WO2023155911A1

WO2023155911A1 - Communication method and apparatus

Info

Publication number: WO2023155911A1
Application number: PCT/CN2023/077260
Authority: WO
Inventors: 王文会; 熊晓春
Original assignee: 华为技术有限公司
Priority date: 2022-02-18
Filing date: 2023-02-20
Publication date: 2023-08-24
Also published as: CN116669024A

Abstract

Provided in the present application are a communication method and apparatus, which can be applied to various communication systems, such as a 4G system, a 5G system and a WiFi system. The method comprises: acquiring a first encryption parameter and a second encryption parameter which are periodically updated, and using same to generate a dynamic key; and performing physical-layer encryption and decryption on lower-layer signaling using the dynamic key, so as to reduce the risk of the lower-layer signaling being attacked, thereby improving the security of the lower-layer signaling.

Description

Communication method and device

This application claims the priority of a Chinese patent application filed with the State Intellectual Property Office on February 18, 2022, with application number 202210151704.3 and application name "Communication Method and Communication Device", the entire contents of which are incorporated herein by reference.

technical field

The present application relates to the communication field, and in particular to a communication method and device.

Background technique

Currently, high-level signaling can be encrypted to ensure communication security. In other words, the underlying signaling usually does not perform encryption operations, and there are still relatively large information security risks. Taking the protocol architecture diagram of a communication system shown in Figure 1 as an example, the current encryption operation is limited to the non-access stratum (non-access stratum, NAS) and radio resource control (radio resource control, RRC) layer , packet data convergence protocol (packet data convergence protocol, PDCP) and other high-level signaling are encrypted, and the radio link control (radio link control, RLC) layer, media access control (media access control, MAC) layer and physical layer (physical layer, PHY), but without any encryption measures, resulting in poor security of the underlying signaling.

Contents of the invention

The embodiment of the present application provides a communication method and device, which can solve the problem that there is still a certain information security risk due to the lack of encryption measures in the underlying signaling, and can improve the security of the underlying signaling.

In order to achieve the above object, the application adopts the following technical solutions:

In a first aspect, a communication method is provided. The method includes: sending first information to the terminal equipment, and receiving second information from the terminal equipment; the second information indicates that the first information is successfully received. In response to successful reception of the first information, a key is generated based on a preset rule, and the key is used to perform physical layer encryption or decryption.

In a second aspect, a communication method is provided. The method includes: receiving first information from an access network device, and sending second information to the access network device; the second information indicates that the first information is received successfully. In response to successful reception of the first information, a key is generated based on a preset rule, and the key is used to perform physical layer encryption or decryption.

Wherein, the first information and the second information may be carried in an RRC message.

Based on the communication methods described in the first aspect and the second aspect, the access network device and the terminal device can simultaneously start the communication based on the same rule (such as a preset rule) by exchanging handshake information (such as first information and second information). The generated key performs physical layer encryption and decryption operations on the underlying signaling, which can solve the problem that the existing encryption scheme cannot encrypt the underlying signaling, thereby improving the communication security of the underlying signaling.

In a third aspect, a communication method is provided. The method includes: sending third information to the terminal device, where the third information is used to indicate the transmission of the first data. Determining that the first data transmission is successful, and in response to the first data transmission being successful, sending fourth information to the terminal device; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate that it is used for physical layer encryption Or the decryption key needs to be updated, and the second data is different from the first data. A key is generated based on a preset rule, and the second data is encrypted or decrypted at the physical layer using the key.

In a fourth aspect, a communication method is provided. The method includes: receiving third information from an access network device, The third information indicates the transmission of the first data, and if the transmission of the first data is successful, receiving the fourth information from the access network device; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used The second data is different from the first data in order to indicate that a key used for physical layer encryption or decryption needs to be updated. A key is generated based on a preset rule, and the second data is decrypted or encrypted at a physical layer using the key.

Wherein, the third information and the fourth information may be carried in a new data indicator (new data indicator, NDI) field of the downlink control information. The fourth information is used to indicate that the key used for encryption or decryption at the physical layer needs to be updated by using the inversion value of the value of the fourth information in the NDI field as the value of the third information in the NDI field.

Based on the communication methods described in the third aspect and the fourth aspect, the access network device and the terminal device can simultaneously start the communication based on the same rule (such as a preset rule) by exchanging handshake information (such as the third information and the fourth information). The generated key performs physical layer encryption and decryption operations on the underlying signaling, which can solve the problem that existing encryption schemes cannot encrypt the underlying signaling, thereby improving the security of the underlying signaling.

Further, the communication methods described in the first aspect and the second aspect above, as well as the communication methods described in the third aspect and the fourth aspect, can also be used for high-level signaling at the physical layer, such as NAS signaling and RRC signaling , and the data, an encryption and decryption operation is performed to further increase the difficulty of deciphering the high-level signaling and data that have been encrypted by the high-level, thereby further improving the security of the high-level signaling and data.

Wherein, the preset rules include a first rule, a second rule and a third rule. Correspondingly, generating a key based on a preset rule specifically includes: acquiring a first encryption parameter based on a first rule. Based on the second rule, the second encryption parameter is obtained; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter. Based on the third rule, key generation parameters of the key algorithm model are generated using the first encryption parameter and the second encryption parameter. Enter the key generation parameters into the key algorithm model to generate a key. Wherein, the first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining a plurality of first fields based on a first combination rule to obtain a first encryption parameter; the second rule includes: Select a plurality of second fields in the plurality of second messages based on the second selection rule, and combine the plurality of second fields by using the second combination rule to obtain the second encryption parameter; the third rule includes: selecting the first encryption parameter based on the third selection rule A plurality of third fields in an encryption parameter, and/or a plurality of fourth fields in a second encryption parameter, and a third combination rule is used to combine a plurality of third fields, and/or, a plurality of fourth fields, to obtain Key generation parameters for the key algorithm model.

Among them, the key algorithm model can adopt a chaotic key generation algorithm model based on the Latin matrix, such as a chaos logistic model, a chaos Chebyshev model, etc., and the comparison is not limited in this application.

That is to say, both the access network device and the terminal device generate the above two encryption parameters respectively based on the same rules, and generate keys based on the key generation parameters of the same key algorithm model based on the two encryption parameters, so as to ensure The physical layer keys generated by the access network device and the terminal device are the same, so as to ensure the consistency of the physical layer encryption and decryption operations.

Moreover, the key generation parameters of the key algorithm model are generated by the access network device and the terminal device according to the above two encryption parameters based on the same rules, and do not need to be transmitted between the access network device and the terminal device, thereby avoiding encryption The leakage risk of key generation parameters can further improve the security of the underlying signaling.

In addition, since the update period of the first encryption parameter is longer than the update period of the second encryption parameter, for example, the first encryption parameter can be determined according to the high-layer signaling parameter with a longer update period, while the second encryption parameter can be determined according to the physical layer measurement value and/or RRC measurement value determination to further improve the randomness of the physical layer key, Therefore, the security of the underlying signaling is further improved.

Specifically, the key generation parameters may include an initial parameter and a bifurcation parameter, the initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the bifurcation parameter may also be determined according to the first encryption parameter and/or the second encryption parameter , and the initial parameters are different from the bifurcation parameters. For example, the initial parameters and bifurcation parameters can be generated based on different generation rules to ensure that the initial parameters are different from the bifurcation parameters, thereby ensuring the randomness of the generated keys, increasing the difficulty of cracking, and further improving the security of the underlying signaling .

Optionally, the first encryption parameter is determined according to one or more of the following: a high-layer signaling parameter, or a first random number. The second encryption parameter includes one or more of the following: a measurement value, or a second random number. In other words, both the first encryption parameter and the second encryption parameter can be jointly determined according to multiple parameters that are periodically updated. For example, the combination of different bit fields of the multiple parameters can make the generated key unpredictable and random. Thereby increasing the difficulty of cracking to further improve security.

Wherein, the higher layer signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters. The measurement values include one or more of the following: downlink physical layer measurement values, uplink physical layer measurement values, or downlink RRC layer measurement values.

Further, the RRC layer signaling parameters include: user-level physical channel configuration parameters.

In a possible design scheme, using a key to perform physical layer encryption or decryption includes: as a sending end device, a key can be used to perform one or more of the following operations on the constellation points to be sent signaling and/or data: Phase rotation, or rearrangement. Or, as the receiving end device, use the secret key to perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation. In other words, both signaling and/or data receiving and receiving end devices can generate the first encryption parameter and the second encryption parameter based on the same rules, and generate keys based on the same key generation algorithm, which can ensure that the receiving and receiving end devices use the same The key can be used for smooth communication, and there is no need to transmit the key between the sending and receiving end devices, which can avoid the risk of key leakage, thereby further improving security.

In a fifth aspect, a communication device is provided. The device includes: a processing module and a transceiver module. Wherein, the transceiver module is configured to send the first information to the terminal device and receive the second information from the terminal device; the second information indicates that the first information is successfully received. The processing module is configured to generate a key based on preset rules in response to successful reception of the first information, and use the key to perform physical layer encryption or decryption.

In a sixth aspect, a communication device is provided. The device includes: a processing module and a transceiver module. Wherein, the transceiver module is configured to receive the first information from the access network device, and send the second information to the access network device; the second information indicates that the first information is successfully received. The processing module is configured to generate a key based on preset rules in response to successful reception of the first information, and use the key to perform physical layer encryption or decryption.

In a seventh aspect, a communication device is provided. The device includes: a processing module and a transceiver module. Wherein, the transceiver module is configured to send third information to the terminal device, and the third information is used to indicate the transmission of the first data. A processing module, configured to determine that the first data transmission is successful. The transceiver module is further configured to send fourth information to the terminal device in response to successful transmission of the first data; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate that it is used for physical layer encryption or decryption The key of needs to be updated, and the second data is different from the first data. The processing module is further configured to generate a key based on preset rules, and use the key to perform physical layer encryption or decryption on the second data.

In an eighth aspect, a communication device is provided. The device includes: a processing module and a transceiver module. Wherein, the transceiver module is configured to receive third information from the access network device, and the third information is used to indicate the transmission of the first data. The transceiver module is further configured to receive fourth information from the access network device when the first data transmission is successful; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate that it is used for A key for encryption or decryption at the physical layer needs to be updated, and the second data is different from the first data. The processing module is configured to generate a key based on preset rules, and use the key to perform physical layer decryption or encryption on the second data.

Wherein, the third information and the fourth information are carried in the new data indication NDI field of the downlink control information. The fourth information is used to indicate that the key used for encryption or decryption at the physical layer needs to be updated by using the inversion value of the value of the fourth information in the NDI field as the value of the third information in the NDI field.

In a possible design solution, the preset rules include a first rule, a second rule and a third rule. Correspondingly, the processing module is further configured to perform the following steps: acquire a first encryption parameter based on a first rule; acquire a second encryption parameter based on a second rule; the update period of the first encryption parameter is greater than the update period of the second encryption parameter , and the first encryption parameter is different from the second encryption parameter; based on the third rule, use the first encryption parameter and the second encryption parameter to generate the key generation parameter of the key algorithm model; input the key generation parameter into the key algorithm model , to generate a key. Wherein, the first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining a plurality of first fields based on a first combination rule to obtain a first encryption parameter; the second rule includes: Select a plurality of second fields in the plurality of second messages based on the second selection rule, and combine the plurality of second fields by using the second combination rule to obtain the second encryption parameter; the third rule includes: selecting the first encryption parameter based on the third selection rule A plurality of third fields in an encryption parameter, and/or a plurality of fourth fields in a second encryption parameter, and a third combination rule is used to combine a plurality of third fields, and/or, a plurality of fourth fields, to obtain Key generation parameters for the key algorithm model.

