WO2024066347A1 - Bearer establishment processing method, apparatus and system, and base station - Google Patents

Bearer establishment processing method, apparatus and system, and base station Download PDF

Info

Publication number
WO2024066347A1
WO2024066347A1 PCT/CN2023/091866 CN2023091866W WO2024066347A1 WO 2024066347 A1 WO2024066347 A1 WO 2024066347A1 CN 2023091866 W CN2023091866 W CN 2023091866W WO 2024066347 A1 WO2024066347 A1 WO 2024066347A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
air interface
algorithm
security algorithm
bearer
Prior art date
Application number
PCT/CN2023/091866
Other languages
French (fr)
Chinese (zh)
Inventor
代九龙
唐雪
柏燕民
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2024066347A1 publication Critical patent/WO2024066347A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

The embodiments of the present disclosure provide a bearer establishment processing method, apparatus and system, and a base station. The method comprises: receiving a bearer establishment request, sent by a core network, for establishing a bearer with a terminal; determining a service scenario of the terminal; configuring, for the terminal, an air interface security algorithm of a data bearer according to the service scenario, wherein the air interface security algorithm comprises a confidentiality algorithm and an integrity algorithm; and after the configuration is successful, sending a bearer establishment completion message to the core network. Therefore, the problem in the relevant art of the same confidentiality and integrity protection algorithm being configured for terminals accessing the same base station, such that differentiated requirements of private networks and industry users for confidentiality and integrity protection algorithms and demands thereof for flexible configuration cannot be satisfied, can be solved; and an air interface security algorithm is configured according to a service scenario, and different confidentiality and integrity protection algorithms are configured for different service scenarios, thereby satisfying differentiated requirements of private networks and industry users for confidentiality and integrity protection algorithms and demands thereof for flexible configuration.

