CN111512659B - DRB integrity protection configuration method and device and computer storage medium - Google Patents

DRB integrity protection configuration method and device and computer storage medium Download PDF

Info

Publication number
CN111512659B
CN111512659B CN201880082325.5A CN201880082325A CN111512659B CN 111512659 B CN111512659 B CN 111512659B CN 201880082325 A CN201880082325 A CN 201880082325A CN 111512659 B CN111512659 B CN 111512659B
Authority
CN
China
Prior art keywords
drb
pdu session
function
information
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201880082325.5A
Other languages
Chinese (zh)
Other versions
CN111512659A (en
Inventor
杨宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN111512659A publication Critical patent/CN111512659A/en
Application granted granted Critical
Publication of CN111512659B publication Critical patent/CN111512659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a configuration method and a device for DRB integrity protection and a computer storage medium, wherein the method comprises the following steps: a base station acquires the safety strategy information and priority information of a PDU session configured by a first core network element, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the PDU session; the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP; and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.

Description

DRB integrity protection configuration method and device and computer storage medium
Technical Field
The present invention relates to the field of wireless communications technologies, and in particular, to a method and an apparatus for configuring Data Resource Bearer (DRB) Integrity Protection (IP), and a computer storage medium.
Background
In order to meet the requirements of people on the speed, delay, high-speed mobility, energy efficiency of services, and the diversity and complexity of services in future life, the international standard organization of the third Generation Partnership Project (3 GPP) starts to develop a fifth Generation (5G, 5th Generation) mobile communication technology.
The main application scenarios of the 5G mobile communication technology are as follows: enhanced Mobile Broadband (eMBB), Low-Latency high-reliability Communication (URLLC), and massive Machine Type Communication (mMTC).
The 5G mobile communication technology is also called New Radio (NR), and when NR is deployed in the early stage, complete NR coverage is difficult to achieve, so typical network coverage is a combination of Long Term Evolution (LTE) coverage and NR coverage. Furthermore, to protect the early LTE investment of mobile operators, a tightly coupled (light interworking) mode of operation between LTE and NR is proposed. In addition, NR cells may also be deployed independently.
In LTE, there is no requirement for integrity protection of DRB, but there is an additional requirement for integrity protection of DRB in NR, for which each Packet Data Convergence Protocol (PDCP) Service Data Unit (SDU) needs to additionally carry an integrity protection check code (MAC-I) for integrity protection check.
As shown in fig. 1, when a Protocol Data Unit (PDU) Session is established, a Session Management Function (SMF) configures security policy information of the PDU Session, where the security policy information indicates that a DRB Integrity Protection (DRB IP) requirement of the current PDU Session is { required, preferred, not needed }. The SMF decides a security policy at the time of final PDU session establishment based on subscription Data from a Unified Data Management (UDM) or a locally configured security policy. A next generation base station (gNB) determines whether to configure each DRB to use the DRB IP Function according to security policy information from a Core Access and Mobility Management (AMF). Here, the security policy indication of PDU session as required (preferred) means that the gNB has to configure the DRB IP function, and the suggestion (preferred) means that the SMF tends to configure the DRB IP function but depending on the gNB, not required (not required) means that the DRB IP function does not need to be configured. Meanwhile, in order to ensure the performance of the UE, a UE capability is defined, which specifies an aggregation rate threshold (i.e. the threshold cannot be exceeded) of DRBs that allow all DRB IP functions configured to the UE. The gNB needs to decide how to select a DRB for configuration of the DRB IP function.
Disclosure of Invention
In order to solve the foregoing technical problem, embodiments of the present invention provide a configuration method and apparatus for DRB integrity protection, and a computer storage medium.
The configuration method for DRB integrity protection provided by the embodiment of the invention comprises the following steps:
a base station acquires the safety strategy information and priority information of a PDU session configured by a first core network element, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the PDU session;
the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP;
and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
the base station determines a first aggregation data rate Of a Quality Of Service (QOS) flow corresponding to the PDU session with an indication parameter Of the DRB IP as a first parameter according to the safety strategy information Of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
In an embodiment, the method further comprises:
for a first PDU session determined that the DRB IP function cannot be configured, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the DRB IP function cannot be configured for the first PDU session.
In an embodiment, the method further comprises:
for a first PDU session determined that a DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session;
and for the second PDU session which is determined to be capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured;
for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
In one embodiment, the configuring the DRB IP function means: and enabling the DRB IP function for the DRB corresponding to the PDU session.
The configuration method for DRB integrity protection provided by the embodiment of the invention comprises the following steps:
a base station acquires the safety strategy information of PDU session configured by a first core network element and the priority information of each QOS flow in the PDU session, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the QOS flow;
the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP;
and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information of each PDU session corresponding to the terminal and the priority information of each QOS flow in each PDU session.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session includes:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal.
In an embodiment, the method further comprises:
for a first PDU session and/or a first QOS flow determined to be incapable of configuring the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the first PDU session and/or the first QOS flow is incapable of configuring the DRB IP function.
In an embodiment, the method further comprises:
for a first PDU session and/or a first QOS flow which is determined that the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow;
and for determining a second PDU session and/or a second QOS flow capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session and/or the second QOS flow.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session includes:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured;
for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure a DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information, and a local policy.