Among them, the key algorithm model can adopt a chaotic key generation algorithm model based on the Latin matrix, such as a chaotic logic model, a chaotic Chebyshev model, etc., and the comparison is not limited in this application.

Specifically, the key generation parameters include an initial parameter and a bifurcation parameter, the initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial The parameter is different from the bifurcation parameter.

Optionally, the first encryption parameter is determined according to one or more of the following: a high-layer signaling parameter, or a first random number. The second encryption parameter includes one or more of the following: a measurement value, or a second random number.

In a possible design solution, the processing module is specifically configured to perform the following steps: using a key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement. Alternatively, the key is used to perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.

Optionally, the transceiver module may also include a sending module and a receiving module. Wherein, the sending module is used to realize the sending function of the communication device described in any one of the fifth to eighth aspects, and the receiving module is used to realize the receiving function of the communication device described in any one of the fifth to eighth aspects Function.

Optionally, the communication device according to any one of the fifth aspect to the eighth aspect may further include a storage module storing programs or instructions. When the processing module executes the program or instruction, the communication device can execute the communication method described in any one of the first aspect to the fourth aspect.

It should be noted that the communication device described in the fifth aspect or the seventh aspect may be an access network device, or a chip (system) or other components or components that can be set in the access network device, or a The device or system or network including the access network equipment is not limited in this application.

Similarly, the communication device described in the sixth aspect or the eighth aspect may be a terminal device, or a chip (system) or other components or components that may be installed in the terminal device, or may include the terminal device or system or network, which is not limited in this application.

In addition, the technical effects of the communication device described in the fifth aspect to the eighth aspect can refer to the technical effects of the communication method described in the first aspect to the fourth aspect, which will not be repeated here.

In a ninth aspect, a communication device is provided. The communication device includes: a processor, the processor is coupled to the memory, and the processor is used to execute the computer program stored in the memory, so that the communication device executes the communication method described in any one of the first aspect to the fourth aspect.

In a tenth aspect, a communication device is provided, including: a processor and a memory; the memory is used to store a computer program, and when the processor executes the computer program, the communication device executes any one of the first to fourth aspects. A communication method as described in one aspect.

In an eleventh aspect, there is provided a communication device, including: a processor; the processor is configured to be coupled to a memory, and after reading a computer program in the memory, execute the computer program as described in the first aspect to the fourth aspect according to the computer program. The communication method described in any aspect.

In a possible design solution, the communication device according to any one of the ninth aspect to the eleventh aspect may further include a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be used by the communication device to communicate with other communication devices. Optionally, the transceiver may include a receiver and a transmitter. Wherein, the receiver is used to realize the receiving function of the communication device, and the transmitter is used to realize the sending function of the communication device.

In this application, the communication device described in any one of the ninth to eleventh aspects may be a terminal device or an access network device, or a chip (system) that may be set in the terminal device or access network device or other parts or components, or devices that include the terminal equipment or access network equipment.

In addition, the technical effects of the communication device described in the ninth aspect to the eleventh aspect can refer to the technical effects of the communication method described in the first aspect to the fourth aspect, which will not be repeated here.

In a twelfth aspect, a communication system is provided. The communication system includes terminal equipment and access network equipment.

In a thirteenth aspect, there is provided a computer-readable storage medium, including: a computer program or an instruction; when the computer program or instruction is run on a computer, the computer is made to execute any one of the first to fourth aspects. communication method.

In a fourteenth aspect, a computer program product is provided, including a computer program or an instruction. When the computer program or instruction is run on a computer, the computer executes the communication method described in any one of the first to fourth aspects. .

Description of drawings

FIG. 1 is a schematic diagram of a protocol architecture of a communication system;

Figure 2 is a schematic diagram of high-level signaling with encryption measures;

FIG. 3 is a schematic flow diagram of performing physical layer scrambling on payload;

FIG. 4 is another schematic flow diagram of performing physical layer scrambling on the payload;

FIG. 5 is a schematic structural diagram of a communication system provided by an embodiment of the present application;

FIG. 6 is a first schematic flow diagram of a communication method provided by an embodiment of the present application;

FIG. 7 is a schematic diagram of phase rotation of a constellation point provided by an embodiment of the present application;

FIG. 8 is a schematic diagram of constellation point reordering provided by an embodiment of the present application;

FIG. 9 is a second schematic flow diagram of the communication method provided by the embodiment of the present application;

FIG. 10 is a third schematic flow diagram of the communication method provided by the embodiment of the present application;

FIG. 11 is an example diagram of the first rule provided by the embodiment of the present application;

FIG. 12 is a fourth schematic flow diagram of the communication method provided by the embodiment of the present application;

FIG. 13 is a schematic flow diagram five of the communication method provided by the embodiment of the present application;

FIG. 14 is a sixth schematic flow diagram of the communication method provided by the embodiment of the present application;

FIG. 15 is a schematic flow diagram VII of the communication method provided by the embodiment of the present application;

FIG. 16 is a first structural schematic diagram of a communication device provided by an embodiment of the present application;

FIG. 17 is a second schematic structural diagram of a communication device provided by an embodiment of the present application.

Detailed ways

As mentioned in the background, the existing encryption measures are only for high-level signaling, but no encryption measures are taken for the signaling of each protocol layer below the PDCP layer, resulting in low security of the underlying signaling. Further description will be given below in conjunction with FIG. 1 and FIG. 2 .

Exemplarily, FIG. 1 is a schematic diagram of a protocol architecture of a communication system. As shown in Figure 1, the communication system includes terminal equipment, access network equipment, and core network equipment. The terminal equipment includes NAS layer, RRC layer, PDCP layer, RLC layer, MAC layer and physical layer from top to bottom. Among them, the NAS layer is used for the NAS layer communication between the terminal device and the core network device, and the RRC layer, PDCP layer, RLC layer, MAC layer and physical layer are used for communication with the protocol layer with the same name in the access network device.

It should be noted that the protocol layer entities that are respectively deployed in the two devices and are used to implement the same name are usually referred to as peer protocol layer entities, that is, they are mutually peer protocol layer entities. For example, the NAS layer entity in the terminal device and the NAS layer entity in the core network device are a pair of peer-to-peer protocol layer entities. For another example, the RRC layer entity in the terminal device and the RRC layer entity in the access network device are another pair of peer-to-peer protocol layer entities.

It should be understood that when a certain protocol layer entity of the sending end device encrypts the signaling, the peer protocol layer entity of the receiving end device needs to decrypt the signaling to restore the original content of the signaling, that is, the net load (payload). Wherein, both the sending end device and the receiving end device may be terminal devices, one may be a terminal device and the other may be an access network device, or both may be access network devices. For example, one of the terminal device and the access network device is a sending end device, and the other is a receiving end device. For another example, one of the terminal device and the core network device is a sending end device, and the other is a receiving end device. For another example, one of the two terminal devices is a sending end device, and the other is a receiving end device.

It should be noted that the above-mentioned sending-end device and receiving-end device are relative to a transmission direction of a certain signaling or data that needs to be transmitted. Therefore, different signaling or data may correspond to different sending end devices and receiving end devices. For example, if device 1 sends a signaling to device 2, for the signaling, device 1 is the sending end device, and device 2 is the receiving end device. For another example, if device 2 sends data to device 1, then for the data, device 2 is the sending device, and device 1 is the receiving device.

It should be understood that, in addition to sending signaling and/or data, the sending end device can also receive signaling and/or data from other devices, and similarly, the receiving end device can also send signaling and/or data to other devices A device sends signaling and/or data, enabling communication with multiple devices or two-way communication.

The encrypted transmission process of the high-level signaling will be described below in conjunction with FIG. 1 . For the sending device, the RRC layer adds RRC layer encapsulation information to the original content of the RRC signaling (payload + parity bits), generates RRC signaling plaintext, and sends the RRC signaling plaintext and RRC key to the PDCP layer. The PDCP layer uses the RRC key to encrypt the payload of RRC signaling (RRC signaling plaintext) to generate RRC signaling ciphertext, and then adds PDCP encapsulation information to generate a PDCP protocol data unit (protocol data unit, PDU) (PDCP encapsulation information + RRC signaling ciphertext), and send the PDCP PDU to the RLC layer. Then, the RLC layer adds RLC encapsulation information to the PDCP PDU to generate an RLC PDU, and sends it to the MAC layer. The MAC layer adds MAC encapsulation information to the RLC PDU to generate a MAC PDU, and sends it to the physical layer. The physical layer performs channel coding, modulation, up-conversion and other operations on the MAC PDU, and sends it out through the radio frequency antenna.

For the receiving end device, the physical layer down-converts, demodulates and decodes the received signal containing the MAC PDU, restores the MAC PDU, and sends it to the MAC layer. The MAC layer removes the MAC layer encapsulation information in the MAC PDU, restores the RLC PDU (decapsulation), and sends it to the RLC layer, and the RLC layer removes the RLC layer encapsulation information in the RLC PDU, restores the PDCP PDU, and sends it to the PDCP layer. The PDCP layer removes the PDCP layer encapsulation information in the PDCP PDU, restores the RRC signaling ciphertext, and uses the RRC layer key issued by the RRC layer to decrypt the RRC signaling ciphertext, thereby restoring the RRC signaling plaintext and sending it to RRC layer. The RRC layer removes the RRC encapsulation information in the RRC PDU to obtain the original content (payload+check bits) of the RRC signaling. In other words, the decryption operation at the receiving end is the reverse process of the encryption operation at the sending end.

It is easy to understand that the RRC key used by the sending device for encryption and the RRC key used by the receiving device for decryption are usually generated based on the same key generation algorithm and key generation parameters to ensure that the sending and receiving ends use the same Keys for encryption or decryption operations.

Similarly, for NAS signaling, the encryption and decryption operations at the sending and receiving ends are similar to the encryption and decryption operations of RRC signaling, the difference is that the encryption and decryption operations target different high-level signaling. Specifically, for the sending end device, use the NAS key to encrypt the payload (NAS layer plaintext) of the NAS signaling to obtain the NAS layer ciphertext, and then add the NAS layer encapsulation information to generate a PDU (including the NAS layer encapsulation information and NAS layer ciphertext), and send the NAS PDU to the RRC layer. Similarly, for the receiving end device, it receives the NAS PDU recovered from the RRC layer, removes the NAS layer encapsulation information, obtains the NAS layer ciphertext, and then uses the NAS key to decrypt the NAS ciphertext, thereby recovering the NAS plaintext.

It should be noted that, for the encryption and decryption operations of each protocol layer from the RRC layer to the physical layer, reference may be made to the encryption and decryption operations of the RRC signaling. For example, for the NAS PDU sent by the NAS layer, the RRC layer can directly add/remove the RRC encapsulation information operation, or perform an RRC layer encryption and decryption operation on the NAS PDU to further improve the security of NAS signaling.