Description

承载建立处理方法、装置、系统及基站Bearer establishment processing method, device, system and base station
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本公开基于2022年09月30日提交的发明名称为“承载建立处理方法、装置、系统及基站”的中国专利申请CN202211215683.3,并且要求该专利申请的优先权,通过引用将其所公开的内容全部并入本公开。This disclosure is based on Chinese patent application CN202211215683.3, filed on September 30, 2022, with the invention name “Bearer establishment processing method, device, system and base station”, and claims the priority of the patent application, and all the contents disclosed therein are incorporated into this disclosure by reference.
技术领域Technical Field
本公开实施例涉及通信领域,具体而言,涉及一种承载建立处理方法、装置、系统及基站。The embodiments of the present disclosure relate to the field of communications, and in particular, to a method, device, system and base station for carrying out establishment processing.
背景技术Background technique
在初始接入时,核心网通过Initial Context Setup Request消息将UE的安全能力携带到基站侧,基站结合自身所支持的安全算法能力和UE的安全能力,得到一个小集合的安全能力,再根据基站配置的安全算法优先级,选择给UE配置的机密性和完整性保护算法,最后通过接入层(Access Stratum,简称为AS)Security Mode Command消息,将基站所选择的UE的机密性和完整性算法下发到UE侧,UE将该安全算法来配置到控制面和用户面,用于信令和用户数据的机密性和完整性保护。At the time of initial access, the core network carries the UE's security capabilities to the base station side through the Initial Context Setup Request message. The base station combines the security algorithm capabilities supported by itself and the security capabilities of the UE to obtain a small set of security capabilities, and then selects the confidentiality and integrity protection algorithm configured for the UE according to the security algorithm priority configured by the base station. Finally, the confidentiality and integrity algorithm of the UE selected by the base station is sent to the UE side through the Access Stratum (AS) Security Mode Command message. The UE configures the security algorithm to the control plane and user plane for confidentiality and integrity protection of signaling and user data.
除部分UE对于安全算法能力支持的差异性之外,接入同一个基站的终端最终选择的机密性和完整性保护算法是一样的,无法满足专网、行业用户对于机密性和完整性保护算法的差异性要求和可灵活配置的诉求。In addition to the differences in security algorithm capability support among some UEs, the confidentiality and integrity protection algorithms ultimately selected by terminals accessing the same base station are the same, which cannot meet the differentiated requirements and flexible configuration demands of private networks and industry users for confidentiality and integrity protection algorithms.
针对相关技术中对于接入同一个基站的终端配置相同的机密性和完整性保护算法,无法满足专网、行业用户对于机密性和完整性保护算法的差异性要求和可灵活配置的诉求的问题,尚未提出解决方案。Regarding the problem that the related technology configures the same confidentiality and integrity protection algorithms for terminals accessing the same base station, which cannot meet the different requirements and flexible configuration demands of private networks and industry users for confidentiality and integrity protection algorithms, no solution has been proposed yet.
发明内容Summary of the invention
本公开实施例提供了一种承载建立处理方法、装置、系统及基站,以解决相关技术中对于接入同一个基站的终端配置相同的机密性和完整性保护算法,无法满足专网、行业用户对于机密性和完整性保护算法的差异性要求和可灵活配置的诉求的问题。The disclosed embodiments provide a bearer establishment processing method, device, system and base station to solve the problem in the related art that the same confidentiality and integrity protection algorithms are configured for terminals accessing the same base station, which cannot meet the different requirements and flexible configuration demands of private networks and industry users for confidentiality and integrity protection algorithms.
根据本公开的一个实施例,提供了一种承载建立处理方法,所述方法包括:According to an embodiment of the present disclosure, a bearer establishment processing method is provided, the method comprising:
接收核心网发送的与终端建立承载的承载建立请求;Receiving a bearer establishment request sent by the core network to establish a bearer with the terminal;
确定所述终端的业务场景;Determining a service scenario of the terminal;
根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;According to the service scenario, configure an air interface security algorithm for data bearer for the terminal, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
在配置成功之后,向所述核心网发送承载建立完成消息。After the configuration is successful, a bearer establishment completion message is sent to the core network.
根据本公开的另一个实施例,还提供了一种承载建立处理装置,所述装置包括:According to another embodiment of the present disclosure, a bearer establishment processing device is also provided, the device comprising:
第一接收模块,设置为接收核心网发送的与终端建立承载的承载建立请求;A first receiving module, configured to receive a bearer establishment request sent by a core network to establish a bearer with a terminal;
确定模块,设置为确定所述终端的业务场景;A determination module, configured to determine a service scenario of the terminal;
第一配置模块,设置为根据所述业务场景为所述终端配置数据承载的空口安全算法,其 中,所述空口安全算法包括机密性算法与完整性算法;The first configuration module is configured to configure an air interface security algorithm for data bearer for the terminal according to the service scenario. In the above, the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
第一发送模块,设置为在配置成功之后,向所述核心网发送承载建立完成消息。The first sending module is configured to send a bearer establishment completion message to the core network after the configuration is successful.
根据本公开的另一个实施例,还提供了一种基站,所述基站包括:上述任一项承载建立处理装置。According to another embodiment of the present disclosure, a base station is further provided, and the base station includes: any one of the above-mentioned bearer establishment processing devices.
根据本公开的另一个实施例,还提供了一种承载建立处理系统,所述系统包括:基站与核心网,其中,According to another embodiment of the present disclosure, a bearer establishment processing system is also provided, the system comprising: a base station and a core network, wherein:
所述核心网,用于向所述基站发送与终端建立承载的承载建立请求The core network is used to send a bearer establishment request to the base station to establish a bearer with the terminal
所述基站,用于接收所述承载建立请求,确定所述终端的业务场景,根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;在配置成功之后,向所述核心网发送承载建立完成消息。The base station is used to receive the bearer establishment request, determine the service scenario of the terminal, and configure an air interface security algorithm for data bearer for the terminal according to the service scenario, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm; after successful configuration, send a bearer establishment completion message to the core network.
根据本公开的又一个实施例,还提供了一种计算机可读的存储介质,所述存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。According to another embodiment of the present disclosure, a computer-readable storage medium is provided, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
根据本公开的又一个实施例,还提供了一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述任一项方法实施例中的步骤。According to another embodiment of the present disclosure, an electronic device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本公开实施例的承载建立处理方法的网络设备的硬件结构框图;1 is a hardware structure block diagram of a network device of a bearer establishment processing method according to an embodiment of the present disclosure;