In one embodiment, the configuring the DRB IP function means: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
In one embodiment, the PDU session also corresponds to priority information, and for two PDU sessions with different priorities, the priority of all QOS flows of the PDU session with higher priority is higher than the priority of all QOS flows of the PDU session with lower priority.
The configuration device for DRB integrity protection provided by the embodiment of the invention comprises:
a first obtaining unit, configured to obtain security policy information and priority information of a PDU session configured by a network element of a first core network, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the PDU session;
a second obtaining unit, configured to obtain first UE capability information of a terminal, where the first UE capability information includes an aggregated data rate capability threshold value, which is required by the terminal and is related to a DRB IP;
and the configuration unit is used for determining whether to configure the DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
In one embodiment, the apparatus further comprises:
a feedback unit, configured to send, to a first PDU session for which it is determined that the DRB IP function cannot be configured, first feedback information to the first core network element, where the first feedback information is used to notify, to the first core network element, that the DRB IP function cannot be configured in the first PDU session.
In an embodiment, the configuring unit is configured to, for a first PDU session determined that a DRB IP function cannot be configured, not configure the DRB IP function for the first PDU session; and for the second PDU session which is determined to be capable of configuring the DRB IP function, configuring the DRB IP function for the second PDU session.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of the DRB IP is a second parameter, where the second parameter is used to indicate that it is recommended to configure the DRB IP function; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
In one embodiment, the configuring the DRB IP function means: and enabling the DRB IP function for the DRB corresponding to the PDU session.
The configuration device for DRB integrity protection provided by the embodiment of the invention comprises:
a first obtaining unit, configured to obtain security policy information of a PDU session configured by a first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow;
a second obtaining unit, configured to obtain first UE capability information of a terminal, where the first UE capability information includes an aggregated data rate capability threshold value, which is required by the terminal and is related to a DRB IP;
and a configuration unit, configured to determine whether to configure a DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, determining whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal.
In one embodiment, the apparatus further comprises:
a feedback unit, configured to send, to the first core network element, first feedback information for determining that the first PDU session and/or the first QOS flow that cannot configure the DRB IP function cannot be configured, where the first feedback information is used to notify, to the first core network element, that the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
In an embodiment, the configuration unit is configured to, for a first PDU session and/or a first QOS flow determined to be incapable of configuring the DRB IP function, not configure the DRB IP function for the first PDU session and/or the first QOS flow; and for the second PDU session and/or the second QOS flow which can determine to configure the DRB IP function, configuring the DRB IP function for the second PDU session and/or the second QOS flow.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of the DRB IP is a second parameter, where the second parameter is used to indicate that it is recommended to configure the DRB IP function; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure a DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information, and a local policy.
In one embodiment, the configuring the DRB IP function means: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
In one embodiment, the PDU session also corresponds to priority information, and for two PDU sessions with different priorities, the priority of all QOS flows of the PDU session with higher priority is higher than the priority of all QOS flows of the PDU session with lower priority.
The computer storage medium provided by the embodiment of the invention stores computer executable instructions, and the computer executable instructions are executed by a processor to realize the DRB integrity protection configuration method.
In the technical scheme of the embodiment of the invention, 1) a base station acquires safety strategy information and priority information of a PDU session configured by a network element of a first core network, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the PDU session; the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP; and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal. 2) A base station acquires the safety strategy information of PDU session configured by a first core network element and the priority information of each QOS flow in the PDU session, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the QOS flow; the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP; and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information of each PDU session corresponding to the terminal and the priority information of each QOS flow in each PDU session. By adopting the technical scheme of the embodiment of the invention, the first core network element (such as SMF) configures the DRB IP priority of PDU session granularity or the DRB IP priority of QOS flow granularity, so that a base station (such as gNB) can decide how to configure the DRB IP function for PDU session and/or QOS flow (corresponding DRB) based on the configuration of the first core network element, and the base station can more reasonably decide and select the DRB to configure the DRB IP function.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flow chart of conventional DRB integrity protection;
fig. 2 is a first flowchart illustrating a configuration method for DRB integrity protection according to an embodiment of the present invention;
fig. 3 is a flowchart of DRB integrity protection according to an exemplary first application of the present invention;
FIG. 4 is a diagram of protocol stacks applying example one;
fig. 5 is a second flowchart illustrating a configuration method for DRB integrity protection according to an embodiment of the present invention;
fig. 6 is a flowchart of DRB integrity protection of application example two according to the embodiment of the present invention;
fig. 7 is a schematic diagram of protocol stacks of application example two;
fig. 8 is a schematic structural component diagram of a configuration device for DRB integrity protection according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
So that the manner in which the features and aspects of the embodiments of the present invention can be understood in detail, a more particular description of the embodiments of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings.
The technical solution of the embodiment of the present invention is mainly applied to a 5G mobile communication system, and certainly, the technical solution of the embodiment of the present invention is not limited to the 5G mobile communication system, and can also be applied to other types of mobile communication systems. The following describes the main application scenarios in the 5G mobile communication system:
1) eMB scene: the eMBB targets users to obtain multimedia content, services and data, and its traffic demand is growing very rapidly. Because the eMBB may be deployed in different scenarios, such as indoor, urban, rural, etc., and the difference between the service capability and the requirement is relatively large, the service must be analyzed in combination with the specific deployment scenario.
2) URLLC scene: typical applications of URLLC include: industrial automation, electric power automation, remote medical operation, traffic safety guarantee, and the like.
3) mMTC scenario: typical features of URLLC include: high connection density, small data volume, time delay insensitive service, low cost of the module, long service life and the like.
In 5G, since the size of the MAC-I can be 32 bits or 64 bits, the network side and the terminal side need to negotiate the size of the MAC-I.
Fig. 2 is a first flowchart illustrating a configuration method for DRB integrity protection according to an embodiment of the present invention, where as shown in fig. 2, the configuration method for DRB integrity protection includes the following steps:
step 201: the base station acquires the safety strategy information and the priority information of the PDU session configured by a first core network element, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the PDU session.
The technical solution of the embodiment of the present invention can be applied to, but is not limited to, a 5G system, and taking the application of the technical solution of the embodiment of the present invention to the 5G system as an example, the base station refers to a gNB, the first core network element refers to an SMF, and in addition, the second core network element referred to below refers to an AMF.
In the embodiment of the present invention, when a PDU session is established, a first core network element (e.g., SMF) configures security policy information and priority information corresponding to the PDU session, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the PDU session.
Here, the indication parameters of the DRB IP corresponding to the PDU session are divided into the following three types:
first parameter (required): the first parameter is used for indicating that the DRB IP function needs to be configured.
Second parameter (predicted): the second parameter is used for indicating that DRB IP functions are recommended to be configured.
Third parameter (not needed): the third parameter is used for indicating that the DRB IP function does not need to be configured.
It should be understood that the indicated parameters of DRB IP in the security policy information are for PDU sessions, e.g., PDU session 1 corresponds to the first parameter, PDU session 2 corresponds to the second parameter, PDU session 3 corresponds to the first parameter, etc. Further, the priority of the DRB IP in the priority information is session specific, e.g., PDU session 1 corresponds to a first priority, PDU session 2 corresponds to a second priority, PDU session 3 corresponds to a third priority, and so on.
Step 202: the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP.
In the embodiment of the present invention, the aggregated data rate of the DRBs that allow all DRB IP functions configured for the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
Step 203: and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.
In the embodiment of the invention, determining whether to configure the DRB IP function needs to combine the safety strategy information of each PDU session is roughly divided into the following scenes:
scene one: and the base station determines a first aggregation data rate of the QoS flow corresponding to the PDU session with the indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured. 1) And if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal. 2) And if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
For the above 1), for a first PDU session determined that the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session; and for the second PDU session which is determined to be capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session. Further, for a first PDU session determined that the DRB IP function cannot be configured, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the DRB IP function cannot be configured in the first PDU session.
Scene two: the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
Scene three: the base station determines a PDU session with an indication parameter of a DRB IP as a third parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the third parameter is used for indicating that a DRB IP function does not need to be configured; and for a fourth PDU session of which the indication parameter of the DRB IP is a third parameter, the base station does not configure the DRB IP function for the fourth PDU session.
It should be understood that configuring the DRB IP function involved in the above embodiments of the present invention refers to: and enabling the DRB IP function for the DRB corresponding to the PDU session.
In addition, for the above situation that whether the DRB IP function needs to be configured is determined by combining the priority of the PDU session, the DRB IP function is preferentially configured for the PDU session with higher priority on the condition that the aggregated data rate capability threshold value defined by the first UE capability information is satisfied.
The above technical solutions of the embodiments of the present invention are described in detail below with reference to specific application examples.
Referring to fig. 3 and 4, fig. 3 is a flowchart of DRB integrity protection of application example one according to the embodiment of the present invention, and fig. 4 is a schematic diagram of each protocol stack of application example one, as shown in fig. 3 and 4:
1) when the SMF configures PDU session information to the gNB, priority information of the PDU session is configured at the same time, and the priority information indicates that the PDU session is configured with the priority of the DRB IP.
2) The gNB acquires an aggregate data rate capability threshold value of the UE about the DRB IP, and the information can come from the report of the UE or from the AMF.
3) And the gNB judges whether to configure the DRB IP function according to the limitation of the aggregated data rate capability threshold value of the DRB IP and the priority information of the PDU session of each DRB IP. In particular, the amount of the solvent to be used,
and if the aggregate data rate of the QOS flow corresponding to the PDU session with the indicating parameter indicating the security policy being 'required' is greater than the aggregate data rate capability threshold value required by the UE, the gNB judges whether to configure the DRB IP function according to the DRB IP priority of the PDU session. For the PDU session that determines that the DRB IP function cannot be configured, the gNB may directly reject the SMF or the gNB may decide to configure the corresponding DRB without the DRB IP function.
And if the aggregate data rate of the QOS flow corresponding to the PDU session with the security policy indicating parameter of 'required' is less than or equal to the aggregate data rate capability threshold value required by the UE, the gNB configures DRB enabling DRB IP functions corresponding to the PDU session with the security policy indicating parameter of 'required'.
For the PDU session with the security policy indicating parameter 'preferred', the gNB determines whether to configure the DRB corresponding to the PDU session as an enabled DRB IP according to the threshold value of the aggregated data rate capability, the DRB IP priority of the PDU session and the local policy.
