first strategy, including:

When the first strategy indicates to enable the user plane security protection of the Uu interface, the processing unit determines the second strategy, and the second strategy indicates to enable the user plane security protection of the PC5 interface;

When the first strategy indicates that the user plane security protection of the Uu interface is not enabled, the processing unit determines the second strategy, and the second strategy indicates that the user plane security protection of the PC5 interface is not enabled;

When the first policy indicates preference to enable user plane security protection of the Uu interface, the processing unit determines the second policy, and the second policy indicates preference to enable user plane security protection of the PC5 interface.
A device according to claim 9 or 10, characterized in that

In the case where the first policy indicates that the user plane security protection of the Uu interface is preferred to be enabled,

The processing unit is also used to determine whether to enable the user plane security protection of the PC5 interface;

The transceiver unit is further configured to send first indication information to the first remote terminal and/or the first relay device, where the first indication information is used to indicate whether to enable the user plane security protection of the PC5 interface.
The device according to any one of claims 9-11, characterized in that,

The transceiving unit is further configured to obtain a third policy, the third policy being that the first relay device establishes a relay type when the first terminal device accesses the network through the first relay device. The Uu interface signaling plane security protection policy used by the PDU session;

The processing unit is further configured to determine a fourth strategy according to the third strategy, and the fourth strategy is used to determine whether to enable the PC5 interface between the first terminal device and the first relay device. Signaling plane security protection;

The transceiving unit is further configured to send the fourth policy to the first remote terminal and/or the first relay device.
The device according to claim 12, characterized in that,

The third policy is the signaling plane security protection policy of the PC5 interface or whether to enable the signaling plane security protection of the PC5 interface;

The processing unit is further configured to determine a fourth strategy according to the third strategy, including:

When the third policy indicates to enable the signaling plane security protection of the Uu interface, the processing unit determines the fourth policy, and the fourth policy indicates to enable the signaling plane security protection of the PC5 interface;

When the third policy indicates that the signaling plane security protection of the Uu interface is not enabled, the processing unit determines the fourth policy, and the fourth policy indicates that the signaling plane security protection of the PC5 interface is not enabled.
The device according to any one of claims 9-11, characterized in that,

When the second policy indicates to enable the user plane security protection of the PC5 interface,

The processing unit is further configured to determine a fourth policy according to the second policy, and the fourth policy indicates enabling signaling plane security protection of the PC5 interface.
The device according to any one of claims 9-14, characterized in that,

The processing unit is further configured to determine ProSe parameters corresponding to the first terminal device and/or the first relay device;

The transceiver unit is further configured to send a first request message to a second network element, the first request message is used to request the first policy, and the first request message includes the ProSe parameter;

The transceiver unit, configured to obtain the first strategy, includes:

The transceiving unit acquires the first policy from the second network element.
The device according to any one of claims 9-14, characterized in that,

The processing unit is further configured to determine ProSe parameters corresponding to the first terminal device and/or the first relay device;

The transceiver unit, configured to obtain the first strategy, includes:

The transceiving unit obtains the first policy locally at least according to the ProSe parameter.
A communication device, characterized by comprising: a processor and a memory, the processor is used to execute computer programs or instructions stored in the memory, so that the communication device performs the process described in any one of claims 1-8. described method.
A computer-readable storage medium, which is characterized in that it includes a computer program or an instruction, and when the computer program or the instruction is run on a computer, the computer executes the computer program described in any one of claims 1-8. Methods.
A system on a chip, characterized by comprising: at least one processor, configured to execute computer programs or instructions in a memory, so that the method according to any one of claims 1-8 is implemented.