图2是根据本公开实施例的承载建立处理方法的流程图;FIG2 is a flow chart of a bearer establishment processing method according to an embodiment of the present disclosure;
图3是根据本实施例的基于PLMN、切片以及优先级业务的PNI-NPN/SNPN场景的示意图;FIG3 is a schematic diagram of a PNI-NPN/SNPN scenario based on PLMN, slices, and priority services according to this embodiment;
图4是根据本实施例的机密性和完整性算法的防护的示意图;FIG4 is a schematic diagram of protection of confidentiality and integrity algorithms according to this embodiment;
图5是根据本实施例的基于切片的终端接入的流程图;FIG5 is a flow chart of slice-based terminal access according to this embodiment;
图6是根据本实施例的区分业务通道建立和加密、完整性保护算法选择操作的流程图;6 is a flowchart of distinguishing the establishment of a service channel and the selection of encryption and integrity protection algorithms according to the present embodiment;
图7是根据本公开实施例的承载建立处理装置的框图;FIG7 is a block diagram of a bearer establishment processing device according to an embodiment of the present disclosure;
图8是根据本公开实施例的承载建立处理系统的框图。FIG8 is a block diagram of a bearer establishment processing system according to an embodiment of the present disclosure.
具体实施方式Detailed ways
下文中将参考附图并结合实施例来详细说明本公开的实施例。Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings and in combination with the embodiments.
需要说明的是,本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that the terms "first", "second", etc. in the specification and claims of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.
本公开实施例中所提供的方法实施例可以在网络设备或者类似的运算装置中执行。以运行在网络设备上为例,图1是本公开实施例的承载建立处理方法的网络设备的硬件结构框图,如图1所示,网络设备可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件等的处理装置)和用于存储数据的存储器104,其中,上述网络设备还可以包括用于通信功能的传输设备106以及输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述网络设备的结构造成限定。例如,网络设备还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。 The method embodiments provided in the embodiments of the present disclosure can be executed in a network device or a similar computing device. Taking the operation on a network device as an example, FIG. 1 is a hardware structure block diagram of a network device of the bearer establishment processing method of the embodiment of the present disclosure. As shown in FIG. 1 , the network device may include one or more (only one is shown in FIG. 1 ) processors 102 (the processor 102 may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device) and a memory 104 for storing data, wherein the above-mentioned network device may also include a transmission device 106 and an input/output device 108 for communication functions. It can be understood by those skilled in the art that the structure shown in FIG. 1 is only for illustration, and it does not limit the structure of the above-mentioned network device. For example, the network device may also include more or fewer components than those shown in FIG. 1 , or have a configuration different from that shown in FIG. 1 .
存储器104可用于存储计算机程序,例如,应用软件的软件程序以及模块,如本公开实施例中的承载建立处理方法对应的计算机程序,处理器102通过运行存储在存储器104内的计算机程序,从而执行各种功能应用以及承载建立处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至网络设备。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as the computer program corresponding to the bearer establishment processing method in the embodiment of the present disclosure. The processor 102 executes various functional applications and bearer establishment processing by running the computer program stored in the memory 104, that is, implementing the above method. The memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include a memory remotely arranged relative to the processor 102, and these remote memories may be connected to the network device via a network. Examples of the above-mentioned network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
传输设备106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括网络设备的通信供应商提供的无线网络。在一个实例中,传输设备106包括一个网络适配器(Network Interface Controller,简称为NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输设备106可以为射频(Radio Frequency,简称为RF)模块,其用于通过无线方式与互联网进行通讯。The transmission device 106 is used to receive or send data via a network. The specific example of the above network may include a wireless network provided by a communication provider of the network device. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, referred to as NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 106 can be a radio frequency (Radio Frequency, referred to as RF) module, which is used to communicate with the Internet wirelessly.
在本实施例中提供了一种运行于上述网络设备或网络架构的承载建立处理方法,图2是根据本公开实施例的承载建立处理方法的流程图,如图2所示,该流程包括如下步骤:In this embodiment, a bearer establishment processing method running on the above network device or network architecture is provided. FIG. 2 is a flow chart of the bearer establishment processing method according to an embodiment of the present disclosure. As shown in FIG. 2 , the process includes the following steps:
步骤S202,接收核心网发送的与终端建立承载的承载建立请求;Step S202, receiving a bearer establishment request sent by the core network to establish a bearer with the terminal;
步骤S204,确定所述终端的业务场景;Step S204, determining the service scenario of the terminal;
本实施例中,上述步骤S204具体可以包括:从核心网获取所述终端的公共陆地移动网(Public Land Mobile Network,简称为PLMN)、切片和/或业务优先级;根据所述终端的PLMN、切片和/或业务优先级确定所述终端的业务场景。In this embodiment, the above step S204 may specifically include: obtaining the public land mobile network (Public Land Mobile Network, abbreviated as PLMN), slice and/or service priority of the terminal from the core network; determining the service scenario of the terminal according to the PLMN, slice and/or service priority of the terminal.
步骤S206,根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;Step S206, configuring an air interface security algorithm for data bearer for the terminal according to the service scenario, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
步骤S208,在配置成功之后,向所述核心网发送承载建立完成消息。Step S208: After the configuration is successful, a bearer establishment completion message is sent to the core network.
通过上述步骤S202至S208,可以解决相关技术中对于接入同一个基站的终端配置相同的机密性和完整性保护算法,无法满足专网、行业用户对于机密性和完整性保护算法的差异性要求和可灵活配置的诉求的问题,根据业务场景配置空口安全算法,不同的业务场景配置不同的机密性和完整性保护算法,满足了专网、行业用户对于机密性和完整性保护算法的差异性要求和可灵活配置的诉求。Through the above steps S202 to S208, the problem in the related technology that the same confidentiality and integrity protection algorithm is configured for terminals accessing the same base station, which cannot meet the different requirements and flexible configuration demands of private networks and industry users for confidentiality and integrity protection algorithms, can be solved. The air interface security algorithm is configured according to the business scenario, and different confidentiality and integrity protection algorithms are configured for different business scenarios, which meets the different requirements and flexible configuration demands of private networks and industry users for confidentiality and integrity protection algorithms.