Here, the DRB IP function is preferentially configured for the PDU session with higher priority on the condition that the aggregated data rate capability threshold value defined by the first UE capability information is satisfied.
Fig. 5 is a second flowchart illustrating a configuration method for DRB integrity protection according to an embodiment of the present invention, where as shown in fig. 5, the configuration method for DRB integrity protection includes the following steps:
step 501: the base station acquires the safety strategy information of the PDU session configured by a first core network element and the priority information of each QOS flow in the PDU session, wherein the safety strategy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the QOS flow.
The technical solution of the embodiment of the present invention can be applied to, but is not limited to, a 5G system, and taking the application of the technical solution of the embodiment of the present invention to the 5G system as an example, the base station refers to a gNB, the first core network element refers to an SMF, and in addition, the second core network element referred to below refers to an AMF.
In the embodiment of the present invention, when a PDU session is established, a first core network element (e.g., SMF) configures security policy information corresponding to the PDU session and priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow.
Here, the indication parameters of the DRB IP corresponding to the PDU session are divided into the following three types:
first parameter (required): the first parameter is used for indicating that the DRB IP function needs to be configured.
Second parameter (predicted): the second parameter is used for indicating that DRB IP functions are recommended to be configured.
Third parameter (not needed): the third parameter is used for indicating that the DRB IP function does not need to be configured.
It should be understood that the indicated parameters of DRB IP in the security policy information are for PDU sessions, e.g., PDU session 1 corresponds to the first parameter, PDU session 2 corresponds to the second parameter, PDU session 3 corresponds to the first parameter, etc. Further, the priority of the DRB IP in the priority information is for QOS flows, e.g., QOS flow 1 for a first priority, QOS flow 2 for a second priority, QOS flow 3 for a third priority, and so on.
Further, the PDU session also corresponds to priority information, and for two PDU sessions with different priorities, the priority of all QOS flows of the PDU session with higher priority is higher than that of all QOS flows of the PDU session with lower priority.
Step 502: the base station acquires first UE capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP.
In the embodiment of the present invention, the aggregated data rate of the DRBs that allow all DRB IP functions configured for the terminal needs to be less than or equal to the aggregated data rate capability threshold in the first UE capability information.
Step 503: and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information of each PDU session corresponding to the terminal and the priority information of each QOS flow in each PDU session.
In the embodiment of the invention, determining whether to configure the DRB IP function needs to combine the safety strategy information of each PDU session is roughly divided into the following scenes:
scene one: and the base station determines a first aggregation data rate of the QoS flow corresponding to the PDU session with the indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured. 1) And if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal. 2) And if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
For the above 1), for the first PDU session and/or the first QOS flow determined that the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow; and for determining a second PDU session and/or a second QOS flow capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session and/or the second QOS flow. Further, for the first PDU session and/or the first QOS flow determined to be incapable of configuring the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the first PDU session and/or the first QOS flow is incapable of configuring the DRB IP function.
Scene two: the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure a DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information, and a local policy.
Scene three: the base station determines a PDU session with an indication parameter of a DRB IP as a third parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the third parameter is used for indicating that a DRB IP function does not need to be configured; and for a fourth PDU session of which the indication parameter of the DRB IP is a third parameter, the base station does not configure the DRB IP function for the fourth PDU session.
It should be understood that configuring the DRB IP function involved in the above embodiments of the present invention refers to: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
In addition, for the above situation that whether the DRB IP function needs to be configured is determined by combining the priority of the QOS flow, the DRB IP function is preferentially configured for the QOS flow with higher priority on the condition that the aggregated data rate capability threshold value defined by the first UE capability information is satisfied.
The above technical solutions of the embodiments of the present invention are described in detail below with reference to specific application examples.
Referring to fig. 6 and 7, fig. 6 is a flowchart of DRB integrity protection of the second application example in the embodiment of the present invention, and fig. 7 is a schematic diagram of each protocol stack of the second application example, as shown in fig. 6 and 7:
1) when the SMF configures PDU session information to the gNB, the SMF configures the priority information of each QoS flow in the PDU session at the same time, and the priority information indicates that the QoS flow is configured with the priority of DRB IP.
2) The gNB acquires an aggregate data rate capability threshold value of the UE about the DRB IP, and the information can come from the report of the UE or from the AMF.
3) And the gNB judges whether to configure the DRB IP function or not according to the limitation of the aggregated data rate capability threshold value of the DRB IP and the priority information of each Qos flow of each PDU session. In particular, the amount of the solvent to be used,
and if the aggregate data rate of the QOS flow corresponding to the PDU session with the indicating parameter of the security policy being 'required' is greater than the aggregate data rate capability threshold value required by the UE, the gNB judges whether to configure the DRB IP function according to the DRB IP priority of each QOS flow of the PDU session. For PDU session and/or Qos flow that determines that the DRB IP function cannot be configured, the gNB may directly reject the SMF or decide to configure the corresponding DRB without the DRB IP function.
And if the aggregate data rate of the QOS flow corresponding to the PDU session with the security policy indicating parameter of 'required' is less than or equal to the aggregate data rate capability threshold value required by the UE, the gNB configures DRB enabling DRB IP functions corresponding to the PDU session with the security policy indicating parameter of 'required'.
For PDU session with the indication parameter of security policy 'preferred', the gNB determines whether to configure the DRB corresponding to the QoS flow of the PDU session as an enabled DRB IP according to the DRB IP priority of each QoS flow in the PDU session and the local policy.