Exemplarily, FIG. 2 is a schematic diagram of high-level signaling with encryption measures. As shown in Figure 2, taking the procedures after the terminal equipment is powered on as an example, the high-level signaling involved in cell selection, random access, RRC connection establishment, authentication, NAS security, initial bearer establishment, and initial context establishment has encryption measures. Wherein, the signaling involved in cell selection mainly includes primary synchronization (primary synchronization signal, PSS), secondary synchronization (secondary synchronization signal) synchronization signal, SSS), main information block (main information block, MIB), system information block (system information block, SIB) 1, the signaling involved in random access mainly includes random access preamble (random access preamble, RAP) and Random access response (random access response, RAR), RRC connection establishment mainly includes registration request (RegistrationRequest), RRC connection establishment request (RRCSetupRequest), RRC connection establishment (RRCSetup) and RRC connection establishment completion (RRCSetupComplete), authentication involved information The signaling mainly includes authentication request (AuthenticationRequest) and authentication response (AuthenticationReponse), the signaling related to NAS security mainly includes security mode command (SecurityModeCommand) and security mode completion (SecurityModeComplete), and the signaling related to AS security mainly includes AS security mode command ( AS SecurityModeCommand) and AS security mode completion (AS SecurityModeComplete), the signaling involved in the default bearer establishment mainly includes RRC reconfiguration (RRCReconfiguration) and RRC reconfiguration completion (RRCReconfigurationComplete), the signaling involved in the initial context establishment mainly includes the initial context establishment request (InitialContextSetupRequest) and initial context establishment response (InitialContextSetupResponse).

It should be noted that the encryption measures of the above-mentioned high-level signaling involve encryption, integrity protection and anti-replay, and the above-mentioned high-level signaling is only a part of the high-level signaling involved in the existing encryption measures, and may also involve other high-level signaling. I won't repeat them here.

Combining Figure 1 and Figure 2, it can be known that the existing encryption measures are limited to high-level implementation, specifically, only RRC signaling and NAS signaling, and for bottom-level signaling, such as the signaling of each protocol layer below the RLC layer, There are no encryption measures, resulting in poor security of the underlying signaling.

In order to solve the problem that each protocol layer below the RLC layer does not take encryption measures, resulting in poor security of the underlying signaling, the prior art introduces a technical solution of using a scrambling key to encrypt the payload at the physical layer. The following two examples shown in Fig. 3 and Fig. 4 are specifically described.

Exemplarily, Fig. 3 and Fig. 4 are two examples of performing physical layer scrambling on the payload.

As shown in Figure 3, the sending end device can generate a scrambling key based on the private shared key or the latest parameters, and use the scrambling key to pair the payload (payload, also called the payload) before the channel encoding of the physical layer. ) to perform a scrambling operation (binary bit XOR, that is, bit-field encryption.

Optionally, the transmitting device can also perform phase rotation and reflection on the constellation points of quadrature phase shift keying (quadrature phase shift keying, QPSK) or quadrature amplitude modulation (quadrature amplitude modulation, QAM) based on the aggregated scrambling key , such as complex multiplication of the modulated payload and the modulated scrambling key, that is, complex domain encryption.

As shown in Figure 4, the sending device can use K (K≥2, K is a positive integer) bit aggregator (K-bit aggregator) to aggregate the payload into a K-bit sequence, and use M (M>K, M is positive integer) the bit aggregator aggregates the scrambled sequence into an M-bit permutation index, and then inputs the K-bit sequence and the M-bit permutation index into the permutator, and the permutator uses M bits for scrambling The index permutes the K-bit payload sequence, enabling bit-field encryption.

The above physical layer scrambling methods shown in Figure 3 and Figure 4 can use the scrambling key to scramble the bit field before encoding the payload, and/or, scramble the complex number field after encoding, which can achieve effective scrambling The role of the payload to increase the difficulty of cracking can be regarded as the realization of physical layer encryption.

However, the physical layer scrambling methods shown in Fig. 3 and Fig. 4 do not specify the specific generation of the scrambling key. It does not specify how to obtain the shared key or the latest parameters.

To this end, a physical layer communication method based on chaos system and Latin array is also introduced. The specific process is as follows: convert the binary information sequence of the payload into a complex vector C through serial-to-parallel conversion and constellation mapping, and obtain the plaintext data (plain_data) C of the information to be encrypted. Then, use the chaotic sequence to generate the key set {K1, K2, Latin matrix}, use K1 to add the phase of the plaintext data (phase rotation) to obtain the ciphertext E1; use K2 to multiply the corresponding elements of the ciphertext E1 (amplitude modulation) , to obtain the ciphertext E2; finally, according to the element values in the Latin matrix, the ciphertext E2 is rearranged and transformed to obtain the final ciphertext data E.

Specifically, the key set {K1, K2, Latin matrix} generation process is as follows:

Choose a chaotic system and initial parameters to generate chaotic sequence x _i .

Introduce the Extract function and the Latin matrix:
D _xi = mod(Extract( _xi ,12,13,14),256)/512;

Wherein, the extraction function is to extract multi-digit decimals of the decimal part of the input value x _i , such as the 12th, 13th, and 14th decimals, as a 3-digit integer to obtain the unpredictability of the key. According to the above formula, a set of random data D _xi between [0,0.5) can be obtained. Then, the key K1 (0≤K1≤2π) for phase rotation is obtained from K1= _Dxi ×4π, and the key K2 (0.75≤K2≤1.25) for amplitude transformation is obtained from K2= _Dxi +0.75.

Perform the following processing on _xi to obtain the sequence y _i ,
y _i =10 ⁶ x _i -floor(10 ⁶ x _i ), i=1,2,...,n;

Arrange y _i in ascending order to obtain the sorting information of y _i corresponding to serial number i, and construct a Latin matrix based on the sorting information, which is used for constellation point index transformation (constellation point rearrangement).

However, the physical layer encryption key used in the physical layer communication method based on the chaotic system and the Latin matrix is generated based on the chaotic system, but it does not explain how the initial parameters and bifurcation parameters of the chaotic system are obtained. In addition, the initial parameters need to be strictly kept secret to ensure that attackers cannot obtain the physical layer key. If the initial value remains unchanged for a long time, then the physical layer key generated based on the chaotic system is fixed. Security Risk.

In order to solve the problem of initial parameter acquisition and confidentiality, the embodiment of the present application provides a communication method, which can use the periodically updated first encryption parameter and second encryption parameter to generate a dynamic key, and does not need to transmit the key between the sending and receiving end devices. Key, and use the dynamic key to encrypt and decrypt the underlying signaling and data at the physical layer, thereby reducing the risk of leakage of the underlying signaling and improving the security of the underlying signaling.

It should be noted that, in the communication method provided by the embodiment of the present application, a physical layer encryption can be performed on the high-level signaling and data again, so as to further improve the security of the high-level signaling and data.

The technical solution in this application will be described below with reference to the accompanying drawings.

The technical solution of the embodiment of the present application can be applied to various communication systems, such as wireless fidelity (wireless fidelity, WiFi) system, vehicle to any object (vehicle to everything, V2X) communication system, device-to-device, D2D) communication system, Internet of Vehicles communication system, 4th generation (4G) mobile communication system, such as long term evolution (LTE) system, worldwide interoperability for microwave access (WiMAX) communication system, the fifth generation (5th generation, 5G) mobile communication system, such as the new air interface (new radio, NR) system, and future communication systems, such as the sixth generation (6th generation, 6G) mobile communication system, etc.

The present application will present various aspects, embodiments or feature. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Additionally, combinations of these schemes can also be used.

In addition, in the embodiments of the present application, words such as "exemplarily" and "for example" are used as examples, illustrations or descriptions. Any embodiment or design described herein as "example" is not to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of the word example is intended to present concepts in a concrete manner.

In this embodiment of the application, "information", "signal", "message", "channel", and "signaling" can sometimes be used interchangeably. It should be noted that, When the difference is not emphasized, the meanings they want to express are consistent. "的(of)", "corresponding (corresponding, relevant)" and "corresponding (corresponding)" can sometimes be used interchangeably. It should be pointed out that when the difference is not emphasized, the meanings they intend to express are consistent.

In the embodiment of the present application, sometimes a subscript such as W ₁ may be a clerical error into a non-subscript form such as W1. When the difference is not emphasized, the meanings they intend to express are consistent.

The network architecture and business scenarios described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. For the evolution of architecture and the emergence of new business scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.

In order to facilitate understanding of the embodiment of the present application, the communication system applicable to the embodiment of the present application is described in detail first.

Exemplarily, FIG. 5 is a schematic structural diagram of a communication system to which the communication method provided in the embodiment of the present application is applicable. As shown in Fig. 5, the communication system includes access network equipment and terminal equipment.

Wherein, the above-mentioned terminal device is a terminal that accesses the above-mentioned communication system and has a wireless transceiver function, or a chip or a chip system that can be set on the terminal. The terminal equipment may also be called a user device, an access terminal, a subscriber unit, a subscriber station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user device. The terminal device in the embodiment of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal device, an augmented reality (augmented reality, AR) terminal Equipment, wireless terminals in industrial control, wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, transportation safety ( Wireless terminals in transportation safety, wireless terminals in smart cities, wireless terminals in smart homes, vehicle-mounted terminals, RSUs with terminal functions, etc. The terminal device of the present application can also be a vehicle-mounted module, a vehicle-mounted module, a vehicle-mounted component, a vehicle-mounted chip, or a vehicle-mounted unit built into the vehicle as one or more components or units. The on-board component, on-board chip, or on-board unit can implement the communication method provided in this application.

The above-mentioned access network device is a device located on the network side of the above-mentioned communication system and has a wireless transceiver function, or a chip or a chip system that can be provided in the device. The access network device includes but is not limited to: an access point (access point, AP) in a wireless fidelity (WiFi) system, such as a home gateway, a router, a server, a switch, a bridge, etc., and an evolved node B (evolved Node B, eNB), radio network controller (radio network controller, RNC), node B (Node B, NB), base station controller (base station controller, BSC), base transceiver station (base transceiver station, BTS) , home base station (for example, home evolved NodeB, or home Node B, HNB), baseband unit (baseband unit, BBU), wireless relay node, wireless backhaul node, transmission point (transmission and reception point, TRP or transmission point, TP), etc., can also be 5G, such as , the gNB in the new air interface (new radio, NR) system, or, the transmission point (TRP or TP), one or a group (including multiple antenna panels) antenna panels of the base station in the 5G system, or, can also be composed of A gNB or a network node of a transmission point, such as a baseband unit (BBU), or a distributed unit (distributed unit, DU), a roadside unit (road side unit, RSU) with a base station function, etc.

The aforementioned core network equipment may include one or more of the following equipment in the core network: a mobility management entity (moblity management entity, MME), an access and mobility management function (access and mobility management function, AMF) network element, or other devices.

It should be noted that the communication method provided by the embodiment of the present application can be applied to the communication between the access network device and the terminal device shown in FIG. .

It should be noted that the solutions in the embodiments of the present application can also be applied to other communication systems, and the corresponding names can also be replaced with names of corresponding functions in other communication systems.

It should be understood that FIG. 5 is only a simplified schematic diagram for easy understanding, and the communication system may also include other devices, which are not shown in FIG. 5 .

The communication method provided by the embodiment of the present application will be described in detail below with reference to FIGS. 6-15 .

In some embodiments, the access network device and the terminal device may start physical layer encryption based on the trigger mechanism shown in FIG. 6 .