本实施例中,上述步骤S206具体可以包括:根据所述终端的PLMN、切片和/或业务优先级为所述终端配置所述空口安全算法,进一步的,根据预先设置的PLMN、切片和/或业务优先级与所述空口安全算法的对应关系确定所述终端的PLMN、切片和/或业务优先级对应的所述空口安全算法;通过空口配置消息将所述空口安全算法发送给所述终端;接收所述终端回复的承载安全算法配置完成消息。In this embodiment, the above-mentioned step S206 may specifically include: configuring the air interface security algorithm for the terminal according to the PLMN, slice and/or service priority of the terminal, and further, determining the air interface security algorithm corresponding to the PLMN, slice and/or service priority of the terminal according to the correspondence between the pre-set PLMN, slice and/or service priority and the air interface security algorithm; sending the air interface security algorithm to the terminal through an air interface configuration message; and receiving the bearer security algorithm configuration completion message replied by the terminal.
在一实施例中,所述方法还包括:为所述终端配置默认的空口安全算法;通过安全模式命令消息将所述默认的空口安全算法发送给所述终端,所述默认的空口安全算法用于信令的安全防护,其中,所述默认的空口安全算法包括机密性算法与完整性算法;接收所述终端回复的默认安全算法配置完成消息。In one embodiment, the method also includes: configuring a default air interface security algorithm for the terminal; sending the default air interface security algorithm to the terminal via a security mode command message, wherein the default air interface security algorithm is used for security protection of signaling, wherein the default air interface security algorithm includes a confidentiality algorithm and an integrity algorithm; and receiving a default security algorithm configuration completion message replied by the terminal.
在另一实施例中,在上述步骤S202之前,所述方法还包括:接收网管在基于业务场景配置所述空口安全算法之后通过安全传输通道同步的所述空口安全算法。In another embodiment, before the above step S202, the method further includes: receiving the air interface security algorithm synchronized through a secure transmission channel after the network manager configures the air interface security algorithm based on a service scenario.
图3是根据本实施例的基于PLMN、切片以及优先级业务的PNI-NPN/SNPN场景的示意图, 如图3所示,基于PLMN、切片以及优先级业务的PNI-NPN/SNPN场景,所有的5G设备以及大部分网络运营都在运营商,专网用户通过向运营商申请SIM卡并签约特定场景来为专网终端提供端到端、隔离的业务通道和网络。该场景下,专网用户可以向运营商订阅基于PLMN、切片以及优先级业务的机密性和完整性算法配置服务,用户可以根据实际的业务场景进行差异化配置,如高QOE场景或安全性低的场景,将用户面的机密性和完整性保护算法配置为NEA0和NIA0;高安全性要求的场景,将用户面的机密性和完整性保护算法配置为NEA3和NIA3.FIG3 is a schematic diagram of a PNI-NPN/SNPN scenario based on PLMN, slices, and priority services according to this embodiment, As shown in Figure 3, in the PNI-NPN/SNPN scenario based on PLMN, slices, and priority services, all 5G devices and most network operations are in the hands of the operator. Private network users apply for SIM cards from the operator and sign up for specific scenarios to provide end-to-end, isolated service channels and networks for private network terminals. In this scenario, private network users can subscribe to the confidentiality and integrity algorithm configuration service based on PLMN, slices, and priority services from the operator. Users can make differentiated configurations based on actual service scenarios. For example, in high QOE scenarios or low security scenarios, the confidentiality and integrity protection algorithms of the user plane are configured as NEA0 and NIA0; in scenarios with high security requirements, the confidentiality and integrity protection algorithms of the user plane are configured as NEA3 and NIA3.
能力开放场景,随着5G+行业的不断深入,专网、行业用户对园区、厂区的不同业务场景的精细化要求越来越突出,衍生出的就是对于不同业务的场景的业务能力进行差异化的可控配置,也即对业务能力开放的诉求,安全作为业务展开的基石和必要功能,在能力开发场景下,专网用户可以基于PLMN、切片以及业务优先级的机密性和完整性算法配置能力开放,灵活的根据业务场景对PLMN、切片以及业务优先级的安全能力进行配置和修改等。Capability exposure scenarios. With the continuous deepening of the 5G+ industry, private networks and industry users have increasingly prominent requirements for the refinement of different business scenarios in parks and factories. What has emerged is the differentiated and controllable configuration of business capabilities for different business scenarios, that is, the demand for the opening of business capabilities. Security is the cornerstone and necessary function for business development. In the capability development scenario, private network users can configure capability opening based on the confidentiality and integrity algorithms of PLMN, slices, and business priorities, and flexibly configure and modify the security capabilities of PLMN, slices, and business priorities according to business scenarios.
本实施例可以采用纯软件的方法,对硬件没有依赖和要求,图4是根据本实施例的机密性和完整性算法的防护的示意图,如图4所示,通过网管配置基于PLMN、切片以及业务优先级的机密性和完整性算法,并通过安全传输通道同步到基站,基站根据UE接入时携带的UE安全能力以及信令、业务交互信息,选择该细粒度下的承载最终所使用的机密性和完整性保护算法,并通过空口配置消息下发到UE,后期通过该场景下进行的业务都会受到选择的机密性和完整性算法的防护。This embodiment can adopt a pure software method without any dependence or requirement on hardware. Figure 4 is a schematic diagram of the protection of the confidentiality and integrity algorithm according to this embodiment. As shown in Figure 4, the confidentiality and integrity algorithm based on PLMN, slice and service priority is configured by the network management and synchronized to the base station through a secure transmission channel. The base station selects the confidentiality and integrity protection algorithm ultimately used by the bearer at this fine-grained level based on the UE security capability and signaling and service interaction information carried by the UE when it accesses, and sends it to the UE through an air interface configuration message. All subsequent services carried out in this scenario will be protected by the selected confidentiality and integrity algorithm.
图5是根据本实施例的基于切片的终端接入的流程图,如图5所示,具体步骤如下:FIG5 is a flow chart of slice-based terminal access according to this embodiment. As shown in FIG5 , the specific steps are as follows:
步骤S501,基站收到核心网发送的承载建立请求;Step S501, the base station receives a bearer establishment request sent by the core network;
基站收到核心网发送的UE的上下文,用于基站建立切片、PDU会话、承载以及安全算法选择等。The base station receives the UE context sent by the core network, which is used by the base station to establish slices, PDU sessions, bearers, and security algorithm selection.
步骤S502,基站为AS层选择机密性和完整性保护算法,包括默认安全算法和基于PLMN、切片以及业务优先级的安全算法;Step S502: The base station selects a confidentiality and integrity protection algorithm for the AS layer, including a default security algorithm and a security algorithm based on PLMN, slice, and service priority;
根据UE上下文中的UE安全能力以及基站配置的默认安全算法以及基于PLMN、切片以及业务优先级的安全算法来选择AS层的默认安全算法以及基于PLMN、切片以及业务优先级的安全算法,如果没有配置基于PLMN、切片以及业务优先级的安全算法,则使用默认的安全算法。The default security algorithm of the AS layer and the security algorithm based on PLMN, slice and service priority are selected according to the UE security capabilities in the UE context, the default security algorithm configured by the base station, and the security algorithm based on PLMN, slice and service priority. If the security algorithm based on PLMN, slice and service priority is not configured, the default security algorithm is used.