Fig. 8 is a schematic structural diagram of a configuration device for DRB integrity protection according to an embodiment of the present invention.
In one example, the apparatus comprises:
a first obtaining unit 801, configured to obtain security policy information and priority information of a PDU session configured by a first core network element, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the PDU session;
a second obtaining unit 802, configured to obtain first UE capability information of a terminal, where the first UE capability information includes an aggregate data rate capability threshold value that is required by the terminal and is related to a DRB IP;
a configuring unit 803, configured to determine whether to configure a DRB IP function according to the first UE capability information, and the security policy information and the priority information of each PDU session corresponding to the terminal.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
In one embodiment, the apparatus further comprises:
a feedback unit 804, configured to send, to a first PDU session for which it is determined that the DRB IP function cannot be configured, first feedback information to the first core network element, where the first feedback information is used to notify, to the first core network element, that the DRB IP function cannot be configured in the first PDU session.
In an embodiment, the configuring unit 803 is configured to, for a first PDU session determined that the DRB IP function cannot be configured, not configure the DRB IP function for the first PDU session; and for the second PDU session which is determined to be capable of configuring the DRB IP function, configuring the DRB IP function for the second PDU session.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of the DRB IP is a second parameter, where the second parameter is used to indicate that it is recommended to configure the DRB IP function; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
In one embodiment, the configuring the DRB IP function means: and enabling the DRB IP function for the DRB corresponding to the PDU session.
In another example, the apparatus comprises:
a first obtaining unit 801, configured to obtain security policy information of a PDU session configured by a first core network element and priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow;
a second obtaining unit 802, configured to obtain first UE capability information of a terminal, where the first UE capability information includes an aggregate data rate capability threshold value that is required by the terminal and is related to a DRB IP;
a configuring unit 803, configured to determine whether to configure a DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, determining whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal.
In one embodiment, the apparatus further comprises:
a feedback unit 804, configured to send, to the first PDU session and/or the first QOS flow for which it is determined that the DRB IP function cannot be configured, first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
In an embodiment, the configuring unit 803 is configured to, for a first PDU session and/or a first QOS flow determined that the DRB IP function cannot be configured, configure no DRB IP function for the first PDU session and/or the first QOS flow; and for the second PDU session and/or the second QOS flow which can determine to configure the DRB IP function, configuring the DRB IP function for the second PDU session and/or the second QOS flow.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
In an embodiment, the configuring unit 803 is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of the DRB IP is a second parameter, where the second parameter is used to indicate that it is recommended to configure the DRB IP function; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure a DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information, and a local policy.
In one embodiment, the configuring the DRB IP function means: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
In one embodiment, the PDU session also corresponds to priority information, and for two PDU sessions with different priorities, the priority of all QOS flows of the PDU session with higher priority is higher than the priority of all QOS flows of the PDU session with lower priority.
It should be understood by those skilled in the art that the implementation functions of each unit in the DRB integrity-protected configuration apparatus shown in fig. 8 can be understood by referring to the related description of the DRB integrity-protected configuration method. The functions of the units in the DRB integrity protected configuration apparatus shown in fig. 8 can be implemented by a program running on a processor, and can also be implemented by a specific logic circuit.
The configuration apparatus for DRB integrity protection according to the embodiment of the present invention may also be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as an independent product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
Accordingly, the embodiment of the present invention further provides a computer storage medium, in which computer executable instructions are stored, and when the computer executable instructions are executed by a processor, the configuration method for DRB integrity protection described above in the embodiment of the present invention is implemented.
Fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present invention, where the computer device may be a terminal or a network device. As shown in fig. 9, the computer device 100 may include one or more processors 1002 (only one of which is shown in the figure), the processors 1002 may include, but are not limited to, a processing device such as a Microprocessor (MCU) or a Programmable logic device (FPGA), a memory 1004 for storing data, and a transmission device 1006 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 9 is only an illustration and is not intended to limit the structure of the electronic device. For example, computer device 100 may also include more or fewer components than shown in FIG. 9, or have a different configuration than shown in FIG. 9.
The memory 1004 can be used for storing software programs and modules of application software, such as program instructions/modules corresponding to the method in the embodiment of the present invention, and the processor 1002 executes various functional applications and data processing by running the software programs and modules stored in the memory 1004, so as to implement the method described above. The memory 1004 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1004 may further include memory located remotely from the processor 1002, which may be connected to the computer device 100 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 1006 is used for receiving or sending data via a network. Specific examples of such networks may include wireless networks provided by the communications provider of the computer device 100. In one example, the transmission device 1006 includes a Network adapter (NIC) that can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 1006 can be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The technical schemes described in the embodiments of the present invention can be combined arbitrarily without conflict.
In the embodiments provided in the present invention, it should be understood that the disclosed method and intelligent device may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one second processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.