Exemplarily, FIG. 6 is a first schematic flowchart of a communication method provided by an embodiment of the present application. The communication method can be applied to the communication between the access network device and the terminal device in the communication system shown in FIG. 5 .

As shown in Figure 6, the method includes the following steps:

S601. The access network device sends first information to the terminal device, and the terminal device receives the first information from the access network device.

Wherein, the first information is used to instruct the terminal device to start physical layer encryption.

In a possible design solution, the first information may include high-level signaling parameters, and the first information may be carried in an RRC message. In view of the fact that in the existing encryption scheme, high-level signaling has encryption measures, it can ensure that the first information is transmitted in an encrypted manner to reduce the risk of leakage, thereby further improving security.

Exemplarily, the RRC message carrying the first information may include high-layer signaling such as a radio resource control (radio resource control, RRC) reconfiguration (RRCReconfiguration) message or other downlink RRC messages, which is not limited here.

In another possible design solution, the first information may also be carried in configuration information of a downlink hybrid automatic repeat reQuest (HARQ), for example, in downlink control information (DCI) The new data indicator (new data indicator, NDI) field transmission.

Specifically, the access network device may send the first information (for example, NDI=0) to the terminal device in a physical downlink control channel (physical downlink control channel, PDCCH). Among them, the PDCCH is used to indicate and schedule configuration information of a physical downlink shared channel (PDSCH) carrying user-specific parameters (UE-specific parameters) of the terminal device, such as time-frequency resources, demodulation and decoding parameters, etc. . Then, the access network device sends the PDSCH carrying the user-specific parameters to the terminal device.

S602. The terminal device sends second information to the access network device, and the access network device receives the second information from the terminal device.

Wherein, the second information indicates that the first information and the user-specific parameters are received successfully.

In a possible design solution, similar to the above first information, the second information may also be carried in the RRC message. Similarly, in view of the fact that in the existing encryption scheme, high-level signaling has encryption measures, it can ensure that the second information is transmitted in an encrypted manner to reduce the risk of leakage, thereby further improving security.

Exemplarily, the RRC message carrying the second information may include: RRC Reconfiguration Complete (RRCReconfigurationComplete) or other uplink RRC Complete (RRCComplete) message, which is not limited here.

It should be noted that the second information can be understood as the response information or feedback information of the first information. Through the interaction between the first information and the second information, the access network device and the terminal device can determine the timing of starting the operation process of physical layer encryption. Reaching an agreement, and generating the same key based on the preset rules described in S603 below, and performing physical layer encryption or decryption on the underlying signaling based on the same key, can avoid access network equipment and terminal equipment due to encryption timing, The underlying signaling transmission failure problem caused by the inconsistency of the encryption key and the understanding of the encrypted object can improve the reliability and security of the underlying signaling transmission.

In another possible design solution, if the terminal device has received the first information and user-specific parameters from the access network device, the terminal device may send the second information to the access network device. Wherein, the second information may be downlink HARQ feedback information, such as acknowledgment (ACKnowledgment, ACK), which may be carried in a physical uplink control channel (physical uplink control channel, PUCCH) for transmission.

It should be noted that, in the process of exchanging the first information and the second information based on the downlink HARQ process mechanism in S601-S602, the same downlink HARQ process may be used to simplify the operation process and improve efficiency.

Thus, after successfully receiving the first information and user-specific parameters from the access network device, the terminal device may send the second information to the access network device, and execute the following S603 to generate or update a key. Correspondingly, after the access network device receives the second information from the terminal device, it can be known that the terminal device has successfully received the first information and user-specific parameters, then the access network device can reverse the value of NDI, such as flipping to NDI =1, and execute the following S603 to generate or update the key.

In response to the success of receiving the first information, the access network device and the terminal device execute S603.

S603. The access network device and the terminal device generate a key based on a preset rule.

Specifically, the access network device and the terminal device may generate the first encryption parameter and the second encryption parameter based on the same rule, and generate a key generation parameter based on the first encryption parameter and/or the second encryption parameter, and generate the key The parameters are input into the same key generation model, so as to generate the same key. For specific implementation, refer to the method embodiment shown in FIG. 10 below, which will not be repeated here.

S604, the access network device and the terminal device use the key to perform physical layer encryption or decryption.

Specifically, the access network device and the terminal device can use the key generated in S603 to perform physical layer encryption or decryption on the same underlying signaling.

Take the downlink signaling and/or data as an example. The access network device is the sending end device, and the terminal device is the receiving end device. The key is used to encrypt the physical layer, which may include: the access network device uses the key to send the downlink The signaling and/or data constellation points perform one or more of the following operations: phase rotation, or rearrangement.

For the phase rotation of the constellation point, the phase encryption key K1 of the constellation point can be calculated first, K1=x*2π, K1∈ (-2π,2π). Then perform constellation phase rotation according to K1, S ^′ =S*e ^jK1 , where S is the constellation point before phase rotation, and S′ is the constellation point after phase rotation.

Exemplarily, FIG. 7 is a schematic diagram of constellation point phase rotation provided by an embodiment of the present application. As shown in Figure 7, the 4 black dots represent the QPSK constellation points without phase rotation, and the 4 circles represent the QPSK constellation points with phase rotation. Taking two points in the first quadrant of the IQ plane as an example, the two groups of constellations The phase deviation between points is K1. In this way, since the attacker does not know the amount of phase rotation, the attack difficulty can be increased, thereby improving security.

For constellation point index rearrangement, the random sequence x can be arranged first (in ascending or descending order) to obtain a random sequence z _m , z _m =x _n . Wherein, 1≤n≤N, 1≤m≤N, n, m, and N are all positive integers, and at least one of n and m exists, satisfying that n is not equal to m. Then, the rearranged index of [x ₁ ,...,x _N ] is extracted as the physical layer encryption key K, and the index rearrangement and scrambling are performed on the constellation points of the effective information.

Exemplarily, FIG. 8 is a schematic diagram of constellation point reordering provided by an embodiment of the present application. As shown in Figure 8, taking N=8 as an example, the elements in the random sequence x before sorting are s ₁ , s ₂ , s ₃ , s 4 , s ₅ , s ₆ , s ₇ _, s ₈ , and after sorting The elements in the random sequence z are s ₅ , s ₂ , s ₃ , s ₄ , s ₁ , s ₈ , s ₇ , s ₆ in sequence, and the index values before and after sorting are from 1, 2, 3, 4, 5, 6 , 7, 8 are changed to 5, 2, 3, 4, 1, 8, 7, 6, disrupting the arrangement order of each constellation point, which can be used to reassign sub-carriers (sub-carrier) for each constellation point, and also It is to disrupt the mapping relationship between constellation points and frequency domain resources, thereby increasing the attack difficulty and security.

It should be noted that the sorted index values may also be represented by a Latin matrix or other data structures, which is not limited in this embodiment of the present application. In addition, for the specific implementation manner of Latin matrix used for physical layer encryption, reference may be made to existing implementation manners, which will not be repeated here.

Then, the access network device sends the instruction and/or data encrypted at the physical layer to the terminal device.

Exemplarily, the access network device may send instructions and/or data encrypted at the physical layer to the terminal device through the Uu interface. For specific implementation, reference may be made to existing implementations, and details will not be described in this embodiment of the present application.

The end device then uses the key for physical layer decryption.

In a possible design scheme, using the key to perform physical layer decryption includes: the terminal device uses the key to perform one or more of the following operations on the constellation points of the received signaling and/or data: phase reverse rotation, Or rearrange the inverse transform. Wherein, the phase inverse rotation or rearrangement inverse transformation is the inverse process of the above phase rotation and rearrangement, respectively, which will not be repeated here.

In other words, the access network device and the terminal device can generate the first encryption parameter and the second encryption parameter based on the same rule, and generate a key based on the same key generation algorithm, which can ensure that the access network device and the terminal device use the same The key can be used for smooth communication, and there is no need to transmit the key between the access network device and the terminal device, which can avoid the risk of key leakage, thereby further improving security.

It should be noted that the above example is for the physical layer encryption and decryption of downlink signaling and/or data, and this operation is also applicable to the physical layer encryption and decryption of uplink signaling and/or data, which will not be repeated here. .

In addition, the communication method shown in FIG. 6 can also perform physical layer encryption and decryption on high-level signaling, such as NAS signaling, RRC signaling, and data, so as to further improve the high-level signaling that has been encrypted by high-level. and data cracking difficulty, thereby further improving the security of high-level signaling and data.

Further, the uplink and downlink signaling and/or data may exist independently, or both may exist. When there are at least two types of uplink and downlink signaling and/or data, dynamic keys can be customized for each signaling or data, so as to further improve security. For example, dynamic keys can be customized for uplink signaling, uplink data, downlink signaling, and downlink data, To independently perform physical layer encryption and decryption.

Based on the communication method shown in FIG. 6, the access network device and the terminal device can simultaneously start generating a key based on the same rule (such as a preset rule) by exchanging handshake information (such as first information and second information), and Using the key to encrypt and decrypt the underlying signaling at the physical layer can solve the problem that the existing encryption schemes do not encrypt the underlying signaling, thereby improving the communication security of the underlying signaling.

In some other embodiments, the access network device and the terminal device may also start the physical layer encryption process based on the trigger mechanism shown in FIG. 9 .

Exemplarily, FIG. 9 is a second schematic flowchart of the communication method provided by the embodiment of the present application. The communication method can be applied to the communication between the access network device and the terminal device in the communication system shown in FIG. 5 .

As shown in Figure 9, the method includes the following steps:

S901. The access network device sends third information to the terminal device, and the terminal device receives the third information from the access network device.

Wherein, the third information is used to indicate the transmission of the first data. The first data may be a user-specific parameter sent by the terminal device to the access network device, and the third information may be carried in a new data indicator (new data indicator, NDI) field of the DCI.

For example, the access network device may send the third information to the terminal device in the NDI field of the DCI carrying the configuration information of the uplink HARQ process, for example, NDI=0 may be used to indicate the third information, and the DCI is used to indicate the uplink physical sharing Channel (physical uplink shared channel, PUSCH) configuration information, the PUSCH is used by the terminal device to send user-specific parameters to the access network device.

S902. The access network device determines that the first data transmission is successful.

Specifically, if the access network device receives the user-specific parameters from the terminal device on the PUSCH configured in S901, it can be determined that the terminal device has successfully received the third information, and the access network device can generate the following fourth Information, for example, the value of NDI may be reversed, that is, NDI=1, to notify the terminal device to start physical layer encryption.

If the access network device responds and the first data transmission is successful, and the terminal device succeeds in the first data transmission, the access network device and the terminal device execute S903.

S903. The access network device sends fourth information to the terminal device, and the terminal device receives the fourth information from the access network device.

Wherein, the fourth information is used to indicate the transmission of the second data, and is also used to indicate that the key used for encryption or decryption at the physical layer needs to be updated. The second data is different from the first data. In other words, when the next data needs to be transmitted, the access network device instructs the terminal device to update the key, so as to further improve security.

Specifically, similar to the third information, the fourth information may also be carried in the NDI field of the DCI.

Thus, after the access network device successfully receives the user-specific parameter from the terminal device, it can send the fourth information to the terminal device, and execute the following S904 to update the key. Correspondingly, when the terminal device detects that the values of the third information and the fourth information are different, it can know that the access network device has successfully received the user-specific parameters from the terminal device, and then the terminal device can execute the following S904, to update the key. That is to say, the fourth information is used to indicate that the value of the fourth information in the NDI field is a flip value (such as flipping from 0 to 1) of the value of the third information in the NDI field: it is used for physical layer encryption Or the decryption key needs to be updated.