步骤S503,基站给UE下发AS层安全模式命令,配置默认安全算法,用于信令的机密性和完整性保护;Step S503: The base station sends an AS layer security mode command to the UE to configure a default security algorithm for confidentiality and integrity protection of signaling.
步骤S 504,基站收到UE的AS层安全模式完成消息,消息回复默认安全算法配置成功;Step S 504, the base station receives the AS layer security mode completion message from the UE, and the message replies that the default security algorithm configuration is successful;
步骤S505,基站给UE下发信令或业务消息配置,来配置DRB承载安全算法,用于用户数据的机密性和完整性保护;Step S505: The base station sends a signaling or service message configuration to the UE to configure a DRB bearer security algorithm for confidentiality and integrity protection of user data;
步骤S506,基站收到UE配置DRB承载安全算法成功的消息回复;Step S506, the base station receives a message reply indicating that the UE has successfully configured the DRB bearer security algorithm;
步骤S507,基站给核心网回复承载配置成功的回复消息。Step S507: The base station sends a reply message indicating successful bearer configuration to the core network.
基站通过AS层安全模式命令消息下发配置AS层默认的安全算法,用于信令的机密性和完整性保护,对于没有配置基于PLMN、切片以及业务优先级的承载,使用默认安全算法用于用户面的机密性和完整性保护;基站通过信令或业务消息下发会话、承载建立相关的信息,其中包括基于PLMN、切片以及业务优先级的安全算法用于用户数据的机密性和完整性保护,基于PLMN、切片以及业务优先级下的所有承载使用相同的安全算法。 The base station sends the default security algorithm of the AS layer through the AS layer security mode command message, which is used for the confidentiality and integrity protection of signaling. For bearers that are not configured based on PLMN, slice and service priority, the default security algorithm is used for the confidentiality and integrity protection of the user plane; the base station sends session and bearer establishment related information through signaling or service messages, including the security algorithm based on PLMN, slice and service priority for the confidentiality and integrity protection of user data. All bearers based on PLMN, slice and service priority use the same security algorithm.
图6是根据本实施例的区分业务通道建立和加密、完整性保护算法选择操作的流程图,如图6所示,根据终端的PLMN、切片以及业务优先级不同分配不同的安全算法;由于专网客户对于不同PLMN、切片以及业务优先级场景的机密性和完整性保护算法的要求所有所不同,如对安全性要求不高但对用户体验质量(Quality of User Experience,简称为QOE)要求高的场景,选择NULL算法,如对安全性要求较高的行业、政企来说,选择ZUC算法。通道1(如满足QOE场景)和通道2(如满足高安全性要求)可以根据基站的PLMN、切片以及业务优先级差异性安全算法配置,来满足不同业务场景的要求。具体包括以下步骤:Figure 6 is a flowchart of distinguishing the establishment of service channels and the selection of encryption and integrity protection algorithms according to the present embodiment. As shown in Figure 6, different security algorithms are assigned according to the PLMN, slice and service priority of the terminal; since the requirements of private network customers for confidentiality and integrity protection algorithms in different PLMN, slice and service priority scenarios are different, such as scenarios with low security requirements but high requirements for quality of user experience (Quality of User Experience, referred to as QOE), the NULL algorithm is selected; for industries, government and enterprises with high security requirements, the ZUC algorithm is selected. Channel 1 (if it meets the QOE scenario) and channel 2 (if it meets the high security requirements) can be configured according to the security algorithm differences of the base station's PLMN, slice and service priority to meet the requirements of different service scenarios. Specifically, the following steps are included:
步骤S601,基站收到核心网建立承载的请求。Step S601: The base station receives a request from the core network to establish a bearer.
步骤S602,根据终端签约数据参数区分不同的通道,从而区分不同的业务场景。Step S602: Different channels are distinguished according to the terminal subscription data parameters, thereby distinguishing different service scenarios.
步骤S603,基站根据配置选择通道1的安全算法,其中,通道1:PLMN1或切片1或业务优先级1,基站配置机密性算法的优先级顺序为NEA0;NEA1;NEA2;NEA3;完整性算法的优先级顺序为NIA0;NIA1;NIA2;NIA3。如果UE安全能力和基站安全能力对所有安全算法都支持的情况下,通道1会选择NEA0用于用户数据的机密性,选择NIA0用于用户数据的完整性保护;Step S603, the base station selects the security algorithm of channel 1 according to the configuration, where channel 1: PLMN1 or slice 1 or service priority 1, the priority order of the confidentiality algorithm configured by the base station is NEA0; NEA1; NEA2; NEA3; the priority order of the integrity algorithm is NIA0; NIA1; NIA2; NIA3. If the UE security capability and the base station security capability support all security algorithms, channel 1 will select NEA0 for confidentiality of user data and select NIA0 for integrity protection of user data;
步骤S604,基站将通道1选择的安全算法通过承载配置消息下发到UE,UE采用NEA0和NIA0用于用户数据的机密性和完整性保护;Step S604, the base station sends the security algorithm selected by channel 1 to the UE through a bearer configuration message, and the UE uses NEA0 and NIA0 for confidentiality and integrity protection of user data;
步骤S605,基站根据配置选择通道2的安全算法,其中,通道2:PLMN2或切片2或业务优先级2,基站配置机密性算法的优先级顺序为NEA3;NEA1;NEA2;NEA0;完整性算法的优先级顺序为NIA3;NIA1;NIA2;NIA0。如果UE安全能力和基站安全能力对所有安全算法都支持的情况下,通道2会选择NEA3用于用户数据的机密性,选择NIA3用于用户数据的完整性保护;Step S605, the base station selects the security algorithm of channel 2 according to the configuration, where channel 2: PLMN2 or slice 2 or service priority 2, the base station configures the confidentiality algorithm priority order as NEA3; NEA1; NEA2; NEA0; the integrity algorithm priority order as NIA3; NIA1; NIA2; NIA0. If the UE security capability and the base station security capability support all security algorithms, channel 2 will select NEA3 for confidentiality of user data and select NIA3 for integrity protection of user data;
步骤S606,基站将通道2选择的算法通过承载配置消息下发到UE,UE采用NEA3和NIA3用于用户数据的机密性和完整性保护。Step S606: The base station sends the algorithm selected by channel 2 to the UE through a bearer configuration message, and the UE uses NEA3 and NIA3 for confidentiality and integrity protection of user data.
步骤S607,配置成功后给核心网回复承载建立完成消息。Step S607: After the configuration is successful, a bearer establishment completion message is sent to the core network.
根据本公开的另一个实施例,还提供了一种承载建立处理装置,图7是根据本公开实施例的承载建立处理装置的框图,如图7所示,所述装置包括:According to another embodiment of the present disclosure, a bearer establishment processing device is further provided. FIG. 7 is a block diagram of the bearer establishment processing device according to an embodiment of the present disclosure. As shown in FIG. 7 , the device includes:
第一接收模块72,设置为接收核心网发送的与终端建立承载的承载建立请求;A first receiving module 72 is configured to receive a bearer establishment request sent by a core network to establish a bearer with a terminal;
确定模块74,设置为确定所述终端的业务场景;A determination module 74, configured to determine a service scenario of the terminal;