Claims (32)

1. A configuration method for data bearer DRB integrity protection IP, the method comprising:
a base station acquires security policy information and priority information of a Protocol Data Unit (PDU) session configured by a network element of a first core network, wherein the security policy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the PDU session;
the base station acquires first User Equipment (UE) capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP;
and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.
2. The method of claim 1, wherein the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal comprises:
the base station determines a first aggregation data rate of a quality of service (QOS) flow corresponding to the PDU session with an indication parameter of a DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that a DRB IP function needs to be configured;
and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
3. The method of claim 2, wherein the method further comprises:
for a first PDU session determined that the DRB IP function cannot be configured, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the DRB IP function cannot be configured for the first PDU session.
4. The method of claim 2 or 3, wherein the method further comprises:
for a first PDU session determined that a DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session;
and for the second PDU session which is determined to be capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session.
5. The method of claim 1, wherein the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information, the security policy information and the priority information of each PDU session corresponding to the terminal comprises:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
6. The method according to any one of claims 1 to 3 and 5, wherein the determining, by the base station, whether to configure a DRB IP function according to the first UE capability information and the security policy information and the priority information of each PDU session corresponding to the terminal includes:
the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured;
for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
7. The method according to any of claims 1-3 and 5, wherein said configuring the DRB IP functionality refers to: and enabling the DRB IP function for the DRB corresponding to the PDU session.
8. A configuration method for data bearer DRB integrity protection IP, the method comprising:
a base station acquires security policy information of a Protocol Data Unit (PDU) session configured by a first core network element and priority information of each quality of service (QOS) flow in the PDU session, wherein the security policy information comprises an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used for indicating the priority of the DRB IP corresponding to the QOS flow;
the base station acquires first User Equipment (UE) capability information of a terminal, wherein the first UE capability information comprises an aggregated data rate capability threshold value which is required by the terminal and is related to a DRB IP;
and the base station determines whether to configure a DRB IP function according to the first UE capability information, the safety strategy information of each PDU session corresponding to the terminal and the priority information of each QOS flow in each PDU session.
9. The method of claim 8, wherein the determining, by the base station, whether to configure the DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session comprises:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal.
10. The method of claim 9, wherein the method further comprises:
for a first PDU session and/or a first QOS flow determined to be incapable of configuring the DRB IP function, the base station sends first feedback information to the first core network element, where the first feedback information is used to notify the first core network element that the first PDU session and/or the first QOS flow is incapable of configuring the DRB IP function.
11. The method according to claim 9 or 10, wherein the method further comprises:
for a first PDU session and/or a first QOS flow which is determined that the DRB IP function cannot be configured, the base station does not configure the DRB IP function for the first PDU session and/or the first QOS flow;
and for determining a second PDU session and/or a second QOS flow capable of configuring the DRB IP function, the base station configures the DRB IP function for the second PDU session and/or the second QOS flow.
12. The method of any one of claims 8 to 10, wherein the determining, by the base station, whether to configure the DRB IP function according to the first UE capability information, the security policy information of the respective PDU sessions corresponding to the terminal, and the priority information of each QOS flow in the respective PDU sessions comprises:
the base station determines a first aggregation data rate of a QOS flow corresponding to the PDU session with an indication parameter of the DRB IP as a first parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the first parameter is used for indicating that the DRB IP function needs to be configured;
and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, the base station configures DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
13. The method according to any one of claims 8 to 10, wherein the determining, by the base station, whether to configure the DRB IP function according to the first UE capability information, and the security policy information of each PDU session corresponding to the terminal and the priority information of each QOS flow in each PDU session comprises:
the base station determines a third PDU session with an indication parameter of the DRB IP as a second parameter according to the safety strategy information of each PDU session corresponding to the terminal, wherein the second parameter is used for indicating that the DRB IP function is recommended to be configured;
for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure a DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information, and a local policy.
14. The method according to any of claims 8 to 10, wherein said configuring DRB IP functionality refers to: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
15. The method of any of claims 8 to 10, wherein the PDU session also corresponds with priority information, with all QOS flows of a PDU session with higher priority having priority higher than all QOS flows of a PDU session with lower priority for two PDU sessions with different priorities.
16. A configuration apparatus for data bearer DRB integrity protection IP, the apparatus comprising:
a first obtaining unit, configured to obtain security policy information and priority information of a protocol data unit, PDU, session configured by a network element of a first core network, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the PDU session;
a second obtaining unit, configured to obtain first user equipment UE capability information of a terminal, where the first UE capability information includes an aggregated data rate capability threshold value, which is required by the terminal and is related to a DRB IP;