S904, the access network device and the terminal device generate a key based on a preset rule.

Specifically, the access network device and the terminal device can generate the first encryption parameter and the second encryption parameter based on the same rule parameter, and generate a key generation parameter based on the first encryption parameter and/or the second encryption parameter, and input the key generation parameter into the same key generation model to generate the same key, the specific implementation can refer to the following figure The method embodiment shown in 8 will not be repeated here.

S905. The access network device and the terminal device use the key to encrypt or decrypt the second data at the physical layer.

The access network device and the terminal device can use the key generated in S904 to perform physical layer encryption or decryption operations on the same underlying signaling.

It should be noted that the above-mentioned first data and second data may be data agreed between the access network device and the terminal device, may be signaling, or may be data, which are not limited here.

Based on the communication method shown in FIG. 9, the access network device and the terminal device can simultaneously start generating a key based on the same rule (such as a preset rule) by exchanging handshake information (such as third information and fourth information), and Using the key to encrypt and decrypt the underlying signaling at the physical layer can solve the problem that the existing encryption schemes do not encrypt the underlying signaling, thereby improving the security of the underlying signaling.

In some embodiments, the above preset rules may include a first rule, a second rule and a third rule. Correspondingly, generating a key based on a preset rule may be specifically implemented as the communication method shown in FIG. 10 .

As shown in Figure 10, the method includes the following steps:

S1001. The access network device and the terminal device acquire a first encryption parameter based on a first rule.

Wherein, the first rule includes: selecting multiple first fields in multiple first messages based on a first selection rule, and combining multiple first fields based on a first combination rule to obtain a first encryption parameter. Wherein, the first message may include one or more of the following: RRC signaling, or NAS signaling. When the first message includes NAS signaling, it may be provided by the terminal device to the access network device.

Optionally, the first encryption parameter is determined according to one or more of the following: a high-level signaling parameter, or a first random number.

Wherein, the higher layer signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters.

The above RRC layer signaling parameters may include one or more of the following: downlink RRC layer signaling parameters, or uplink RRC layer signaling parameters. Exemplarily, the downlink RRC layer signaling may include downlink signaling involved in processes such as cell selection, random access, RRC connection establishment, default bearer establishment, and AS security shown in FIG. 2 above, and the uplink RRC layer signaling may It includes the uplink signaling involved in the processes of cell selection, random access, RRC connection establishment, default bearer establishment, AS security and the like shown in the above-mentioned FIG. 2 .

Optionally, the downlink RRC layer signaling parameters include: user-level physical channel configuration parameters. Exemplarily, the user-level physical channel configuration parameters may include configuration parameters of one or more physical channels as follows: physical downlink control channel (physical downlink control channel, PDCCH), physical downlink shared channel (physical downlink shared channel, PDSCH), physical Uplink control channel (physical uplink control channel, PUCCH), physical uplink shared channel (physical uplink shared channel, PUSCH), specific parameters can include start and length indicator value (start and length indicator, SLIV), control resource set (control- resource set, CORESET), UE specific search space (UE specific search space, USS), etc.

The foregoing NAS layer signaling parameters may include one or more of the following: downlink NAS layer signaling parameters, or uplink NAS layer signaling parameters. Exemplarily, the downlink NAS layer signaling may include downlink signaling involved in processes such as authentication, NAS security, registration, and initial context establishment shown in FIG. 2 , and the uplink NAS layer signaling may include Including uplink signaling involved in processes such as authentication, NAS security, registration, and initial context establishment shown in FIG. 2 above.

Correspondingly, the NAS layer signaling parameters may include uplink NAS layer signaling parameters and downlink NAS layer signaling parameters, and the terminal device may send the uplink NAS layer signaling parameters to the access network device after determining the uplink NAS layer signaling parameters, and/or, the terminal device may After analyzing the downlink NAS layer signaling, the downlink NAS layer signaling parameters are obtained and sent to the access network device. For example, the terminal device may send NAS layer signaling parameters to the access network device by using uplink RRC layer signaling and/or an uplink data channel.

The above-mentioned first random number may be provided by the access network device and/or the terminal device, for example, it may be a random parameter defined in the protocol, or a newly added random parameter, which is not limited here.

It should be noted that the first encryption parameter may be provided by the access network device (please refer to the following S1201 and S1401), or may be provided by the access network device (please refer to the following S1301 and S1501), which is not limited here.

The following describes how to generate the first encryption parameter according to the following first rule based on the unpredictable parameter in the RRC signaling message with an example.

Based on the first selection rule, select two 16-bit (or four 8-bit) unpredictable parameters x and y, such as the demodulation reference signal (demodulation reference signal, DMRS) of the PDCCH in the control resource set (ControlResourceSet) ), the scrambling code ID 0 (scramblingID0, 0,1,...,65535) in the DMRS downlink configuration (DMRS-DownlinkConfig) or the scrambling code ID 1 (scramblingID1, 0, 1,..., 65535), scrambling ID 0 (scramblingID0, 0, 1,..., 65535) or scrambling ID 1 (scramblingID1, 0 ,1,...,65535) etc.

Based on the first combination rule, please refer to Fig. 11, set the final output bit length N=32, and the single bit combination length M=1/2/4/8/16, then the 16-bit x and y are divided into M bits respectively K=N/M(16/8/4/2/1) bit combinations, the K bit combinations of x and the K combination of y are stored interleaved, and the first encryption parameter z of a 32-bit random number is output, z∈ (0,...,2^32-1].

It should be noted that the above example is only for illustrating an example of generating the first encryption parameter, and the access network device and the terminal device may also use other combination rules to generate the first encryption parameter based on other RRC signaling and/or NAS signaling. The encryption parameters are not limited in this embodiment of the application.

S1002. Acquire a second encryption parameter based on the second rule.

Wherein, the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter, and the second rule includes: selecting a plurality of second messages based on the second selection rule the second field, and combine a plurality of second fields by using a second combination rule to obtain a second encryption parameter.

Wherein, the second encryption parameter includes one or more of the following: a measurement value, or a second random number, and the measurement value includes one or more of the following: a downlink physical layer measurement value, an uplink physical layer measurement value, or a downlink RRC layer measurement value.

Specifically, the downlink physical layer measurement value or the downlink RRC layer measurement value may be provided by the terminal device (please refer to the following S1202 and S1302), and the uplink physical layer measurement value may be provided by the access network device (please refer to the following S1402 and S1502) .

Wherein, the downlink physical layer measurement value may include one or more of the following: channel measurement value and beam measurement value of the serving cell.

Exemplarily, the channel measurement value may include: a precoding matrix indicator (precoding matrix indicator, PMI), channel quality indicator (chanel quality indicator, CQI), rank indicator (rank indicator, RI), etc., the beam measurement value may include the beam identifier and the corresponding reference signal receiving power (reference signal receiving power, RSRP), reference signal receiving power Power (reference signal receiving quality, RSRQ), received signal strength indicator (received signal strength indicator, RSSI), etc.

Exemplarily, the downlink RRC layer measurement value may include one or more of the following: beam measurement values of the serving cell and neighboring cells. Wherein, the beam measurement value may include a beam identifier and corresponding RSRP, RSRQ, RSSI and the like.

Exemplarily, the uplink physical layer measurement value may include one or more of the following: RSRP, signal to interference plus noise ratio (signal to interference plus noise ratio, SINR), sub-band (sub-band) singular value decomposition (singular value decomposition, SVD), which can be obtained based on the measurement results of uplink signals, such as sounding reference signal (sounding reference signal, SRS) and DMRS.

The above-mentioned second random number may be provided by the access network device and/or the terminal device, and may be a random parameter defined in the protocol or a newly added random parameter, which is not limited in this application.

It should be noted that both the first encryption parameter and the second encryption parameter may be generated by the terminal device and the access network device based on the same rules using the above-mentioned relevant parameters provided by the terminal device and the access network device. Wherein, the same rule may be to select the same bit field of the same parameter, and combine them into the first encryption parameter and the second encryption parameter in the same order.

In addition, both the first encryption parameter and the second encryption parameter can use high-precision floating-point numbers, and when the key is generated in the following S1003, some or all bits of the first encryption parameter and the second encryption parameter are selected based on another same rule as Key generation parameters to increase the randomness of the key generation parameters to further improve security.

Wherein, the update period T1 of the first encryption parameter is greater than the update period T2 of the second encryption parameter. For example, the update period T1 of the first encryption parameter can be at the second level, such as 5 seconds, 10 seconds, 20 seconds, etc., and the update period T2 of the second encryption parameter can be at the millisecond level, such as 40 milliseconds, 80 milliseconds, and 160 milliseconds wait.

For ease of operation, the update period T1 of the first encryption parameter may be an integer multiple of the update period T2 of the second encryption parameter. In this way, it can be ensured that the time boundary of the update period T1 of the first encryption parameter is aligned with the time boundary of the update period T2 of the second encryption parameter, and it can be ensured that the transceiver device updates the key based on the same key update period, so as to avoid Issues with inconsistent keys being used, thus improving reliability. For example, the start time t1 of the update period T1 of the first encryption parameter may be aligned with the start time t2 of the first period in the update period T2 of the second encryption parameter, that is, t1=t2. For another example, the end time t3 of the update period T1 of the first encryption parameter may be aligned with the end time t4 of the last period in the update period T2 of the second encryption parameter, that is, t3=t4.

In other words, both the first encryption parameter and the second encryption parameter can be jointly determined according to multiple parameters that are periodically updated, which can make the generated key unpredictable and random, thereby increasing the difficulty of cracking and further improving security.

Regarding the specific implementation of the second selection rule and the second combination rule in the second rule, reference may be made to the relevant content of the first selection rule and the first combination rule in the first rule above, and details are not repeated here.

Those skilled in the art should understand that in the process of generating the first encryption parameter and the second encryption parameter, the sources of the two are different, and there may also be one or more of the following differences: different field selection rules, or field combination rules different to ensure the randomness of the first encryption parameter and the second encryption parameter, thereby further improving security.

S1003. Based on the third rule, generate a key generation parameter of the key algorithm model by using the first encryption parameter and the second encryption parameter.

Wherein, the third rule includes: selecting multiple third fields in the first encryption parameter based on the third selection rule, and/or, multiple fourth fields in the second encryption parameter, and combining multiple The third field, and/or, multiple fourth fields, obtain key generation parameters of the key algorithm model.

Regarding the specific implementation of the third selection rule and the third combination rule in the third rule, reference may be made to the relevant content of the first selection rule and the first combination rule in the first rule above, and details will not be repeated here.

Wherein, the key algorithm model may adopt a chaotic key generation algorithm model based on Latin matrix, such as a chaos logistic model, a chaos Chebyshev model, etc., which are not limited here.

Specifically, the key generation parameters include an initial parameter and a bifurcation parameter, the initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the bifurcation parameter may also be determined according to the first encryption parameter and/or the second encryption parameter, And the first encryption parameter is different from the second encryption parameter.

Please continue to refer to the example in S1001, assuming a chaotic logic model, you can choose to set the initial parameter y_0=z/2^32, y∈(0.0,1.0), or you can choose to set the chaotic bifurcation parameter μ=3.569945672+z/2 ^32*(4-3.569945672), 3.569945672<μ≤4.0.

It should be noted that when the initial parameter of the key algorithm model is determined by the first encryption parameter, the bifurcation parameter of the key algorithm model can be determined by the second encryption parameter, or when the initial parameter of the key algorithm model is determined by the second encryption parameter When the parameters are determined, the bifurcation parameter of the key algorithm model can be determined by the first encryption parameter, or although the initial parameter and the bifurcation parameter are both determined by the first encryption parameter and the second encryption parameter, the generation rules are different, as described above The first rule is different from the second rule to ensure the randomness of initial parameters and bifurcation parameters, thereby further improving security.

S1004. Input key generation parameters into the key algorithm model to generate a key.

Specifically, the following steps may be included:

Step 1. Determine the initial parameters and bifurcation parameters of the chaotic model, and input the initial parameters and bifurcation parameters into the chaotic model to obtain a random sequence y.

In the following, P is used to represent the first encryption parameter, and Q is used to represent the second encryption parameter, and three examples are used for description.

Example 1, using a chaotic logic model, and setting the initial parameter of the chaotic logic model (chaos initial value) y ₀ =P, the bifurcation parameter (chaos bifurcation parameter) μ=Q, or setting the initial parameter of the chaotic logic model y ₀ = Q, bifurcation parameter μ=P, and then input the initial parameters and bifurcation parameters into the chaotic logic model to obtain a random sequence y. Among them, the mathematical expression formula of the chaotic logic model is as follows:
y _n+1 = μ*y _n (1-y _n ), y∈(0.0,1.0), 3.569945672<μ≤4.0.

Example 2, using the chaotic Chebyshev model, and setting the initial parameter y ₀ =P of the chaotic Chebyshev model, the bifurcation parameter μ=Q, or setting the initial parameter y ₀ =Q of the chaotic Chebyshev model, the bifurcation parameter μ=P, and then input the initial parameters and bifurcation parameters into the following chaotic Chebyshev model to obtain a random sequence y. Among them, the mathematical expression formula of the chaotic Chebyshev model is as follows:
y _n+1 = cos(μ*cos ⁻¹ (y _n )), y∈(-1.0, 1.0), 2.0<μ.

Example 3, using a two-level chaotic model including a chaotic logic model and a chaotic Chebyshev model, the generation method of the initial parameters and bifurcation parameters of the first-level chaotic model can refer to the above-mentioned example 1 and example 2, and the latter one One of the initial parameters and bifurcation parameters of the chaotic model can be determined according to the output of the previous chaotic model, and others can still be determined by using Example 1 and Example 2 to further improve the randomness of the random sequence y, so that Further improve security.

Step 2, obtain the random sequence x through the following calculation. Among them, x is a high-precision floating-point sequence, and the value ranges from -1 to 1:
x=1-2*y, x∈(-1.0, 1.0).

In step 3, the time series x is used as a chaotic sequence to generate a key matrix. The specific implementation can refer to the above-mentioned physical layer communication method based on a chaos system (chaos system) and a Latin matrix, and will not be described here.

It should be noted that the above steps 1 to 3 are only examples, and other types of key generation models may also be used to generate keys, which are not limited in this application.

In addition, both the first encryption parameter and the second encryption parameter can be high-precision floating-point numbers that are periodically updated (the update periods are T1 and T2, respectively, and T1>T2), and the length of the random sequence generated by the chaotic model is very large. The generated key sequence is very long, and each signaling and/or data within a period of time T2 can be encrypted with a different key, thereby further increasing the difficulty of cracking and security.

The length of the chaotic sequence may support different physical layer keys for each signaling and data within a period of time T2. For example, assuming that the update period T2 of the second encryption parameter is 20 milliseconds, there are a total of 40 time slots, and each time slot requires 5,000 constellation points for physical layer encryption, then the length of the chaotic sequence that can be generated can be 40*5000=200000 In this way, the physical layer encryption key used in each time slot is different to further improve security.

It is worth noting that the above operations of generating the first encryption parameter and the second encryption parameter and generating a key based on the first encryption parameter and the second encryption parameter are independently performed by the access network device and the terminal device based on the same rules , there is no need to transmit key generation parameters and keys, but only various messages for determining the first encryption parameters and the second encryption parameters need to be transmitted, which can further reduce the risk of key leakage.

Moreover, among the various parameters used to determine the first encryption parameter and the second encryption parameter, the high-level parameters may also be transmitted after being encrypted (using existing high-level encryption measures), so as to further improve security.

In addition, although the physical layer parameters among the various parameters used to determine the first encryption parameter and the second encryption parameter have not been encrypted, since the update period of these parameters is very short (usually millisecond level, such as the measurement period), and subsequent The specific rules for determining the first encryption parameter and the second encryption parameter according to these physical layer parameters, and the key generation algorithm are respectively built in the access network device and the terminal device, and do not need to be transmitted. Therefore, it is difficult for an attacker to obtain the correct key in such a short period of time and implement an effective attack, thereby further improving security.

The above-mentioned first encryption parameter and second encryption parameter can be provided separately by the terminal device, can also be provided separately by the access network device, and can also be provided jointly by the terminal device and the access network device, as shown below in conjunction with Figure 12-Figure 15 A few examples are given to illustrate.

Exemplarily, FIG. 12 is a fourth schematic flowchart of an example of the communication method provided by the embodiment of the present application. As shown in Figure 12, the method specifically includes the following steps:

S1201. The access network device sends a first encryption parameter to the terminal device.

Specifically, after the access network device determines the first encryption parameter, it can send the first encryption parameter to the terminal device through the Uu interface. - An encryption parameter. Wherein, the first encryption parameter may include one or more of the following: downlink RRC layer signaling parameters, or a first random number.

For the specific content and determination method of the downlink RRC layer signaling parameters and the first random number, reference may be made to S1001, which will not be repeated here.

S1202. The terminal device sends the second encryption parameter to the access network device.

Specifically, after determining the second encryption parameter, the terminal device may send the second encryption parameter to the access network device through the Uu interface. Wherein, the second encryption parameter may include one or more of the following: a downlink physical layer measurement value, a downlink RRC layer measurement value, or a second random number.

For the specific content and determination method of the downlink physical layer measurement value, the downlink RRC layer measurement value, or the second random number, reference may be made to S1002, which will not be repeated here.

It should be noted that both S1201 and S1202 may be steps performed periodically, and the execution period of S1201 is longer than the execution period of S1202. In other words, within one execution period of S1201, S1202 may be executed multiple times, so as to realize that the update period T1 of the first encryption parameter is greater than the update period T2 of the second encryption period.

S1203. The terminal device and the access network device generate a key based on the first encryption parameter and the second encryption parameter.

For the specific implementation of key generation, reference may be made to S1003, which will not be repeated here.

S1204. The terminal device and/or the access network device encrypts the signaling and/or data at the physical layer based on the key.

Wherein, S1204, the terminal device and/or the access network device encrypts the signaling and/or data at the physical layer based on the key, which may specifically be implemented as one or more of the following:

S1204A, the terminal device encrypts the uplink signaling and/or data at the physical layer based on the key; or,

S1204B, the access network device encrypts the downlink signaling and/or data at the physical layer based on the key.

For the specific implementation of physical layer encryption, reference may be made to S604, which will not be repeated here.

S1205. Transmit signaling and/or data encrypted at the physical layer between the terminal device and the access network device.

Among them, S1205, the transmission of signaling and/or data encrypted at the physical layer between the terminal device and the access network device may be specifically implemented as one or more of the following:

S1205A, the terminal device sends the uplink signaling and/or data encrypted by the physical layer to the access network device; or,

S1205B, the access network device sends the downlink signaling and/or data encrypted at the physical layer to the terminal device.

S1206. The access network device and/or the terminal device decrypts the signaling and/or data encrypted at the physical layer based on the key.

Wherein, S1206, the access network device and/or the terminal device decrypts the signaling and/or data encrypted by the physical layer based on the key, which may be specifically implemented as one or more of the following:

S1206A, the access network device decrypts the uplink signaling and/or data encrypted by the physical layer based on the key; or,

S1206B, the terminal device decrypts the downlink signaling and/or data encrypted by the physical layer based on the key.

For the specific implementation of physical layer decryption, reference may be made to S604, which will not be repeated here.

S1207, within each update period T2 of the second decryption parameter, repeatedly execute the above S1202-S1206.

S1208, within each update period T1 of the first decryption parameter, repeatedly execute the above S1201-S1207.

Exemplarily, FIG. 13 is a fifth schematic flowchart of a communication method provided by an embodiment of the present application. As shown in Figure 13, the method specifically includes the following steps:

S1301. The terminal device sends a first encryption parameter to the access network device.

Specifically, after determining the first encryption parameter, the terminal device may send the first encryption parameter to the access network device through the Uu interface. Wherein, the first encryption parameter may include one or more of the following: uplink RRC layer signaling parameters, NAS layer signaling parameters, or a first random number.

For the specific content and determination method of the uplink RRC layer signaling parameters, NAS layer signaling parameters, or the first random number, reference may be made to S1001, which will not be repeated here.

S1302. The terminal device sends the second encryption parameter to the access network device.

Specifically, after acquiring the second encryption parameter, the terminal device may send the second encryption parameter to the access network device through the Uu interface. Wherein, the second encryption parameter may include one or more of the following: a downlink physical layer measurement value, a downlink RRC layer measurement value, or a second random number.

It should be noted that both S1301 and S1302 may be steps executed periodically, and the execution period of S1301 is longer than the execution period of S1302. In other words, within one execution period of S1301, S1302 may be executed multiple times, so as to realize that the update period T1 of the first encryption parameter is greater than the update period T2 of the second encryption period.

S1303. The terminal device and the access network device generate a key based on the first encryption parameter and the second encryption parameter.

S1304. The terminal device and/or the access network device encrypts the signaling and/or data at the physical layer based on the key.

S1305. Transmit signaling and/or data encrypted at the physical layer between the terminal device and the access network device.

S1306. The access network device and/or the terminal device decrypts the signaling and/or data encrypted at the physical layer based on the key.

For the specific implementation of S1304-S1306, reference may be made to S1204-S1206, which will not be repeated here.

S1307, within each update period T2 of the second decryption parameter, repeatedly execute the above S1302-S1306.

S1308, within each update period T1 of the first decryption parameter, repeatedly execute the above S1301-S1307.

Exemplarily, FIG. 14 is a sixth schematic flowchart of an example of the communication method provided by the embodiment of the present application. As shown in Figure 14, the method specifically includes the following steps:

S1401. The access network device sends a first encryption parameter to the terminal device.

Specifically, after the access network device determines the first encryption parameter, it may send the first encryption parameter to the terminal device through the Uu interface. Wherein, the first encryption parameter may include one or more of the following: downlink RRC layer signaling parameters, or a first random number.

For the specific content and determination method of the downlink RRC layer signaling parameters or the first random number, reference may be made to S1001 , which will not be repeated here.

S1402. The access network device sends the second encryption parameter to the terminal device.

Specifically, after the access network device determines the second encryption parameter, it may send the second encryption parameter to the terminal device through the Uu interface. Wherein, the second encryption parameter may include one or more of the following: an uplink physical layer measurement value, or a second random number.

For the specific content and determination method of the uplink physical layer measurement value or the second random number, reference may be made to S1002, which will not be repeated here.

It should be noted that both S1401 and S1402 may be steps executed periodically, and the execution cycle of S1401 is longer than the execution cycle of S1402. In other words, within one execution cycle of S1401, S1402 can be executed multiple times, In order to realize that the update period T1 of the first encryption parameter is greater than the update period T2 of the second encryption period.

S1403. The terminal device and the access network device generate a key based on the first encryption parameter and the second encryption parameter.

S1404. The terminal device and/or the access network device encrypts the signaling and/or data at the physical layer based on the key.

S1405. Transmit signaling and/or data encrypted at the physical layer between the terminal device and the access network device.

S1406. The access network device and/or the terminal device decrypts the signaling and/or data encrypted at the physical layer based on the key.

For the specific implementation of S1404-S1406, reference may be made to S1204-S1206, which will not be repeated here.

S1407, within each update period T2 of the second decryption parameter, repeatedly execute the above S1402-S1406.

S1408, within each update period T1 of the first decryption parameter, repeatedly execute the above S1401-S1407.

Exemplarily, FIG. 15 is a seventh schematic flowchart of the communication method provided by the embodiment of the present application. As shown in Figure 15, the method specifically includes the following steps:

S1501. The terminal device sends a first encryption parameter to the access network device.

S1502. The terminal device sends the second encryption parameter to the access network device.

It should be noted that both S1501 and S1502 may be steps executed periodically, and the execution cycle of S1501 is longer than the execution cycle of S1502. In other words, within one execution period of S1501, S1502 may be executed multiple times, so as to realize that the update period T1 of the first encryption parameter is greater than the update period T2 of the second encryption period.

S1503. The terminal device and the access network device generate a key based on the first encryption parameter and the second encryption parameter.

S1504. The terminal device or the access network device encrypts the signaling and/or data at the physical layer based on the key.

S1505. Transmit signaling and/or data encrypted at the physical layer between the terminal device and the access network device.

S1506. The access network device and/or the terminal device decrypts the signaling and/or data encrypted at the physical layer based on the key.

For the specific implementation of S1504-S1506, reference may be made to S1204-S1206, which will not be repeated here.

S1507, within each update period T2 of the second decryption parameter, repeatedly execute the above S1502-S1506.

S1508, within each update period T1 of the first decryption parameter, repeatedly execute the above S1501-S1507.

Based on the communication method shown in any one of Fig. 6, Fig. 9, Fig. 10, or Fig. 12-Fig. The key is transmitted between the receiving and receiving end devices, and the dynamic key is used to encrypt and decrypt the underlying signaling at the physical layer to reduce the risk of leakage of the underlying signaling risk, thereby improving the security of the underlying signaling.

Further, the communication method provided by the embodiment of the present application can also perform encryption and decryption on the high-level signaling (NAS signaling, RRC signaling) and/or data at the physical layer to further improve the performance of the high-level signaling. Encrypted high-level signaling and data are difficult to decipher, thereby further improving the security of high-level signaling and data.

The communication method provided by the embodiment of the present application is described in detail above with reference to FIGS. 6-15 . The communication device for performing the communication method provided by the embodiment of the present application will be described in detail below with reference to FIG. 16-FIG. 17 .

Exemplarily, FIG. 16 is a first schematic structural diagram of a communication device provided by an embodiment of the present application. As shown in FIG. 16 , a communication device 1600 includes: a processing module 1601 and a transceiver module 1602 . For ease of illustration, FIG. 16 shows only the main components of the communication device.

In some embodiments, the communication apparatus 1600 may be applicable to the communication system shown in FIG. 5 , and perform the function of the access network device in the communication method shown in FIG. 6 or FIG. 8 .

Wherein, the transceiver module 1602 is configured to send the first information to the terminal device, and receive second information from the terminal device in response to the first information being received successfully; the second information indicates that the first information is successfully received. The processing module 1601 is configured to generate a key based on preset rules, and use the key to perform physical layer encryption or decryption.

In some other embodiments, the communication apparatus 1600 may be applicable to the communication system shown in FIG. 5 , and perform the functions of the terminal equipment in the communication method shown in FIG. 6 or FIG. 8 .

Wherein, the transceiver module 1602 is configured to receive first information from the access network device, and send second information to the access network device in response to the first information being received successfully; the second information indicates that the first information is successfully received. The processing module 1601 is configured to generate a key based on preset rules, and use the key to perform physical layer encryption or decryption.

In some other embodiments, the communication device 1600 may be applicable to the communication system shown in FIG. 5 , and perform the function of the access network device in the communication method shown in FIG. 7 or FIG. 8 .

Wherein, the transceiver module 1602 is configured to send third information to the terminal device, where the third information is used to indicate the transmission of the first data. The processing module 1601 is configured to determine that the first data transmission is successful. The transceiver module 1602 is further configured to send fourth information to the terminal device in response to the successful transmission of the first data; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate that it is used for physical layer encryption or The decryption key needs to be updated, and the second data is different from the first data. The processing module 1601 is further configured to generate a key based on preset rules, and use the key to perform physical layer encryption or decryption on the second data.

In still some embodiments, the communication device 1600 may be applicable to the communication system shown in FIG. 5 , and perform the functions of the terminal equipment in the communication method shown in FIG. 7 or 8 .

Wherein, the transceiver module 1602 is configured to receive third information from the access network device, where the third information is used to indicate the transmission of the first data. The transceiver module 1602 is further configured to receive fourth information from the access network device when the first data transmission is successful; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate the used The key for encryption or decryption at the physical layer needs to be updated, and the second data is different from the first data. The processing module 1601 is configured to generate a key based on preset rules, and use the key to perform physical layer decryption or encryption on the second data.

Wherein, the third information and the fourth information are carried in the new data indication NDI field of the downlink control information.

In a possible design solution, the preset rules include a first rule, a second rule and a third rule. Correspondingly, the processing module 1601 is further configured to perform the following steps: obtain the first encryption parameter based on the first rule; obtain the second encryption parameter based on the second rule; the update period of the first encryption parameter is greater than the update period of the second encryption parameter cycle, And the first encryption parameter is different from the second encryption parameter; based on the third rule, use the first encryption parameter and the second encryption parameter to generate a key generation parameter of the key algorithm model; input the key generation parameter into the key algorithm model, Generate keys. Wherein, the first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining a plurality of first fields based on a first combination rule to obtain a first encryption parameter; the second rule includes: Selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining a plurality of second fields using a second combination rule to obtain a second encryption parameter; the third rule includes: selecting the first encryption parameter based on the third selection rule A plurality of third fields in an encryption parameter, and/or a plurality of fourth fields in a second encryption parameter, and a third combination rule is used to combine a plurality of third fields, and/or a plurality of fourth fields, to obtain Key generation parameters for the key algorithm model.

Specifically, the key generation parameters include an initial parameter and a bifurcation parameter, the initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter is different from the bifurcation parameter.

In a possible design solution, the processing module 1601 is specifically configured to perform the following steps: using a key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement. Alternatively, the key is used to perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.

Optionally, the transceiver module 1602 may include a sending module and a receiving module (not shown in FIG. 16 ). Wherein, the sending module is used to realize the sending function of the communication device 1600 , and the receiving module is used to realize the receiving function of the communication device 1600 .

Optionally, the communication device 1600 may further include a storage module (not shown in FIG. 16 ), where programs or instructions are stored in the storage module. When the processing module 1601 executes the program or instruction, the communication device 1600 can execute the communication method shown in any one of FIG. 6-FIG. 8 or FIG. 12-FIG. 15 .

It should be noted that the communication device 1600 may be an access network device, or a chip (system) or other components or components that may be set in the access network device, or a device that includes the access network device. There is no limit to this.

In addition, for the technical effects of the communication device 1600, reference may be made to the technical effects of the communication methods described in the foregoing method embodiments, which will not be repeated here.

Exemplarily, FIG. 17 is a second structural schematic diagram of a communication device provided by an embodiment of the present application. The communication device may be a terminal device or an access network device, or may be a chip (system) or other components or components that may be provided in the terminal device or the access network device. As shown in FIG. 17 , a communication device 1700 may include a processor 1701 . Optionally, the communication device 1700 may further include a memory 1702 and/or a transceiver 1703 . Among them, processor 1701 and memory 1702 and transceiver 1703 are coupled, such as may be connected by a communication bus.

The components of the communication device 1700 are specifically introduced below in conjunction with FIG. 17 :

Wherein, the processor 1701 is the control center of the communication device 1700, and may be one processor, or may be a general term for multiple processing elements. For example, the processor 1701 is one or more central processing units (central processing unit, CPU), may also be a specific integrated circuit (application specific integrated circuit, ASIC), or is configured to implement one or more An integrated circuit, for example: one or more microprocessors (digital signal processor, DSP), or, one or more field programmable gate arrays (field programmable gate array, FPGA).

Optionally, the processor 1701 can execute various functions of the communication device 1700 by running or executing software programs stored in the memory 1702 and calling data stored in the memory 1702 .

In a specific implementation, as an embodiment, the processor 1701 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 17 .

In a specific implementation, as an embodiment, the communication device 1700 may also include multiple processors, for example, the processor 1701 and the processor 1704 shown in FIG. 17 . Each of these processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

Wherein, the memory 1702 is used to store the software program for executing the solution of the present application, and the execution is controlled by the processor 1701 . The specific implementation may refer to the above-mentioned method embodiment, which will not be repeated here.

Optionally, the memory 1702 may be a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, or a random access memory (random access memory, RAM) that can store information and Other types of dynamic storage devices for instructions can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical discs storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media, or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and any other medium that can be accessed by a computer, but is not limited to. The memory 1702 can be integrated with the processor 1701 or exist independently, and is coupled with the processor 1701 through an interface circuit (not shown in FIG. 17 ) of the communication device 1700 , which is not specifically limited in this embodiment of the present application.

The transceiver 1703 is used for communication with other communication devices. For example, the communication apparatus 1700 is a terminal device, and the transceiver 1703 may be used to communicate with an access network device, or communicate with another terminal device. For another example, the communication apparatus 1700 is an access network device, and the transceiver 1703 may be used to communicate with a terminal device, or communicate with another access network device.

Optionally, the transceiver 1703 may include a receiver and a transmitter (not separately shown in FIG. 17 ). Wherein, the receiver is used to realize the receiving function, and the transmitter is used to realize the sending function.

Optionally, the transceiver 1703 may be integrated with the processor 1701, or may exist independently, and be coupled to the processor 1701 through an interface circuit (not shown in FIG. 17 ) of the communication device 1700, which is not made in this embodiment of the present application. Specific limits.

It should be noted that the structure of the communication device 1700 shown in FIG. 17 does not constitute a limitation to the communication device, and an actual communication device may include more or less components than shown in the figure, or combine certain components, or No same component arrangement.

In addition, for the technical effects of the communication device 1700, reference may be made to the technical effects of the communication methods described in the foregoing method embodiments, which will not be repeated here.

An embodiment of the present application provides a communication system. The communication system includes the above-mentioned one or more terminal devices, and one or more access network devices. Optionally, the communication system may further include: core network equipment.

It should be understood that the processor in the embodiment of the present application may be a central processing unit (central processing unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processor, DSP), dedicated integrated Circuit (application specific integrated circuit, ASIC), off-the-shelf programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

It should also be understood that the memory in the embodiments of the present application may be a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memories. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of random access memory (RAM) are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory Access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory Access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).

The above-mentioned embodiments may be implemented in whole or in part by software, hardware (such as circuits), firmware, or other arbitrary combinations. When implemented using software, the above-described embodiments may be implemented in whole or in part in the form of computer program products. The computer program product comprises one or more computer instructions or computer programs. When the computer instruction or computer program is loaded or executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server or data center by wired (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center that includes one or more sets of available media. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media. The semiconductor medium may be a solid state drive.

It should be understood that the term "and/or" in this article is only an association relationship describing associated objects, indicating that there may be three relationships, for example, A and/or B may mean: A exists alone, and A and B exist at the same time , there are three cases of B alone, where A and B can be singular or plural. In addition, the character "/" in this article generally indicates that the associated objects are an "or" relationship, but it may also indicate an "and/or" relationship. For details, please refer to the front and back text to understand.

In this application, "at least one" means one or more, and "multiple" means two or more. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one item (piece) of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .

It should be understood that, in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or an access network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

A communication method, characterized in that, comprising:

sending the first information to the terminal device;

receiving second information from the terminal device; the second information indicates that the first information is successfully received;

generating a key based on a preset rule in response to the first information being successfully received;

Use the key for physical layer encryption or decryption.
The communication method according to claim 1, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication method according to claim 2, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication method according to claim 2 or 3, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication method according to claim 4, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication method according to claim 5, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication method according to any one of claims 2-6, wherein said using said key to perform physical layer encryption or decryption comprises:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
The communication method according to any one of claims 1-7, wherein the first information and the second information are carried in an RRC message.
A communication method, characterized in that, comprising:

receiving first information from an access network device;

Sending second information to the access network device; the second information indicates that the first information is received successfully;

generating a key based on a preset rule in response to the first information being successfully received;

Use the key for physical layer encryption or decryption.
The communication method according to claim 9, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication method according to claim 10, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication method according to claim 11 or 12, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication method according to claim 12, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink physical layer measured values Perform RRC layer measurement values.
The communication method according to claim 13, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication method according to any one of claims 10-14, wherein said using said key to perform physical layer encryption or decryption comprises:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
The communication method according to any one of claims 9-15, wherein the first information and the second information are carried in an RRC message.
A communication method, characterized in that, comprising:

sending third information to the terminal device, where the third information is used to indicate the transmission of the first data;

determining that the first data transmission is successful;

In response to the successful transmission of the first data, sending fourth information to the terminal device; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate that it is used for physical layer encryption or the decryption key needs to be updated, and the second data is different from the first data;

Generate keys based on preset rules;

For the second data, use the key to perform physical layer encryption or decryption.
The communication method according to claim 17, wherein the third information and the fourth information are carried in the NDI field of the downlink control information, and the fourth information is used to pass the fourth The inversion value of the value of the information in the NDI field of the third information in the NDI field indicates that the key used for encryption or decryption of the physical layer needs to be updated.
The communication method according to claim 17 or 18, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combine the plurality of third words segment, and/or, the plurality of fourth fields, to obtain key generation parameters of the key algorithm model.
The communication method according to claim 19, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication method according to claim 19 or 20, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication method according to claim 21, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication method according to claim 22, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication method according to any one of claims 19-23, wherein said using said key to perform physical layer encryption or decryption includes:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
A communication method, characterized in that, comprising:

receiving third information from the access network device, where the third information is used to indicate the transmission of the first data;

If the first data transmission is successful, receiving fourth information from the access network device; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used to indicate the received The key used for physical layer encryption or decryption needs to be updated, and the second data is different from the first data;

Generate keys based on preset rules;

For the second data, use the key to perform physical layer decryption or encryption.
The communication method according to claim 24, wherein the third information and the fourth information are carried in the NDI field of the downlink control information, and the fourth information is used to pass the fourth The inversion value of the value of the information in the NDI field of the third information in the NDI field indicates that the key used for encryption or decryption of the physical layer needs to be updated.
The communication method according to claim 25 or 26, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter, generate a key algorithm the key generation parameters of the model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication method according to claim 27, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication method according to claim 27 or 28, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication method according to claim 29, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication method according to claim 30, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication method according to any one of claims 27-31, wherein said using said key to perform physical layer encryption or decryption includes:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
A communication device, characterized by comprising: a processing module and a transceiver module; wherein,

The transceiver module is configured to send the first information to the terminal device;

The transceiver module is further configured to receive second information from the terminal device; the second information indicates that the first information is successfully received;

The processing module is configured to generate a key based on a preset rule in response to the successful reception of the first information;

The processing module is further configured to use the key to perform physical layer encryption or decryption.
The communication device according to claim 33, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication device according to claim 34, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication device according to claim 34 or 35, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication device according to claim 36, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication device according to claim 37, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication device according to any one of claims 34-38, wherein said using said key to perform physical layer encryption or decryption includes:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
The communication device according to any one of claims 33-39, wherein the first information and the second information are carried in an RRC message.
A communication device, characterized by comprising: a processing module and a transceiver module; wherein,

The transceiver module is configured to receive the first information from the access network device;

The transceiver module is further configured to send second information to the access network device; the second information indicates that the first Information received successfully;

The processing module is configured to generate a key based on a preset rule in response to the successful reception of the first information;

The processing module is further configured to use the key to perform physical layer encryption or decryption.
The communication device according to claim 41, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication device according to claim 42, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication device according to claim 42 or 43, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication device according to claim 44, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication device according to claim 45, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication device according to any one of claims 42-46, wherein said using said key to perform physical layer encryption or decryption includes:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: Bit inverse rotation, or permutation inverse transform.
The communication device according to any one of claims 41-47, wherein the first information and the second information are carried in an RRC message.
A communication device, characterized by comprising: a processing module and a transceiver module; wherein,

The transceiver module is configured to send third information to the terminal device, where the third information is used to indicate the transmission of the first data;

The processing module is configured to determine that the first data transmission is successful;

The transceiver module is further configured to send fourth information to the terminal device in response to the successful transmission of the first data; the fourth information is used to indicate the transmission of the second data, and the fourth information is also used The second data is different from the first data for indicating that a key used for physical layer encryption or decryption needs to be updated;

The processing module is also used to generate keys based on preset rules;

The processing module is further configured to perform physical layer encryption or decryption on the second data using the key.
The communication device according to claim 49, wherein the third information and the fourth information are carried in the NDI field of the downlink control information, and the fourth information is used to pass the fourth The inversion value of the value of the information in the NDI field of the third information in the NDI field indicates that the key used for encryption or decryption of the physical layer needs to be updated.
The communication device according to claim 49 or 50, wherein the preset rules include a first rule, a second rule and a third rule;

The key generation based on preset rules specifically includes:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule; where,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter and/or a plurality of fourth fields in the second encryption parameter based on a third selection rule, and adopting a third combination rule Combining the multiple third fields and/or the multiple fourth fields to obtain key generation parameters of the key algorithm model.
The communication device according to claim 51, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication device according to claim 51 or 52, wherein the first encryption parameter package Including one or more of the following: high-level signaling parameters, or the first random number;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication device according to claim 53, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication device according to claim 54, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication device according to any one of claims 51-55, wherein said using said key to perform physical layer encryption or decryption includes:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
A communication device, characterized by comprising: a processing module and a transceiver module; wherein,

The transceiver module is configured to receive third information from the access network device, where the third information is used to indicate the transmission of the first data;

The transceiver module is further configured to receive fourth information from the access network device when the first data transmission is successful; the fourth information is used to indicate the transmission of the second data, and the The fourth information is also used to indicate that the key used for encryption or decryption at the physical layer needs to be updated, and the second data is different from the first data;

The processing module is configured to generate a key based on preset rules;

The processing module is further configured to perform physical layer decryption or encryption on the second data using the key.
The communication device according to claim 57, wherein the third information and the fourth information are carried in the NDI field of the downlink control information, and the fourth information is used to pass the fourth The inversion value of the value of the information in the NDI field of the third information in the NDI field indicates that the key used for encryption or decryption of the physical layer needs to be updated.
The communication device according to claim 57 or 58, wherein the preset rules include a first rule, a second rule and a third rule;

The processing module is also used to perform the following steps:

Obtaining a first encryption parameter based on the first rule;

Based on the second rule, obtain a second encryption parameter; the update period of the first encryption parameter is greater than the update period of the second encryption parameter, and the first encryption parameter is different from the second encryption parameter;

Based on the third rule, using the first encryption parameter and the second encryption parameter to generate a key generation parameter of a key algorithm model;

Inputting the key generation parameters into the key algorithm model to generate the key;

Wherein, the preset rules include: a first rule and a second rule, and the first rule is different from the second rule; wherein,

The first rule includes: selecting a plurality of first fields in a plurality of first messages based on a first selection rule, and combining the plurality of first fields based on a first combination rule to obtain the first encryption parameter;

The second rule includes: selecting a plurality of second fields in a plurality of second messages based on a second selection rule, and combining the plurality of second fields by using a second combination rule to obtain the second encryption parameter;

The third rule includes: selecting a plurality of third fields in the first encryption parameter based on a third selection rule, and/or, a plurality of fourth fields in the second encryption parameter, and using a third combination Combining the plurality of third fields and/or the plurality of fourth fields according to a rule to obtain key generation parameters of the key algorithm model.
The communication device according to claim 59, wherein the key generation parameters include initial parameters and bifurcation parameters;

The initial parameter is determined according to the first encryption parameter and/or the second encryption parameter, the bifurcation parameter is determined according to the first encryption parameter and/or the second encryption parameter, and the initial parameter different from the bifurcation parameters described.
The communication device according to any one of claims 59-60, wherein the first encryption parameters include one or more of the following: high-level signaling parameters, or first random numbers;

The second encryption parameter includes one or more of the following: a measurement value, or a second random number.
The communication device according to claim 61, wherein the high-level signaling parameters include one or more of the following: RRC layer signaling parameters, or NAS layer signaling parameters;

The measured values include one or more of the following: downlink physical layer measured values, uplink physical layer measured values, or downlink RRC layer measured values.
The communication device according to claim 62, wherein the RRC layer signaling parameters include: user-level physical channel configuration parameters.
The communication device according to any one of claims 59-63, characterized in that,

The processing module is also used to perform the following steps:

Using the key, perform one or more of the following operations on the constellation points to be sent signaling and/or data: phase rotation, or rearrangement; or,

Using the key, perform one or more of the following operations on the constellation points of the received signaling and/or data: phase inverse rotation, or rearrangement inverse transformation.
A communication device, characterized by comprising: a processor coupled to a memory;

The processor is configured to execute the computer program stored in the memory, so that the communication device executes the communication method according to any one of claims 1-32.
A communication system, characterized in that the communication system includes a terminal device and an access network device, wherein the terminal device is used to perform the method according to any one of claims 1-8, and the access network device The network device is used to perform the method according to any one of claims 9-16; or, the terminal device is used to perform the method according to any one of claims 17-24, and the access network device For performing the method as described in any one of claims 25-32.
A computer-readable storage medium, characterized in that the computer-readable storage medium includes a computer program or instruction, and when the computer program or instruction is run on a computer, the computer executes the computer program described in claims 1-32. The communication method described in any one.
A computer program product, characterized in that the computer program product comprises: a computer program or an instruction, when the computer program or instruction is run on a computer, the computer executes any one of claims 1-32 the communication method described.