第一配置模块76,设置为根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;A first configuration module 76 is configured to configure an air interface security algorithm for data bearer for the terminal according to the service scenario, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
第一发送模块78,设置为在配置成功之后,向所述核心网发送承载建立完成消息。The first sending module 78 is configured to send a bearer establishment completion message to the core network after the configuration is successful.
在一实施例中,所述确定模块74包括:In one embodiment, the determination module 74 includes:
获取子模块,设置为从核心网获取所述终端的PLMN、切片和/或业务优先级;An acquisition submodule, configured to obtain the PLMN, slice and/or service priority of the terminal from the core network;
确定子模块,设置为根据所述终端的PLMN、切片和/或业务优先级确定所述终端的业务场景。A determination submodule is configured to determine the service scenario of the terminal based on the PLMN, slice and/or service priority of the terminal.
在一实施例中,所述第一配置模块76包括:In one embodiment, the first configuration module 76 includes:
配置子模块,设置为根据所述终端的PLMN、切片和/或业务优先级为所述终端配置所述空口安全算法;A configuration submodule, configured to configure the air interface security algorithm for the terminal according to the PLMN, slice and/or service priority of the terminal;
发送子模块,设置为通过空口配置消息将所述空口安全算法发送给所述终端;A sending submodule, configured to send the air interface security algorithm to the terminal via an air interface configuration message;
接收子模块,设置为接收所述终端回复的承载安全算法配置完成消息。 The receiving submodule is configured to receive a bearer security algorithm configuration completion message replied by the terminal.
在一实施例中,所述配置子模块,还用于根据预先设置的PLMN、切片和/或业务优先级与所述空口安全算法的对应关系确定所述终端的PLMN、切片和/或业务优先级对应的所述空口安全算法。In one embodiment, the configuration submodule is also used to determine the air interface security algorithm corresponding to the PLMN, slice and/or service priority of the terminal based on the correspondence between the pre-set PLMN, slice and/or service priority and the air interface security algorithm.
在一实施例中,所述装置还包括:In one embodiment, the device further comprises:
第二配置模块,设置为为所述终端配置默认的空口安全算法;A second configuration module is configured to configure a default air interface security algorithm for the terminal;
第二发送模块,设置为通过安全模式命令消息将所述默认的空口安全算法发送给所述终端,所述默认的空口安全算法用于信令的安全防护,其中,所述默认的空口安全算法包括机密性算法与完整性算法;A second sending module is configured to send the default air interface security algorithm to the terminal through a security mode command message, wherein the default air interface security algorithm is used for security protection of signaling, wherein the default air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
第二接收模块,设置为接收所述终端回复的默认安全算法配置完成消息。The second receiving module is configured to receive a default security algorithm configuration completion message replied by the terminal.
在一实施例中,所述装置还包括:In one embodiment, the device further comprises:
第三接收模块,设置为接收网管在基于业务场景配置所述空口安全算法之后通过安全传输通道同步的所述空口安全算法。The third receiving module is configured to receive the air interface security algorithm synchronized through the secure transmission channel after the network management configures the air interface security algorithm based on the service scenario.
根据本公开的另一个实施例,还提供了一种承载建立处理系统,图8是根据本公开实施例的承载建立处理系统的框图,如图8所示,所述系统包括:核心网82与基站84,其中,According to another embodiment of the present disclosure, a bearer establishment processing system is also provided. FIG8 is a block diagram of a bearer establishment processing system according to an embodiment of the present disclosure. As shown in FIG8 , the system includes: a core network 82 and a base station 84, wherein:
所述核心网82,用于向所述基站84发送与终端建立承载的承载建立请求;The core network 82 is used to send a bearer establishment request to the base station 84 to establish a bearer with the terminal;
所述基站84,用于接收所述承载建立请求,确定所述终端的业务场景,根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;在配置成功之后,向所述核心网发送承载建立完成消息。The base station 84 is used to receive the bearer establishment request, determine the service scenario of the terminal, and configure the air interface security algorithm of the data bearer for the terminal according to the service scenario, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm; after successful configuration, send a bearer establishment completion message to the core network.
根据本公开的另一个实施例,还提供了一种基站,所述基站包括:上述任一项承载建立处理装置。According to another embodiment of the present disclosure, a base station is further provided, and the base station includes: any one of the above-mentioned bearer establishment processing devices.
本公开的实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序,其中,该计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。An embodiment of the present disclosure further provides a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
在一个示例性实施例中,上述计算机可读存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。In an exemplary embodiment, the above-mentioned computer-readable storage medium may include, but is not limited to: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk or an optical disk, and other media that can store computer programs.
本公开的实施例还提供了一种电子装置,包括存储器和处理器,该存储器中存储有计算机程序,该处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。An embodiment of the present disclosure further provides an electronic device, including a memory and a processor, wherein a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
在一个示例性实施例中,上述电子装置还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。In an exemplary embodiment, the electronic device may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
本实施例中的具体示例可以参考上述实施例及示例性实施方式中所描述的示例,本实施例在此不再赘述。For specific examples in this embodiment, reference may be made to the examples described in the above embodiments and exemplary implementation modes, and this embodiment will not be described in detail herein.
显然,本领域的技术人员应该明白,上述的本公开的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路 模块来实现。这样,本公开不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above-mentioned modules or steps of the present disclosure can be implemented by a general-purpose computing device, they can be concentrated on a single computing device, or distributed on a network composed of multiple computing devices, they can be implemented by a program code executable by the computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, the steps shown or described can be executed in a different order than here, or they can be made into individual integrated circuit modules, or multiple modules or steps can be made into a single integrated circuit. Thus, the present disclosure is not limited to any specific combination of hardware and software.
以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。 The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure. For those skilled in the art, the present disclosure may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the principles of the present disclosure shall be included in the protection scope of the present disclosure.