and the configuration unit is used for determining whether to configure the DRB IP function according to the first UE capability information, the safety strategy information and the priority information of each PDU session corresponding to the terminal.
17. The apparatus of claim 16, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a quality of service QOS flow corresponding to the PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, the base station determines whether to configure a DRB IP function for each PDU session according to the priority information of each PDU session corresponding to the terminal.
18. The apparatus of claim 17, wherein the apparatus further comprises:
a feedback unit, configured to send, to a first PDU session for which it is determined that the DRB IP function cannot be configured, first feedback information to the first core network element, where the first feedback information is used to notify, to the first core network element, that the DRB IP function cannot be configured in the first PDU session.
19. The apparatus of claim 17 or 18, wherein the configuring unit is configured to, for a first PDU session for which it is determined that a DRB IP function cannot be configured, not configure a DRB IP function for the first PDU session; and for the second PDU session which is determined to be capable of configuring the DRB IP function, configuring the DRB IP function for the second PDU session.
20. The apparatus according to any one of claims 16 to 18, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to a PDU session whose indicated parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
21. The apparatus according to any one of claims 16 to 18, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of a DRB IP is a second parameter, where the second parameter is used to indicate that a DRB IP function is proposed to be configured; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session according to the priority information of each third PDU session, the first UE capability information and the local policy.
22. The apparatus according to any of claims 16 to 18, wherein the configuring DRB IP functionality refers to: and enabling the DRB IP function for the DRB corresponding to the PDU session.
23. A configuration apparatus for data bearer DRB integrity protection IP, the apparatus comprising:
a first obtaining unit, configured to obtain security policy information of a protocol data unit PDU session configured by a network element of a first core network and priority information of each QOS flow in the PDU session, where the security policy information includes an indication parameter of a DRB IP corresponding to the PDU session, and the priority information is used to indicate a priority of the DRB IP corresponding to the QOS flow;
a second obtaining unit, configured to obtain first user equipment UE capability information of a terminal, where the first UE capability information includes an aggregated data rate capability threshold value, which is required by the terminal and is related to a DRB IP;
and a configuration unit, configured to determine whether to configure a DRB IP function according to the first UE capability information, the security policy information of each PDU session corresponding to the terminal, and the priority information of each QOS flow in each PDU session.
24. The apparatus of claim 23, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to a PDU session whose indication parameter of the DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is greater than the aggregated data rate capability threshold value, determining whether to configure a DRB IP function for each PDU session and/or configure a DRB IP function for each QOS flow in each PDU session according to the priority information of each QOS flow in each PDU session corresponding to the terminal.
25. The apparatus of claim 24, wherein the apparatus further comprises:
a feedback unit, configured to send, to the first core network element, first feedback information for determining that the first PDU session and/or the first QOS flow that cannot configure the DRB IP function cannot be configured, where the first feedback information is used to notify, to the first core network element, that the first PDU session and/or the first QOS flow cannot configure the DRB IP function.
26. The apparatus of claim 24 or 25, wherein the configuring unit is configured to, for a first PDU session and/or a first QOS flow for which it is determined that the DRB IP function cannot be configured, not configure the DRB IP function for the first PDU session and/or the first QOS flow; and for the second PDU session and/or the second QOS flow which can determine to configure the DRB IP function, configuring the DRB IP function for the second PDU session and/or the second QOS flow.
27. The apparatus according to any one of claims 23 to 25, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a first aggregated data rate of a QOS flow corresponding to a PDU session whose indication parameter of a DRB IP is a first parameter, where the first parameter is used to indicate that a DRB IP function needs to be configured; and if the first aggregated data rate is less than or equal to the aggregated data rate capability threshold value, configuring DRB IP functions for all PDU sessions of the first parameter for the indication parameter of the DRB IP.
28. The apparatus according to any one of claims 23 to 25, wherein the configuration unit is configured to determine, according to the security policy information of each PDU session corresponding to the terminal, a third PDU session in which an indication parameter of a DRB IP is a second parameter, where the second parameter is used to indicate that a DRB IP function is proposed to be configured; for each third PDU session with the indication parameter of the DRB IP as the second parameter, the base station determines whether to configure the DRB IP function for each third PDU session and/or each QOS flow in each third PDU session according to the priority information of each QOS flow in each third PDU session, the first UE capability information and the local policy.
29. The apparatus of any of claims 23 to 25, wherein the configuring the DRB IP function refers to: DRB IP functionality is enabled for DRBs corresponding to PDU sessions and/or QOS flows.
30. The apparatus of any of claims 23 to 25, wherein the PDU session also corresponds with priority information, with all QOS flows of a PDU session with higher priority having priority higher than all QOS flows of a PDU session with lower priority for two PDU sessions with different priorities.
31. A configuration device for data bearer DRB integrity protection IP, wherein the device comprises: a processor and a computer storage medium storing computer executable instructions which, when executed by the processor, perform the method of configuring a DRB IP of any of claims 1 to 7, or the method of configuring a DRB IP of any of claims 8 to 15.
32. A computer storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement the method steps of any one of claims 1 to 7, or the method steps of any one of claims 8 to 15.
CN201880082325.5A 2018-05-09 2018-05-09 DRB integrity protection configuration method and device and computer storage medium Active CN111512659B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/086107 WO2019213856A1 (en) 2018-05-09 2018-05-09 Method and apparatus for configuring drb integrity protection, and computer storage medium