Claims (11)

  1. 一种承载建立处理方法,所述方法包括:A bearer establishment processing method, the method comprising:
    接收核心网发送的与终端建立承载的承载建立请求;Receiving a bearer establishment request sent by the core network to establish a bearer with the terminal;
    确定所述终端的业务场景;Determining a service scenario of the terminal;
    根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;According to the service scenario, configure an air interface security algorithm for data bearer for the terminal, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
    在配置成功之后,向所述核心网发送承载建立完成消息。After the configuration is successful, a bearer establishment completion message is sent to the core network.
  2. 根据权利要求1所述的方法,其中,确定所述终端的业务场景包括:The method according to claim 1, wherein determining the service scenario of the terminal comprises:
    从核心网获取所述终端的PLMN、切片和/或业务优先级;Obtaining the PLMN, slice and/or service priority of the terminal from the core network;
    根据所述终端的PLMN、切片和/或业务优先级确定所述终端的业务场景。Determine the service scenario of the terminal according to the PLMN, slice and/or service priority of the terminal.
  3. 根据权利要求2所述的方法,其中,根据所述业务场景为所述终端配置数据承载的空口安全算法包括:The method according to claim 2, wherein configuring an air interface security algorithm for data bearer for the terminal according to the service scenario comprises:
    根据所述终端的PLMN、切片和/或业务优先级为所述终端配置所述空口安全算法;Configuring the air interface security algorithm for the terminal according to the PLMN, slice and/or service priority of the terminal;
    通过空口配置消息将所述空口安全算法发送给所述终端;Sending the air interface security algorithm to the terminal via an air interface configuration message;
    接收所述终端回复的承载安全算法配置完成消息。Receive a bearer security algorithm configuration completion message replied by the terminal.
  4. 根据权利要求3所述的方法,其中,根据所述终端的PLMN、切片和/或业务优先级为所述终端配置承载的空口安全算法包括:The method according to claim 3, wherein configuring the air interface security algorithm of the bearer for the terminal according to the PLMN, slice and/or service priority of the terminal comprises:
    根据预先设置的PLMN、切片和/或业务优先级与所述空口安全算法的对应关系确定所述终端的PLMN、切片和/或业务优先级对应的所述空口安全算法。The air interface security algorithm corresponding to the PLMN, slice and/or service priority of the terminal is determined according to the correspondence between the pre-set PLMN, slice and/or service priority and the air interface security algorithm.
  5. 根据权利要求1所述的方法,其中,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    为所述终端配置默认的空口安全算法;Configuring a default air interface security algorithm for the terminal;
    通过安全模式命令消息将所述默认的空口安全算法发送给所述终端,所述默认的空口安全算法用于信令的安全防护,其中,所述默认的空口安全算法包括机密性算法与完整性算法;Sending the default air interface security algorithm to the terminal through a security mode command message, wherein the default air interface security algorithm is used for security protection of signaling, wherein the default air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
    接收所述终端回复的默认安全算法配置完成消息。Receive a default security algorithm configuration completion message replied by the terminal.
  6. 根据权利要求1所述的方法,其中,在接收核心网发送的与终端建立承载的承载建立请求之前,所述方法还包括:The method according to claim 1, wherein before receiving a bearer establishment request sent by a core network to establish a bearer with a terminal, the method further comprises:
    接收网管在基于业务场景配置所述空口安全算法之后通过安全传输通道同步的所述空口安全算法。The air interface security algorithm is received after the network manager configures the air interface security algorithm based on the service scenario and synchronizes the air interface security algorithm through the secure transmission channel.
  7. 一种承载建立处理装置,所述装置包括:A bearer establishment processing device, the device comprising:
    第一接收模块,设置为接收核心网发送的与终端建立承载的承载建立请求;A first receiving module, configured to receive a bearer establishment request sent by a core network to establish a bearer with a terminal;
    确定模块,设置为确定所述终端的业务场景;A determination module, configured to determine a service scenario of the terminal;
    第一配置模块,设置为根据所述业务场景为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;A first configuration module is configured to configure an air interface security algorithm for data bearer for the terminal according to the service scenario, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm;
    第一发送模块,设置为在配置成功之后,向所述核心网发送承载建立完成消息。The first sending module is configured to send a bearer establishment completion message to the core network after the configuration is successful.
  8. 一种基站,所述基站包括:权利要求7所述的承载建立处理装置。A base station, comprising: the bearer establishment processing device as described in claim 7.
  9. 一种承载建立处理系统,所述系统包括:基站与核心网,其中,A bearer establishment processing system, the system comprising: a base station and a core network, wherein:
    所述核心网,用于向所述基站发送与终端建立承载的承载建立请求The core network is used to send a bearer establishment request to the base station to establish a bearer with the terminal
    所述基站,用于接收所述承载建立请求,确定所述终端的业务场景,根据所述业务场景 为所述终端配置数据承载的空口安全算法,其中,所述空口安全算法包括机密性算法与完整性算法;在配置成功之后,向所述核心网发送承载建立完成消息。The base station is configured to receive the bearer establishment request, determine the service scenario of the terminal, and An air interface security algorithm for data bearer is configured for the terminal, wherein the air interface security algorithm includes a confidentiality algorithm and an integrity algorithm; after successful configuration, a bearer establishment completion message is sent to the core network.
  10. 一种计算机可读的存储介质,所述存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行所述权利要求1至6任一项中所述的方法。A computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the method described in any one of claims 1 to 6 when run.
  11. 一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行所述权利要求1至6任一项中所述的方法。 An electronic device comprises a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the method described in any one of claims 1 to 6.
PCT/CN2023/091866 2022-09-30 2023-04-28 Bearer establishment processing method, apparatus and system, and base station WO2024066347A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211215683.3A CN117858075A (en) 2022-09-30 2022-09-30 Bearer establishment processing method, device, system and base station
CN202211215683.3 2022-09-30

Publications (1)

Publication Number Publication Date
WO2024066347A1 true WO2024066347A1 (en) 2024-04-04

Family

ID=90475846

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/091866 WO2024066347A1 (en) 2022-09-30 2023-04-28 Bearer establishment processing method, apparatus and system, and base station

Country Status (2)

Country Link
CN (1) CN117858075A (en)
WO (1) WO2024066347A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094127A (en) * 2016-02-18 2017-08-25 电信科学技术研究院 Processing method and processing device, acquisition methods and the device of security information
US20190141081A1 (en) * 2016-04-29 2019-05-09 Nec Corporation Method of enabling slice security separation
CN110392370A (en) * 2018-04-19 2019-10-29 上海华为技术有限公司 A kind of machinery of consultation of security algorithm and device
CN114158041A (en) * 2021-11-29 2022-03-08 北京航空航天大学 Method for realizing multilevel security of confidentiality and integrity of 5G network data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094127A (en) * 2016-02-18 2017-08-25 电信科学技术研究院 Processing method and processing device, acquisition methods and the device of security information
US20190141081A1 (en) * 2016-04-29 2019-05-09 Nec Corporation Method of enabling slice security separation
CN110392370A (en) * 2018-04-19 2019-10-29 上海华为技术有限公司 A kind of machinery of consultation of security algorithm and device
CN114158041A (en) * 2021-11-29 2022-03-08 北京航空航天大学 Method for realizing multilevel security of confidentiality and integrity of 5G network data

Also Published As

Publication number Publication date
CN117858075A (en) 2024-04-09

Similar Documents

Publication Publication Date Title
US11917498B2 (en) Communication method and communications apparatus
US11765578B2 (en) Security negotiation method and apparatus
CN113596191B (en) Data processing method, network element equipment and readable storage medium
US20080133775A1 (en) Method, Apparatus and Computer Program Product for Providing Intelligent Synchronization
WO2021232910A1 (en) Network access method and communication apparatus
EP4192184A1 (en) Pdu session establishment method, terminal device, and chip system
WO2018127046A1 (en) Service request processing method and apparatus
JP7389225B2 (en) Method and apparatus for determining security protection mode
EP3648512A1 (en) Method for processing session in wireless communication, and terminal device
CN111132305A (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
US20230217363A1 (en) Method for switching a Network slice, terminal, storage medium and electronic device
US10554693B2 (en) Security configuration method for radio bearer and device
WO2024066347A1 (en) Bearer establishment processing method, apparatus and system, and base station
WO2022222081A1 (en) Communication method and apparatus, and device and storage medium
US10841792B2 (en) Network connection method, method for determining security node, and apparatus
CN111147269B (en) Access point configuration method, networking system, access point and storage medium
EP4054220A1 (en) Mobile service access method, device, and system, storage medium, and electronic device
CN114222290A (en) Communication method, device, equipment and storage medium
WO2024001889A1 (en) V2x policy requesting method and device
US11706614B2 (en) Direct SMF control plane with gNB
KR20060096498A (en) Method and system for providing service to wireless devices operating in a power saving mode
WO2016131327A1 (en) Multi-system aggregation method and corresponding functional assembly
WO2022041923A1 (en) Network slice connection method, terminal, and computer-readable storage medium
EP3729724B1 (en) Method for performing continuous deployment and feedback from a radio network node
CN108307501B (en) Method and equipment for determining radio link bearing