Publications (2)

Publication Number Publication Date
CN111512659A CN111512659A (en) 2020-08-07
CN111512659B true CN111512659B (en) 2021-09-21

Family

ID=68467242

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880082325.5A Active CN111512659B (en) 2018-05-09 2018-05-09 DRB integrity protection configuration method and device and computer storage medium

Country Status (2)

Country Link
CN (1) CN111512659B (en)
WO (1) WO2019213856A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660665A (en) * 2020-04-30 2021-11-16 华为技术有限公司 Communication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012055114A1 (en) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Security of user plane traffic between relay node and radio access network
CN103069916A (en) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 Mobile communication method, relay node and wireless base station
CN103314548A (en) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 Enabling and disabling integrity protection for data radio bearers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103069916A (en) * 2010-08-16 2013-04-24 株式会社Ntt都科摩 Mobile communication method, relay node and wireless base station
WO2012055114A1 (en) * 2010-10-29 2012-05-03 Nokia Siemens Networks Oy Security of user plane traffic between relay node and radio access network
CN103314548A (en) * 2010-12-10 2013-09-18 瑞典爱立信有限公司 Enabling and disabling integrity protection for data radio bearers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE Corporation等.R2-1802049 "Frame work for DRB integrity protection".2018, *

Also Published As

Publication number Publication date
WO2019213856A1 (en) 2019-11-14
CN111512659A (en) 2020-08-07

Similar Documents

Publication Publication Date Title
EP3267721B1 (en) Air-interface protocol stack configuration method, and data transmission method and device
CN110913508A (en) 5G base station with UPF and data message processing method thereof
WO2022017113A1 (en) Communication method and apparatus
JP2022515628A (en) Wireless communication method and equipment
EP4171089A1 (en) Communication method and apparatus
US20200337040A1 (en) Data Transmission Method and Device, and Computer Storage Medium
CN111586602B (en) Policy management method and device
CN111512659B (en) DRB integrity protection configuration method and device and computer storage medium
KR20200108863A (en) Data transmission method and apparatus, computer storage medium
US11363561B2 (en) Method and apparatus for reporting information by terminal, and computer storage medium
CN111201806B (en) Method and device for reporting information by terminal and computer storage medium
CN116155875A (en) Data transmission method and communication device
CN115842853A (en) Network data packet transmission method, equipment and storage medium
CN111641994B (en) Access control method and device and computer storage medium
CN109417558B (en) Method, device and system for managing network slices
CN111567015B (en) Data transmission method and device and computer storage medium
CN111492689A (en) Data transmission method and device and computer storage medium
WO2021056386A1 (en) Wireless communication method and terminal device
CN118104200A (en) Auxiliary operation method and device
JP2021514561A (en) Data transmission methods, devices and computer storage media
CN116867000A (en) Data transmission method and communication device
CN117939544A (en) Method, device and system for distributing bearing identifiers
CN111818567A (en) Data processing method and device, related equipment and storage medium
JP2021516466A (en) Data transmission method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant