CN112690010B - Key information processing method, access network node and terminal equipment - Google Patents
Key information processing method, access network node and terminal equipment Download PDFInfo
- Publication number
- CN112690010B CN112690010B CN201980060409.3A CN201980060409A CN112690010B CN 112690010 B CN112690010 B CN 112690010B CN 201980060409 A CN201980060409 A CN 201980060409A CN 112690010 B CN112690010 B CN 112690010B
- Authority
- CN
- China
- Prior art keywords
- access network
- network node
- node
- encryption key
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 41
- 238000003672 processing method Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 claims abstract description 103
- 238000004422 calculation algorithm Methods 0.000 claims description 70
- 238000004891 communication Methods 0.000 claims description 69
- 238000004590 computer program Methods 0.000 claims description 32
- 238000005259 measurement Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 12
- 101100150275 Caenorhabditis elegans srb-3 gene Proteins 0.000 claims description 8
- 230000011664 signaling Effects 0.000 claims description 5
- 239000004973 liquid crystal related substance Substances 0.000 claims 6
- 238000010586 diagram Methods 0.000 description 18
- 238000012545 processing Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000009795 derivation Methods 0.000 description 5
- 238000010295 mobile communication Methods 0.000 description 5
- 230000001413 cellular effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009977 dual effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/08—Load balancing or load distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application discloses a key information processing method, an access network node and a terminal. The method comprises the following steps: the first access network node determining security information associated with the second access network node; the first access network node is a master node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with one first access network node and at least two second access network nodes; the first access network node determines a first encryption key based on the security information and a basic key, and sends the first encryption key to the second access network node; the basic key is a key corresponding to the first access network node.
Description
Technical Field
The present invention relates to the field of wireless communications technologies, and in particular, to a key information processing method, an access network node, and a terminal device.
Background
In the dual connectivity (Dual Connectivity, DC) technology, there is only one Master Node (MN) and one Secondary Node (SN). The benefit of configuring multiple SN scenarios is to increase data rate, improve mobility performance, etc. However, for a scenario of multiple SNs, there is no effective solution at present how to derive and manage keys.
Disclosure of Invention
The embodiment of the application provides a key information processing method, an access network node and terminal equipment.
In a first aspect, a key information processing method provided in an embodiment of the present application includes: the first access network node determining security information associated with the second access network node; the first access network node is a master node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with the first access network node and at least two second access network nodes; the first access network node determines a first encryption key based on the security information and/or a basic key, and sends the first encryption key to the second access network node; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node.
In a second aspect, a key information processing method provided in an embodiment of the present application includes: the second access network node receives a first encryption key sent by the first access network node; the first encryption key is determined based on security information and/or a base key associated with the second access network node; the first encryption key is associated with the second access network node; the first access network node is a master node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with a first access network node and at least two second access network nodes; the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key.
In a third aspect, a key information processing method provided in an embodiment of the present application includes: the terminal equipment obtains first security information distributed by a first access network node, and determines a first encryption key based on the first security information and/or a basic key; the basic key is a key corresponding to the first access network node; the first security information is associated with a second access network node; the first encryption key is associated with the second access network node; the terminal equipment obtains second security information distributed by the second access network node, and determines a second encryption key for encryption and integrity protection based on the first encryption key and the second security information; the second security information is associated with a second access network node; wherein the terminal is configured with a first access network node and at least two second access network nodes.
In a fourth aspect, a first access network node provided in an embodiment of the present application, where the node includes: the device comprises a first determining unit, a second determining unit and a first communication unit; wherein the first determining unit is configured to determine security information related to a second access network node; the second determining unit is configured to determine a first encryption key based on the security information and/or a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node; the first communication unit is configured to send the first encryption key to the second access network node; the first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with the first access network node and at least two of the second access network nodes.
In a fifth aspect, a second access network node provided in an embodiment of the present application, the node includes: a second communication unit and a third determination unit; wherein the second communication unit is configured to receive a first encryption key sent by the first access network node; the first encryption key is determined based on security information and/or a base key associated with the second access network node; the first encryption key is associated with the second access network node; the third determining unit is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key; the first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with a first access network node and at least two second access network nodes.
In a sixth aspect, a terminal device provided in an embodiment of the present application includes: a third communication unit and a fourth determination unit; wherein the third communication unit is configured to obtain first security information allocated by the first access network node; the first security information is associated with a second access network node; further configured to obtain second security information allocated by a second access network node; the second security information is associated with a second access network node; the fourth determining unit is configured to determine a first encryption key based on the first security information and/or a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node; further configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and the second security information; wherein the terminal is configured with a first access network node and at least two second access network nodes.
In a seventh aspect, a terminal device provided in an embodiment of the present application includes a processor and a memory. The memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory to execute the key information processing method of the third aspect of the embodiment of the application.
In an eighth aspect, an access network node provided by an embodiment of the present application includes a processor and a memory. The memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory to execute the key information processing method of the first aspect or the second aspect of the embodiments of the present application.
In a ninth aspect, a chip provided in an embodiment of the present application is configured to implement the above-mentioned key information processing method. Specifically, the chip includes: and a processor for calling and running a computer program from a memory, so that a device mounted with the chip executes the key information processing method of the first aspect, the second aspect or the third aspect of the embodiments of the present application.
In a tenth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program, where the computer program causes a computer to execute the key information processing method of the first aspect, the second aspect, or the third aspect of the embodiments of the present application.
In an eleventh aspect, embodiments of the present application provide a computer program product including computer program instructions that cause a computer to execute the key information processing method of the first aspect, the second aspect, or the third aspect of the embodiments of the present application.
In a twelfth aspect, embodiments of the present application provide a computer program that, when executed on a computer, causes the computer to execute the key information processing method of the first aspect, the second aspect, or the third aspect of the embodiments of the present application.
The key information processing method, the network equipment and the terminal equipment provided by the embodiment of the application determine a first encryption key through a first access network node serving as a main node based on security information related to a second access network node, and send the first encryption key to the second access network node; the second access network node is enabled to determine a second encryption key for encryption and integrity protection based on the first encryption key, enabling derivation of keys in the context of a multiple SN communication system.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
Fig. 1 is a schematic diagram of a communication system architecture provided in an embodiment of the present application;
fig. 2a and fig. 2b are schematic diagrams of a system scenario in which the key information processing method according to the embodiment of the present application is applied;
fig. 3 is a flowchart of a key information processing method according to an embodiment of the present application;
fig. 4 is a second flowchart of a key information processing method according to an embodiment of the present application;
fig. 5 is a flowchart of a key information processing method according to an embodiment of the present application;
fig. 6a to 6c are schematic diagrams of key derivation in the key information processing method according to the embodiment of the present application, respectively;
fig. 7 is a schematic structural diagram of a first access network node according to an embodiment of the present application;
fig. 8 is a schematic diagram of another component structure of a first access network node according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a second access network node according to an embodiment of the present application;
fig. 10 is a schematic diagram of another component structure of a second access network node according to an embodiment of the present application;
fig. 11 is a schematic diagram of a composition structure of a terminal device according to an embodiment of the present application;
fig. 12 is a schematic diagram of another composition structure of a terminal device according to an embodiment of the present application;
fig. 13 is a schematic diagram of a hardware composition structure of a communication device according to an embodiment of the present application;
Fig. 14 is a schematic structural diagram of a chip of an embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The technical solution of the embodiment of the application can be applied to various communication systems, for example: global system for mobile communications (Global System of Mobile communication, GSM), code division multiple access (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) systems, general packet radio service (General Packet Radio Service, GPRS), long term evolution (Long Term Evolution, LTE) systems, LTE frequency division duplex (Frequency Division Duplex, FDD) systems, LTE time division duplex (Time Division Duplex, TDD), universal mobile telecommunications system (Universal Mobile Telecommunication System, UMTS), worldwide interoperability for microwave access (Worldwide Interoperability for Microwave Access, wiMAX) communication systems, or 5G systems, and the like.
Exemplary, a communication system 100 to which embodiments of the present application apply is shown in fig. 1. The communication system 100 may include a network device 110, and the network device 110 may be a device that communicates with a terminal device 120 (or referred to as a communication terminal, terminal). Network device 110 may provide communication coverage for a particular geographic area and may communicate with terminals located within the coverage area. Alternatively, the network device 110 may be a base station (Base Transceiver Station, BTS) in a GSM system or a CDMA system, a base station (NodeB, NB) in a WCDMA system, an evolved base station (Evolutional Node B, eNB or eNodeB) in an LTE system, or a radio controller in a cloud radio access network (Cloud Radio Access Network, CRAN), or the network device may be a mobile switching center, a relay station, an access point, a vehicle device, a wearable device, a hub, a switch, a bridge, a router, a network-side device in a 5G network, or a network device in a future evolved public land mobile network (Public Land Mobile Network, PLMN), etc.
The communication system 100 further comprises at least one terminal device 120 located within the coverage area of the network device 110. "terminal device" as used herein includes, but is not limited to, a connection via a wireline, such as via a public-switched telephone network (Public Switched Telephone Networks, PSTN), a digital subscriber line (Digital Subscriber Line, DSL), a digital cable, a direct cable connection; and/or another data connection/network; and/or via a wireless interface, e.g., for a cellular network, a wireless local area network (Wireless Local Area Network, WLAN), a digital television network such as a DVB-H network, a satellite network, an AM-FM broadcast transmitter; and/or means of the other terminal arranged to receive/transmit communication signals; and/or internet of things (Internet of Things, ioT) devices. Terminal devices arranged to communicate over a wireless interface may be referred to as "wireless communication terminals", "wireless terminals" or "mobile terminals". Examples of mobile terminals include, but are not limited to, satellites or cellular telephones; a personal communications system (Personal Communications System, PCS) terminal that may combine a cellular radiotelephone with data processing, facsimile and data communications capabilities; a PDA that can include a radiotelephone, pager, internet/intranet access, web browser, organizer, calendar, and/or a global positioning system (Global Positioning System, GPS) receiver; and conventional laptop and/or palmtop receivers or other electronic devices that include a radiotelephone transceiver. A terminal may refer to an access terminal, user Equipment (UE), subscriber unit, subscriber station, mobile station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or User Equipment. An access terminal may be a cellular telephone, a cordless telephone, a session initiation protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a personal digital assistant (Personal Digital Assistant, PDA), a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, a wearable device, a terminal in a 5G network or a terminal in a future evolved PLMN, etc.
Alternatively, direct terminal (D2D) communication may be performed between the terminal devices 120.
Alternatively, the 5G system or 5G network may also be referred to as a New Radio (NR) system or NR network.
Fig. 1 illustrates one network device and two terminal devices by way of example, and alternatively, the communication system 100 may include a plurality of network devices and may include other numbers of terminal devices within the coverage area of each network device, which is not limited in this embodiment of the present application.
Optionally, the communication system 100 may further include a network controller, a mobility management entity, and other network entities, which are not limited in this embodiment of the present application.
It should be understood that a device having a communication function in a network/system in an embodiment of the present application may be referred to as a communication device. Taking the communication system 100 shown in fig. 1 as an example, the communication device may include a network device 110 and a terminal device 120 with communication functions, where the network device 110 and the terminal device 120 may be specific devices described above, and are not described herein again; the communication device may also include other devices in the communication system 100, such as a network controller, a mobility management entity, and other network entities, which are not limited in this embodiment of the present application.
It should be understood that the terms "system" and "network" are used interchangeably herein. The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
The technical solution of the embodiment of the application is mainly applied to a 5G mobile communication system, and of course, the technical solution of the embodiment of the application is not limited to a 5G mobile communication system, and can be applied to other types of mobile communication systems.
Fig. 2a and fig. 2b are schematic diagrams of a system scenario in which the key information processing method according to the embodiment of the present application is applied; as shown in fig. 2a, a 5G Core network (NextGen Core) based scenario is one MN and multiple SN connections. The MN and the SN are connected with a 5GC core network, the MN has a Control Plane (CP) connection and a User Plane (UP) connection between the MN and the 5GC core network, and the SN has a UP connection between the SN and the 5GC core network; there may or may not be a CP connection or an UP connection between the MN and the SN. An eLTE eNB or a gNB can act as a MN and a gNB or an eLTE eNB can act as an SN node. The network coverage between SNs may or may not be overlapping coverage. There is overlapping coverage of network coverage between SN and MN.
As shown in fig. 2b, is an EPC-based scenario where one MN and multiple SNs are connected. The MN and the SN are connected with the EPC core network, the MN has a CP connection and an UP connection with the EPC core network, the SN has an UP connection with the 5GC core network, and the MN and the SN can have the CP connection or the UP connection or no connection. LTE eNB may act as MN, LTE eNB, gNB, eLTE eNB may all act as SN. The network coverage between SNs may or may not be overlapping coverage. There is overlapping coverage of network coverage between SN and MN.
The key information processing method of the embodiment of the present application may be based on the system scenario shown in fig. 2a and fig. 2b, which is certainly not limited to the above system scenario, and the scenarios where MN and multiple SNs exist in other communication systems are all suitable for the key information processing scheme of the embodiment of the present application.
The embodiment of the application provides a key information processing method. Fig. 3 is a flowchart of a key information processing method according to an embodiment of the present application; as shown in fig. 3, the method includes: step 301: the first access network node determining security information associated with the second access network node; step 302: the first access network node determines a first encryption key based on the security information and/or a basic key, and sends the first encryption key to the second access network node; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node.
In this embodiment, the first access network node is a master node connected to a terminal, for example, an eLTE eNB or a gNB that can be used as a MN in fig. 2a, or an LTE eNB that can be used as a MN in fig. 2 b; the second access network node is a secondary node connected to the terminal, for example, a gNB or an eLTE eNB which can be used as an SN in fig. 2a, or an LTE eNB, a gNB or an eLTE eNB which can be used as an SN in fig. 2 b; the terminal is configured with the first access network node and at least two of the second access network nodes. It will be appreciated that the first access network node configures a terminal multi-connection mode such that the terminal is connected to the first access network node as a primary node and to at least two second access network nodes as secondary nodes. Each second access network node is assigned a unique identifier for the terminal, that is, a second access network node identifier, which may also be referred to as a secondary node identifier (SN id).
As a first embodiment, the security information includes: a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts; the first access network node determining a first encryption key based on the security information and/or a base key, comprising: the first access network node determines a first encryption key based on at least one of the second access network node identification, a first secondary cell group count, and a base key; the first encryption key is a key corresponding to the second access network node.
In this embodiment, the first secondary cell group count (SCG counter, secondary Cell Group counter) is an integer value maintained in the first access network node, and the second access network node identity (also referred to as SN id) is an assigned unique identity for the terminal; as an example, the start value of SN id may start from 0 or 1; if the start value of SN id starts from 1, the identity of the first access network node (which may be denoted MN id) may be 0.
The first access network node determines a first encryption key based on at least one of the first secondary cell group count, the SN id, and the base key. The basic key is a key corresponding to the first access network node; as one embodiment, the base key may be denoted as K eNB Or K gNB The first encryption key is used by the second access network node to determine a second encryption key. As one embodiment, the first encryption key may be denoted as S-K eNB/gNB The method comprises the steps of carrying out a first treatment on the surface of the When the second access network node is an eNB in an LTE system or eLTE system, the first encryption key may be denoted as S-K eNB The method comprises the steps of carrying out a first treatment on the surface of the When the second access network node is a gNB in a 5G system or an NR system, the first encryption key may be denoted as S-K gNB . It may be appreciated that the first encryption key in this embodiment may be a key corresponding to the second access network node.
In an alternative embodiment of the present application, the method further comprises: the first access network node distributes corresponding first auxiliary cell group count for the second access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different. In other embodiments, the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes may also be the same,
in this embodiment, a first secondary cell group count (SCG counter) associated with the second access network node is maintained in the first access network node, the first secondary cell group count being an integer value. The first access network node distributes a first auxiliary cell group counting initial value for each second access network node; when the first secondary cell group count needs to be updated, 1 is added on the basis of the current value of the first secondary cell group count.
As an embodiment, the first access network node assigns the same starting value of the first secondary cell group count to each second access network node, i.e. assigns the same starting value of the first secondary cell group count to each second access network node, and it is understood that the first access network node maintains the respective first secondary cell group count for each second access network node. And further determining a first encryption key corresponding to the second access network node based on the second access network node identification, the first secondary cell group count, and the base key.
As another embodiment, the first access network node assigns each second access network node a different starting value of the first secondary cell group count, i.e. assigns each second access network node a different starting value of the first secondary cell group count. The first access network node assigns different initial values of the first auxiliary cell group counts to each second access network node, and the initial values of the first auxiliary cell group counts corresponding to all the second access network nodes can be represented as different initial values; or may also indicate that the starting values of the numbers of the first secondary cell groups corresponding to part of the second access network nodes in all the second access network nodes are different.
When the initial values of the first secondary cell group counts corresponding to different second access network nodes are different, the first access network node distributes the corresponding first secondary cell group counts for the second access network nodes, and the method comprises the following steps: the first access network node determines a value range of a first auxiliary cell group count corresponding to the second access network node based on the maximum value of the first auxiliary cell group count and the number of the second access network nodes, and the value ranges of the first auxiliary cell group count corresponding to at least two second access network nodes in the at least two second access network nodes are different; and the first access network node determines the corresponding first auxiliary cell group count according to the value range of the first auxiliary cell group count corresponding to the second access network node.
In this embodiment, the first access network node maintains a first secondary cell group count for each of all the second access network nodes, the first secondary cell group count being an integer value; the range of first secondary cell group counts that each second access network node can use is determined based on the maximum of the first secondary cell group counts and the number of second access network nodes. As an implementation, the range of the first secondary cell group count may be determined based on dividing the maximum value of the first secondary cell group count by the number of the second access network nodes, rounding up or rounding down. Assuming n second access network nodes, dividing the number of the second access network nodes by the maximum value of the first auxiliary cell group count and the number of the second access network nodes, and marking the value obtained after upward rounding or downward rounding as A; the range of the first secondary cell group count may be expressed as a being greater than or equal to a and SNi being less than a (sni+a); wherein SNi represents an ith second access network node of the n second access network nodes; in practical application, SNi may be represented by the identity of the ith second access network node.
As an example, the range of the first secondary cell group count corresponding to the second access network node may be expressed as:
in an alternative embodiment of the present application, the method further comprises: and resetting the first secondary cell group count when the first access network node determines that the basic key is changed. In this embodiment, when the KeNB change is determined, a first secondary cell group count (SCG counter) maintained in the first access network node is reset, that is, the first access network node resets the first secondary cell group count to 0.
In an alternative embodiment of the present application, the method further comprises: the first access network node updates the first secondary cell group count when it determines that a first update condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key. In this embodiment, when it is determined that the update condition of the first encryption key is satisfied and the KeNB is unchanged, the first access network node updates the first secondary cell group count, i.e., adds one to the first secondary cell group count (SCG counter).
As a second embodiment, the security information includes: secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; the first access network node determining a first encryption key based on the security information and/or a base key, comprising: the first access network node determines a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
In this embodiment, the at least two second access network nodes are divided into at least one secondary node Group (SN Group, SNG), where one secondary node Group includes at least one second access network node, and each secondary node Group is correspondingly allocated with a secondary node Group identifier (SN Group id), that is, the secondary node Group identifier corresponds to all the second access network nodes in the secondary node Group. The grouping principle of the at least two second access network nodes may be based on the radio frequency range where the second access network nodes are located, or may also be based on whether a specific connection (such as an Xn connection) exists between the second access network nodes and the first access network node, or the like.
A secondary node group count (SNG counter) is maintained in the first access network node for each secondary node group, which may be an integer value. The first access network node is based on the secondary node group identity (SN group id) and the secondary node group count (SNG counter)And a base key (e.g. K) eNB ) A first encryption key is determined. The first encryption key in this embodiment may be understood as a key corresponding to the secondary node group. As one embodiment, the first encryption key may be denoted as S-K SNG 。
In an alternative embodiment of the present application, the method further comprises: and resetting the auxiliary node group count when the first access network node determines that the basic key is changed. In the present embodiment, in determining K eNB When changing, the first access network node resets the self-maintained auxiliary node group count (SNG counter), namely the first access network node resets the auxiliary node group count to 0.
In an alternative embodiment of the present application, the method further comprises: and when the first access network node determines that a first updating condition is met and the basic key is unchanged, updating the auxiliary node group count. Wherein the first update condition is an update condition of the first encryption key. In this embodiment, when it is determined that the update condition of the first encryption key is satisfied and K eNB When unchanged, the first access network node updates the secondary node group count, i.e. increases the secondary node group count (SNG counter) by one.
The embodiment of the application also provides a key information processing method. Fig. 4 is a second flowchart of a key information processing method according to an embodiment of the present application; as shown in fig. 4, the method includes: step 401: the second access network node receives a first encryption key sent by the first access network node; the first encryption key is determined based on security information and/or a base key associated with the second access network node; the first encryption key is associated with the second access network node; step 402: the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key.
In this embodiment, the first access network node is a master node connected to a terminal, for example, an eLTE eNB or a gNB that can be used as a MN in fig. 2a, or an LTE eNB that can be used as a MN in fig. 2 b; the second access network node is a secondary node connected to the terminal, for example, a gNB or an eLTE eNB which can be used as an SN in fig. 2a, or an LTE eNB, a gNB or an eLTE eNB which can be used as an SN in fig. 2 b; the terminal is configured with the first access network node and at least two of the second access network nodes. It will be appreciated that the first access network node configures a terminal multi-connection mode such that the terminal is connected to the first access network node as a primary node and to at least two second access network nodes as secondary nodes. Each second access network node is assigned a unique identifier for the terminal, that is, a second access network node identifier, which may also be referred to as a secondary node identifier (SN id).
As a first implementation manner, the first encryption key is determined based on at least one of a second access network identifier corresponding to the second network node, a first secondary cell group count related to the second access network node, and a base key, where the first encryption key is a key corresponding to the second access network node; at least two second access network nodes of the at least two second access network nodes correspond to different second access network node identities and/or first secondary cell group counts. Wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
In this embodiment, the determination manner of the first encryption key may refer to the detailed description of the first determination manner of the first encryption key in the foregoing embodiment, which is not repeated herein.
In this embodiment, the determining, by the second access network node, a second encryption key based on the first encryption key includes: the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
In this embodiment, the second access network node is based on S-K eNB/gNB And the selected algorithm Identification (ID) computes a second encryption key for encryption and integrity protection.
As a second embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group. As an embodiment, the secondary node group identity corresponds to all second access network nodes in the secondary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the foregoing embodiment, which is not repeated herein.
In this embodiment, the first encryption key is a key corresponding to at least one second access network node in the auxiliary node group. As an embodiment, the secondary node group identity corresponds to all second access network nodes in the secondary node group, i.e. all second access network nodes in the secondary node group make the determination of the response key based on the first encryption key.
In this embodiment, the determining, by the second access network node, a second encryption key based on the first encryption key includes: the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
In this embodiment, the second access network node is based on S-K SNG And the selected algorithm Identification (ID) computes a second encryption key for encryption and integrity protection.
As a third embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the foregoing embodiment, which is not repeated herein.
In this embodiment, the determining, by the second access network node, a second encryption key based on the first encryption key includes: a specific second access network node in the secondary node group determines a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group; the specific second access network node sends the third encryption key to other second access network nodes except the specific second access network node in the auxiliary node group; the third encryption key is used for determining second encryption keys used for encryption and integrity protection by other second access network nodes except the specific second access network node in the auxiliary node group based on the third encryption key and algorithm identification; the specific second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification corresponding to the specific second access network node.
In this embodiment, a specific second access network node in the secondary node group maintains, for each second access network node group, a secondary cell group count (SCG counter) corresponding to the second access network node, and in order to distinguish from the secondary cell group count maintained in the first access network node in the previous embodiment, the secondary cell group count maintained in the first access network node is a first secondary cell group count, and the secondary cell group count maintained in the specific second access network node is a second secondary cell group count. In addition, a specific second access network node assigns a unique identifier to the terminal to each second access network node in the secondary cell group, which may be referred to as a secondary node identifier (SN id). It is to be appreciated that the first secondary cell group count and the second secondary cell group count are both associated with a second access network node.
In this embodiment, the first encryption key may be understood as a key corresponding to the secondary node group. A particular second access network node in the set of secondary nodes is based on a first encryption key (e.g., S-K SNG ) Determining a third encryption key from at least one of the second access network node identification (SN id) and a second secondary cell group count (SCG counter); the third encryption The key is a key corresponding to other second access network nodes except the specific second access network node in the auxiliary node group. In practical application, after the second access network nodes except the specific second access network node in the auxiliary node group receive the third encryption key, the second encryption key for encryption and integrity protection is determined based on the third encryption key and the selected algorithm identifier. And for the second encryption key of the specific second access network node, the third encryption key is not required to be calculated, and the second encryption key corresponding to the specific second access network node is calculated according to the first encryption key and the selected algorithm identification.
As a fourth embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the foregoing embodiment, which is not repeated herein.
In this embodiment, the determining, by the second access network node, a second encryption key based on the first encryption key includes: a specific second access network node in the secondary node group determines a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group; the specific second access network node sends the third encryption key to other second access network nodes except the specific second access network node in the auxiliary node group; the third encryption key is used for a second access network node in the secondary cell group to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
In this embodiment, a specific second access network node in the secondary node group maintains a secondary cell group count (SCG counter) for each second access network node group, and in order to distinguish from the secondary cell group count maintained in the first access network node in the previous embodiment, the secondary cell group count maintained in the first access network node is a first secondary cell group count, and the secondary cell group count maintained in the specific second access network node is a second secondary cell group count. In addition, a specific second access network node assigns a unique identifier to the terminal to each second access network node in the secondary cell group, which may be referred to as a secondary node identifier (SN id). It is to be appreciated that the first secondary cell group count and the second secondary cell group count are both associated with a second access network node.
In this embodiment, the first encryption key may be understood as a key corresponding to the secondary node group. A particular second access network node in the set of secondary nodes is based on a first encryption key (e.g., S-K SNG ) Determining a third encryption key by the second access network node identity (SN id) and a second secondary cell group count (SCG counter); the third encryption key is a key corresponding to all second access network nodes in the auxiliary node group. In practical application, after the second access network nodes except the specific second access network node in the auxiliary node group receive the third encryption key, the second encryption key for encryption and integrity protection is determined based on the third encryption key and the selected algorithm identifier. And for the specific second access network node, the specific second access network node is similar to other second access network nodes except the specific second access network node in the auxiliary node group, and after the third encryption key is determined, the second encryption key corresponding to the specific second access network node is calculated according to the third encryption key and the selected algorithm identifier.
In an alternative embodiment of the present application, the method further comprises: and resetting the second auxiliary cell group count when the specific second access network node determines the basic key change for determining the first encryption key and/or the first encryption key change corresponding to the auxiliary node group. In the present embodiment, in determining K eNB When changing, the specific second access network node resets self-maintenanceA second secondary cell group count (SCG counter), i.e. the particular second access network node resets the second secondary cell group count to 0.
The method further comprises the steps of: the particular second access network node updates the second secondary cell group count when it determines that a second update condition is satisfied and a base key for determining the first encryption key is unchanged. Wherein the second update condition is an update condition of the third encryption key. In the present embodiment, when it is determined that the update condition of the third encryption key is satisfied and K eNB When unchanged, the specific second access network node updates the second secondary cell group count maintained by itself, i.e. the second secondary cell group count (SCG counter) is incremented by one.
In this embodiment, the specific second access network device is configured to generate an encryption key and/or manage the encryption key for other second access network devices in the auxiliary node group to which the specific second access network device belongs.
In other embodiments, the functionality of the particular second access network device further comprises at least one of: establishing a control plane connection with the first access network node; for establishing a third signaling radio bearer SRB3; information for assigning the secondary node group; the information of the secondary node group includes at least one of: the user plane carries DRB ID, serving cell index, logical channel LC ID, measurement object ID, and measurement report ID.
The embodiment of the application also provides a key information processing method. Fig. 5 is a flowchart of a key information processing method according to an embodiment of the present application; as shown in fig. 5, the method includes: step 501: the terminal equipment obtains first security information distributed by a first access network node, and determines a first encryption key based on the first security information and/or a basic key; the basic key is a key corresponding to the first access network node; the first security information is associated with a second access network node; the first encryption key is associated with the second access network node; step 502: the terminal equipment obtains second security information distributed by the second access network node, and determines a second encryption key for encryption and integrity protection based on the first encryption key and the second security information; the second security information is associated with a second access network node.
In this embodiment, the terminal is configured with a first access network node and at least two second access network nodes, that is, the terminal may respectively establish a connection between the first access network node and the at least two second access network nodes. The first access network node is a master node connected to a terminal, for example, an eLTE eNB or a gNB which can be used as a MN in fig. 2a, or an LTE eNB which can be used as a MN in fig. 2 b; the second access network node is a secondary node connected to the terminal, for example, a gNB or an eLTE eNB which may be used as an SN in FIG. 2a, or an LTE eNB, a gNB or an eLTE eNB which may be used as an SN in FIG. 2 b.
As a first embodiment, the first security information includes; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts; the determining a first encryption key based on the first security information and/or a base key includes: determining a first encryption key based on at least one of the second access network node identity, a first secondary cell group count, and a base key; the first encryption key is a key corresponding to the second access network node.
In this embodiment, the terminal device receives a first secondary cell group count and/or a second access network node identifier allocated by the first access network node, and determines the first encryption key based on at least one information of the second access network node identifier, the first secondary cell group count and the base key. The specific description of the first encryption key may refer to the detailed description of the first determination manner of the first encryption key in the embodiment applied to the first access network device, which is not repeated herein.
In an optional embodiment of the present application, the obtaining, by the terminal device, the first security information allocated by the first access network node includes: the terminal equipment obtains a first auxiliary cell group count distributed by a first access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
It will be appreciated that a first secondary cell group count (SCG counter) associated with the second access network node is maintained in the first access network node, and the terminal device obtains the first secondary cell group count for calculating the first encryption key based on the allocation of the first access network node, the first secondary cell group count being an integer value.
In this embodiment, the second security information includes an algorithm identifier corresponding to the second access network node; the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising: a second encryption key is determined based on the first encryption key and an algorithm identification corresponding to a second access network node.
It can be appreciated that the terminal device obtains the algorithm identification selected by each second access network node, and determines the second encryption key corresponding to the corresponding second access network node according to the first encryption key determined in advance and the algorithm identification of the second access network node; the second encryption key is used for encryption and integrity protection. The specific determination manner of the second encryption key may refer to the related description of the first implementation manner of determining the second encryption key in the embodiment applied to the second access network device in the foregoing embodiment, which is not described herein.
In an alternative embodiment of the present application, the method further comprises: the terminal device updates a count for the first secondary cell group when it determines that a first update condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key. In this embodiment, when it is determined that the update condition of the first encryption key is satisfied and K eNB When unchanged, the terminal device updates the first secondary cell group count, i.e. the first secondary cell group count (SCG counter) is incremented by one.
As a second embodiment, the at least two second access network nodes are divided into at least one secondary node group, where one secondary node group includes at least one second access network node, and each secondary node group is correspondingly allocated with a secondary node group identifier (SN group id), that is, the secondary node group identifier corresponds to all the second access network nodes in the secondary node group. In this embodiment, the first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; the determining a first encryption key based on the security information and/or a base key comprises: determining a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the embodiment applied to the first access network node, which is not described herein.
In this embodiment, the first encryption key is a key corresponding to at least one second access network node in the auxiliary node group. As an implementation manner, the first encryption key is a key corresponding to all second access network nodes in the auxiliary node group, and it can be understood that all second access network nodes in the auxiliary node group determine respective keys based on the first encryption key.
In this embodiment, the second security information includes an algorithm identifier corresponding to a second access network node; the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising: a second encryption key is determined based on the first encryption key and an algorithm identification corresponding to a second access network node.
It can be appreciated that the terminal device obtains the algorithm identification selected by each second access network node, and determines the second encryption key corresponding to the corresponding second access network node according to the first encryption key determined in advance and the algorithm identification of the second access network node; the second encryption key is used for encryption and integrity protection. The specific determination manner of the second encryption key may refer to the related description of the second implementation manner of determining the second encryption key in the embodiment applied to the second access network device in the foregoing embodiment, which is not described herein.
In an alternative embodiment of the present application, the method further comprises: and when the terminal equipment determines that the first updating condition is met and the basic key is unchanged, updating the auxiliary node group count. Wherein the first update condition is an update condition of the first encryption key. The specific update manner is the same as that in the first access network node, and specific reference may be made to the update manner in the first access network node, which is not described herein.
As a third embodiment, the at least two second access network nodes are divided into at least one secondary node group. The first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; the determining a first encryption key based on the security information and/or a base key comprises: determining a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the embodiment applied to the first access network node, which is not described herein.
In this embodiment, the obtaining, by the terminal device, the second security information allocated by the second access network node includes: the terminal equipment obtains an algorithm identifier distributed by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group; the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising: determining a third encryption key based on at least one of the first encryption key, the second access network node identifier and a second auxiliary cell group count, wherein the third encryption key is a key corresponding to other second access network nodes except the specific second access network node in the auxiliary node group; determining a second encryption key corresponding to the other second access network node based on the third encryption key and algorithm identifications corresponding to the other second access network node; and determining a second encryption key corresponding to the specific second access network node based on the first encryption key and the algorithm identifier corresponding to the specific second access network node.
In this embodiment, the specific determination manner of the second encryption key may refer to the description related to the third implementation manner of determining the second encryption key in the embodiment applied to the second access network device in the foregoing embodiment, which is not described herein in detail.
As a fourth embodiment, the at least two second access network nodes are divided into at least one secondary node group.
The first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; the determining a first encryption key based on the security information and a base key includes: determining a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
In this embodiment, the determining manner of the first encryption key may refer to the detailed description of the second determining manner of the first encryption key in the embodiment applied to the first access network node, which is not described herein.
The terminal device obtains second security information allocated by a second access network node, including: the terminal equipment obtains an algorithm identifier distributed by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group; the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising: determining a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to at least one second access network node in the auxiliary node group; and determining a second encryption key corresponding to the second access network node based on the third encryption key and an algorithm identifier corresponding to the second access network node.
In this embodiment, the specific determination manner of the second encryption key may refer to the related description of the fourth implementation manner of determining the second encryption key in the embodiment applied to the second access network device in the foregoing embodiment, which is not described herein in detail.
In this embodiment, the specific second access network device is configured to generate an encryption key and/or manage the encryption key for other second access network devices in the auxiliary node group to which the specific second access network device belongs.
In other embodiments, the functionality of the particular second access network device further comprises at least one of: establishing a control plane connection with the first access network node; for establishing SRB3; information for assigning the secondary node group; the information of the secondary node group includes at least one of: DRB ID, serving cell index, LC ID, measurement object ID, and measurement report ID.
In an alternative embodiment of the present application, the method further comprises: and when the terminal equipment determines that a second updating condition is met and the basic key used for determining the first encryption key is unchanged, updating the second secondary cell group count. Wherein the second update condition is an update condition of the third encryption key.
In the present embodiment, when it is determined that the update condition of the third encryption key is satisfied and K eNB When unchanged, the specific second access network node updates the second secondary cell group count maintained by itself, i.e. the second secondary cell group count (SCG counter) is incremented by one.
Fig. 6a to 6c are schematic diagrams of key derivation in the key information processing method according to the embodiment of the present application, respectively; the key information processing method according to the embodiment of the present application is described in detail below with reference to fig. 6a to 6c and specific examples, where in each of the following examples, the first access network node is taken as MN and the second access network node is taken as SN as an example.
Example one
As shown in fig. 6a, as an embodiment, the MN maintains for each SN an SCG counter, which is an integer value. On the MN side, through K eNB (or K) gNB ) SCG counter and SN id input Key Derivation Function (KDF) to obtain first encryption key S-K corresponding to second access network node eNB/gNB The method comprises the steps of carrying out a first treatment on the surface of the The first encryption key S-K that MN will obtain eNB/gNB Send to all SNs, each SN sends the first encryption key S-K eNB/gNB And the respective selected algorithm identifies the input KDF, determining the keys for encryption and integrity protection.
As another implementation, the same as the previous embodiment, except that the MN maintains one SCG counter for all SNs, which is an integer value. The MN allocates corresponding SCG counter starting values for the SNs, and the SCG counter starting values corresponding to different SNs are different. Wherein, each SN may be determined based on the maximum value of the SCG Counter and the number of SNs using the range of the SCG Counter, and specific determining rules may be shown with reference to the foregoing embodiments, which are not described herein in detail.
Example two
As shown in fig. 6b, as an embodiment, the MN maintains an SNG counter for each SN group, and at least the calculated input parameters of the key corresponding to each SN group are: keNB (or KgNB), SNG counter and SN group id, namely MN inputs KeNB (or KgNB), SNG counter and SN group id into KDF to obtain first encryption key S-K corresponding to SN group SNG The method comprises the steps of carrying out a first treatment on the surface of the The first encryption key S-K that MN will obtain SNG The method comprises the steps of sending the key to a specific SN in the SN group, wherein the specific SN is responsible for calculating a key of each SN in the SN group; the key calculation input parameters for each SN include at least: S-K SNG SCG counter and SN id, i.e. a specific SN will S-K SNG SCG counter and SN id input KDF obtain third encryption key S-KgNB, the specific SN sends the third encryption key S-KgNB to other SNs in the SN group, all SNs in the SN group (including special)Fixed SN) inputs the third encryption key S-KgNB and the respective selected algorithm identification into the KDF, determining the keys for encryption and integrity protection.
As another implementation, the same as the previous embodiment, except that the specific SN sends the third encryption key S-KgNB to other SNs in the SN group, and the other SNs input the third encryption key S-KgNB and the respective selected algorithm identification to the KDF, and determine the keys for encryption and integrity protection; while for a particular SN, the first encryption key S-K SNG And the selected algorithm identifies the input KDF, determines the key for encryption and integrity protection.
Example three
As shown in fig. 6c, the MN maintains an SNG counter for each SN group, and at least the calculated input parameters of the key corresponding to each SN group are: keNB (or KgNB), SNG counter and SN group id, namely MN inputs KeNB (or KgNB), SNG counter and SN group id into KDF to obtain first encryption key S-K corresponding to SN group SNG The method comprises the steps of carrying out a first treatment on the surface of the The first encryption key S-K that MN will obtain SNG Sending to all SNs in the SN group; all SNs in the SN group (including the particular SN) will be the first encryption key S-K SNG And the respective selected algorithm identifies the input KDF, determining the keys for encryption and integrity protection.
By adopting the technical scheme of the embodiment of the application, on one hand, the first access network node serving as the master node determines the first encryption key based on the security information related to the second access network node, and sends the first encryption key to the second access network node; the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key, so that the derivation of the keys in the scene of the communication system of a plurality of SNs is realized; on the other hand, the key management in the scene of the communication system of a plurality of SNs is realized by resetting or updating the maintained secondary cell group count and/or the secondary node group count by the first access network node, resetting or updating the maintained secondary cell group count by the second access network node, and updating the secondary cell group count and/or the secondary node group count by the terminal equipment.
The embodiment of the application also provides a first access network node. Fig. 7 is a schematic structural diagram of a first access network node according to an embodiment of the present application; as shown in fig. 7, the node includes: a first determination unit 61, a second determination unit 62, and a first communication unit 63; wherein the first determining unit 61 is configured to determine security information related to a second access network node; the second determining unit 62 is configured to determine a first encryption key based on the security information and/or a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node; the first communication unit 63 is configured to send the first encryption key to the second access network node; the first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with the first access network node and at least two of the second access network nodes.
As a first embodiment, the security information includes; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts; the second determining unit 62 is configured to determine a first encryption key based on at least one of the second access network node identification, a first secondary cell group count and a base key; the first encryption key is a key corresponding to the second access network node.
Wherein the first determining unit 61 is further configured to allocate a corresponding first secondary cell group count for the second access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
When the starting values of the first secondary cell group counts corresponding to different second access network nodes are different, as an implementation manner, the first determining unit 61 is configured to determine a value range of the first secondary cell group count corresponding to the second access network node based on the maximum value of the first secondary cell group count and the number of the second access network nodes, where the value ranges of the first secondary cell group counts corresponding to at least two second access network nodes are different; and determining the corresponding first auxiliary cell group count according to the value range of the first auxiliary cell group count corresponding to the second access network node.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 8, the node further includes a first reset unit 64 configured to reset the first secondary cell group count when determining the base key change.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 8, the node further includes a first updating unit 65 configured to update the first secondary cell group count when it is determined that the first updating condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key.
As a second embodiment, the security information includes: secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; as an embodiment, the secondary node group identity corresponds to all second access network nodes in the secondary node group; the second determining unit 62 is configured to determine a first encryption key based on at least one of the auxiliary node group identifier, the auxiliary node group count, and the base key; the first encryption key is a key corresponding to the auxiliary node group. Wherein the at least two second access network nodes are divided into at least one secondary node group. Each auxiliary node group corresponds to an auxiliary node group identifier; the auxiliary node group identifiers corresponding to different auxiliary node groups are different.
Based on the above embodiments, in an alternative embodiment of the present application, as shown in fig. 8, the node further includes a first reset unit 64 configured to reset the secondary node group count when it is determined that the base key is changed.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 8, the node further includes a first updating unit 65 configured to update the secondary node group count when it is determined that the first updating condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key.
It should be noted that: in the first access network node provided in the above embodiment, only the division of each program module is used for illustration when performing key information processing, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the first access network node is divided into different program modules to complete all or part of the processing described above. In addition, the first access network node provided in the above embodiment and the key information processing method embodiment belong to the same concept, and the specific implementation process is detailed in the method embodiment, which is not repeated here.
The embodiment of the application also provides a second access network node. Fig. 9 is a schematic structural diagram of a second access network node according to an embodiment of the present application; as shown in fig. 9, the node includes: a second communication unit 71 and a third determination unit 72; wherein the second communication unit 71 is configured to receive a first encryption key sent by the first access network node; the first encryption key is determined based on security information and/or a base key associated with the second access network node; the first encryption key is associated with the second access network node; the third determining unit 72 is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key; the first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with a first access network node and at least two second access network nodes.
As a first implementation manner, the first encryption key is determined based on at least one of a second access network identifier corresponding to the second network node, a first secondary cell group count related to the second access network node, and a base key, where the first encryption key is a key corresponding to the second access network node; at least two second access network nodes of the at least two second access network nodes correspond to different second access network node identities and/or first secondary cell group counts. Wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
In this embodiment, the third determining unit 72 is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and the algorithm identification.
As a second embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group. As an embodiment, the secondary node group identity corresponds to all second access network nodes in the secondary node group. The first encryption key is a key corresponding to at least one second access network node in the auxiliary node group. As an implementation manner, the first encryption key is a key corresponding to all second access network nodes in the auxiliary node group.
The third determining unit 72 is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
As a third embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group.
The second access network node is a specific second access network node in a secondary node group, and the third determining unit 72 is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to the auxiliary node group; further configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification; the second communication unit 71 is further configured to send the third encryption key to other second access network nodes in the secondary node group than the specific second access network node; the third encryption key is used for other second access network nodes in the secondary node group than the specific second access network node to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
It may be appreciated that in this embodiment, the at least two second access network nodes are divided into at least one secondary node group, and a specific second access network node is determined in each secondary node group, where the specific second access network node is used for generating a key of a second access network node in the secondary node group. In this embodiment, the specific second access network node determines a third encryption key based on the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to the auxiliary node group, and the third encryption key is sent to other second access network nodes in the group, so that the other second access network nodes in the group calculate a second encryption key based on the third encryption key and a corresponding algorithm identifier; on the other hand, the specific second access network node determines its own second encryption key for encryption and security protection based on the obtained first encryption key and the algorithm identification without computing the second encryption key again based on the third encryption key.
As a fourth embodiment, the first encryption key is determined based on at least one of information of an auxiliary node group identifier, an auxiliary node group count and a basic key, and the first encryption key is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group.
The second access network node is a specific second access network node in a secondary node group, and the third determining unit 72 is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to the auxiliary node group; the second communication unit 71 is further configured to send the third encryption key to other second access network nodes in the secondary node group than the specific second access network node; the third encryption key is used for a second access network node in the secondary cell group to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
It may be appreciated that in this embodiment, the at least two second access network nodes are divided into at least one secondary node group, and a specific second access network node is determined in each secondary node group, where the specific second access network node is used for generating a key of a second access network node in the secondary node group. In this embodiment, the specific second access network node determines a third encryption key based on the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to the auxiliary node group, and the third encryption key is sent to other second access network nodes in the group, so that all second access network nodes (including the specific second access network node) in the group calculate a second encryption key based on the third encryption key and the corresponding algorithm identification.
Based on the above embodiments, in an alternative embodiment of the present application, as shown in fig. 10, the node further includes a second resetting unit 73 configured to reset the second secondary cell group count when determining a base key change for determining the first encryption key and/or a first encryption key change corresponding to a secondary node group.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 10, the node further includes a second updating unit 74 configured to update the second secondary cell group count when it is determined that a second updating condition is satisfied and a base key for determining the first encryption key is unchanged. Wherein the second update condition is an update condition of the third encryption key.
In this embodiment, the specific second access network device is configured to generate an encryption key and/or manage the encryption key for other second access network devices in the secondary node group to which it belongs.
Wherein the functionality of the particular second access network device further comprises at least one of: establishing a control plane connection with the first access network node; for establishing SRB3; information for assigning the secondary node group; the information of the secondary node group includes at least one of: DRB ID, serving cell index, LC ID, measurement object ID, and measurement report ID.
It should be noted that: in the second access network node provided in the above embodiment, only the division of each program module is used for illustration when performing key information processing, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the second access network node is divided into different program modules, so as to complete all or part of the processing described above. In addition, the second access network node provided in the above embodiment and the key information processing method embodiment belong to the same concept, and the specific implementation process is detailed in the method embodiment, which is not repeated here.
The embodiment of the application also provides terminal equipment. Fig. 11 is a schematic diagram of a composition structure of a terminal device according to an embodiment of the present application; as shown in fig. 11, the terminal device includes: a third communication unit 81 and a fourth determination unit 82; wherein the third communication unit 81 is configured to obtain first security information allocated by the first access network node; the first security information is associated with a second access network node; further configured to obtain second security information allocated by a second access network node; the second security information is associated with a second access network node; the fourth determining unit 82 is configured to determine a first encryption key based on the first security information and/or a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node; further configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and the second security information;
Wherein the terminal is configured with a first access network node and at least two second access network nodes.
As a first embodiment, the first security information includes; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts; the fourth determining unit 82 is configured to determine a first encryption key based on at least one of the second access network node identification, a first secondary cell group count and a base key; the first encryption key is a key corresponding to the second access network node.
Wherein the second security information comprises an algorithm identification corresponding to a second access network node; the fourth determining unit 82 is configured to determine a second encryption key based on the first encryption key and an algorithm identification corresponding to a second access network node.
In an embodiment, the third communication unit 81 is configured to obtain a first secondary cell group count allocated by the first access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 12, the terminal device further includes a third updating unit 83 configured to update the first secondary cell group count when it is determined that the first updating condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key.
As a second embodiment, the at least two second access network nodes are divided into at least one secondary node group. The first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group; as an embodiment, the secondary node group identity corresponds to all second access network nodes in the secondary node group. The fourth determining unit 82 is configured to determine a first encryption key based on at least one of the auxiliary node group identifier, the auxiliary node group count, and the base key; the first encryption key is a key corresponding to the auxiliary node group.
In an embodiment, the first encryption key is a key corresponding to at least one second access network node in the secondary node group. As an implementation manner, the first encryption key is a key corresponding to all second access network nodes in the auxiliary node group.
In an embodiment, the second security information comprises an algorithm identification corresponding to a second access network node; the fourth determining unit 82 is configured to determine a second encryption key based on the first encryption key and an algorithm identification corresponding to a second access network node.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 12, the terminal device further includes a third updating unit 83 configured to update the secondary node group count when it is determined that the first updating condition is satisfied and the base key is unchanged. Wherein the first update condition is an update condition of the first encryption key.
As a third embodiment, the third communication unit 81 is configured to obtain an algorithm identifier allocated by the second access network node in the secondary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group; the fourth determining unit 82 is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identifier, and a second secondary cell group count, where the third encryption key is a key corresponding to a second access network node in the secondary node group other than the specific second access network node; determining a second encryption key corresponding to the other second access network node based on the third encryption key and algorithm identifications corresponding to the other second access network node; and determining a second encryption key corresponding to the specific second access network node based on the first encryption key and the algorithm identifier corresponding to the specific second access network node.
In this embodiment, the at least two second access network nodes are divided into at least one auxiliary node group, and a specific second access network node is determined in each auxiliary node group, where the specific second access network node is used to maintain a second auxiliary cell group count and a second access network node identifier. In this embodiment, for a specific second access network node within the secondary node group, the terminal device determines the second encryption key based on the first encryption key and the algorithm identification, without computing the second encryption key again based on the third encryption key; for other specific second access network nodes except for the specific second access network node in the auxiliary node group, the terminal firstly determines a third encryption key based on the first encryption key, the second access network node identification and the second auxiliary cell group count, and then calculates the second encryption key based on the third encryption key and the corresponding algorithm identification.
As a fourth embodiment, the third communication unit 81 is configured to obtain an algorithm identifier allocated by the second access network node in the secondary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group; the fourth determining unit 82 is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group; and determining a second encryption key corresponding to the second access network node based on the third encryption key and an algorithm identifier corresponding to the second access network node.
In this embodiment, the at least two second access network nodes are divided into at least one auxiliary node group, and a specific second access network node is determined in each auxiliary node group, where the specific second access network node is used to maintain a second auxiliary cell group count and a second access network node identifier. In this embodiment, for all the second access network nodes in the secondary node group, the terminal determines a third encryption key based on the first encryption key, the second access network node identifier and the second secondary cell group count, and calculates the second encryption key based on the third encryption key and the algorithm identifiers corresponding to the second access network nodes.
In this embodiment, the specific second access network device is configured to generate an encryption key and/or manage the encryption key for other second access network devices in the secondary node group to which it belongs.
Wherein the functionality of the particular second access network device further comprises at least one of: establishing a control plane connection with the first access network node; for establishing SRB3; information for assigning the secondary node group; the information of the secondary node group includes at least one of: DRB ID, serving cell index, LC ID, measurement object ID, and measurement report ID.
Based on the above embodiment, in an alternative embodiment of the present application, as shown in fig. 12, the terminal device further includes a third updating unit 83 configured to update the second secondary cell group count when it is determined that the second updating condition is satisfied and the base key for determining the first encryption key is unchanged. Wherein the second update condition is an update condition of the third encryption key.
It should be noted that: in the key information processing of the terminal device provided in the above embodiment, only the division of the program modules is used for illustration, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the terminal device is divided into different program modules, so as to complete all or part of the processing described above. In addition, the terminal device provided in the above embodiment and the key information processing method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.
Fig. 13 is a schematic structural diagram of a communication device provided in an embodiment of the present application. The communication device in the embodiment of the present application may be a terminal device or an access network node, and the communication device shown in fig. 13 includes a processor 910, where the processor 910 may call and execute a computer program from a memory to implement a method in the embodiment of the present application.
Optionally, as shown in fig. 13, the communication device may also include a memory 920. Wherein the processor 910 may invoke and run a computer program from the memory 920 to implement the methods in the embodiments of the present application. Wherein the memory 920 may be a separate device from the processor 910 or may be integrated in the processor 910.
Optionally, as shown in fig. 13, the communication device may further include a transceiver 930, and the processor 910 may control the transceiver 930 to communicate with other devices, and in particular, may send information or data to other devices, or receive information or data sent by other devices. Wherein transceiver 930 may include a transmitter and a receiver. Transceiver 930 may further include antennas, the number of which may be one or more.
Optionally, the communication device may specifically be a terminal device or an access network node in the embodiment of the present application, and the communication device may implement a corresponding flow implemented by the terminal device, the first network node, or the second access network node in each method in the embodiment of the present application, which is not described herein for brevity.
Fig. 14 is a schematic structural diagram of a chip of an embodiment of the present application. The chip shown in fig. 14 includes a processor 710, and the processor 710 may call and run a computer program from a memory to implement the methods in the embodiments of the present application.
Optionally, as shown in fig. 14, the chip may also include a memory 720. Wherein the processor 710 may call and run a computer program from the memory 720 to implement the methods in embodiments of the present application. Wherein the memory 720 may be a separate device from the processor 710 or may be integrated into the processor 710.
Optionally, the chip may also include an input interface 730. The processor 710 may control the input interface 730 to communicate with other devices or chips, and in particular, may obtain information or data sent by other devices or chips.
Optionally, the chip may also include an output interface 740. The processor 710 may control the output interface 740 to communicate with other devices or chips, and in particular, may output information or data to other devices or chips.
Optionally, the chip may be applied to a terminal device or an access network node in the embodiments of the present application, and the chip may implement corresponding flows implemented by the terminal device, the first access network node, or the second access network node in each method in the embodiments of the present application, which are not described herein for brevity.
It should be understood that the chips referred to in the embodiments of the present application may also be referred to as system-on-chip chips, or the like.
The embodiment of the application also provides a communication system which comprises the terminal equipment, the first access network node and at least two second access network nodes. The terminal device may be used to implement the corresponding function implemented by the terminal device in the above method, the first access network node may be used to implement the corresponding function implemented by the first access network node in the above method, and the second access network node may be used to implement the corresponding function implemented by the second access network node in the above method, which is not described herein for brevity.
It should be appreciated that the processor of an embodiment of the present application may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
It will be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
It should be understood that the above memory is exemplary but not limiting, and for example, the memory in the embodiments of the present application may be Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), direct RAM (DR RAM), and the like. That is, the memory in embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
Embodiments of the present application also provide a computer-readable storage medium for storing a computer program.
Optionally, the computer readable storage medium may be applied to a terminal device, a first access network node, or a second access network node in the embodiments of the present application, and the computer program causes a computer to execute a corresponding procedure implemented by the terminal device, the first access network node, or the second access network node in each method of the embodiments of the present application, which is not described herein for brevity.
Embodiments of the present application also provide a computer program product comprising computer program instructions.
Optionally, the computer program product may be applied to a terminal device, a first access network node, or a second access network node in the embodiments of the present application, and the computer program instructions cause a computer to execute corresponding flows implemented by the terminal device, the first access network node, or the second access network node in the methods in the embodiments of the present application, which are not described herein for brevity.
The embodiment of the application also provides a computer program.
Optionally, the computer program may be applied to a terminal device, a first access network node, or a second access network node in the embodiments of the present application, where when the computer program runs on a computer, the computer is caused to execute a corresponding procedure implemented by the terminal device, the first access network node, or the second access network node in each method of the embodiments of the present application, which is not described herein for brevity.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (68)
1. A key information processing method, the method comprising:
the first access network node determining security information associated with the second access network node; the first access network node is a master node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with the first access network node and at least two second access network nodes;
the first access network node determines a first encryption key based on the security information and a basic key, and sends the first encryption key to the second access network node; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node;
wherein the security information includes: secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group;
the first access network node determining a first encryption key based on the security information and a base key, comprising:
the first access network node determines a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
2. The method of claim 1, wherein the security information further comprises: a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts;
the first access network node determining a first encryption key based on the security information and/or a base key, comprising:
the first access network node determines a first encryption key based on at least one of the second access network node identification, a first secondary cell group count, and a base key; the first encryption key is a key corresponding to the second access network node.
3. The method of claim 2, wherein the method further comprises:
the first access network node distributes corresponding first auxiliary cell group count for the second access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
4. A method according to claim 3, wherein the first access network node allocating a corresponding first secondary cell group count for the second access network node, comprises:
the first access network node determines a value range of a first auxiliary cell group count corresponding to the second access network node based on the maximum value of the first auxiliary cell group count and the number of the second access network nodes, and the value ranges of the first auxiliary cell group count corresponding to at least two second access network nodes in the at least two second access network nodes are different;
and the first access network node determines the corresponding first auxiliary cell group count according to the value range of the first auxiliary cell group count corresponding to the second access network node.
5. The method of any one of claims 1 to 4, wherein the method further comprises:
and when the first access network node determines that the basic key is changed, resetting the first auxiliary cell group count.
6. The method of any one of claims 1 to 4, wherein the method further comprises:
and when the first access network node determines that a first updating condition is met and the basic key is unchanged, updating a first auxiliary cell group count.
7. The method of claim 1, wherein the method further comprises:
and resetting the auxiliary node group count when the first access network node determines that the basic key is changed.
8. The method of claim 1, wherein the method further comprises:
and when the first access network node determines that a first updating condition is met and the basic key is unchanged, updating the auxiliary node group count.
9. A key information processing method, the method comprising:
the second access network node receives a first encryption key sent by the first access network node; the first encryption key is determined based on security information and a base key associated with the second access network node; the first encryption key is associated with the second access network node; the first access network node is a master node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with a first access network node and at least two second access network nodes;
the second access network node determining a second encryption key for encryption and integrity protection based on the first encryption key;
The first encryption key is determined based on at least one of auxiliary node group identification, auxiliary node group count and basic key, and is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in the secondary node group.
10. The method of claim 9, wherein the first encryption key is determined based on at least one of a second access network identity corresponding to the second access network node, a first secondary cell group count associated with the second access network node, and a base key, the first encryption key being a key corresponding to the second access network node; at least two second access network nodes of the at least two second access network nodes correspond to different second access network node identities and/or first secondary cell group counts.
11. The method of claim 10, wherein starting values of first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
12. The method of claim 9, wherein the first encryption key is a key corresponding to at least one second access network node in a set of secondary nodes.
13. The method of any of claims 9 to 12, wherein the second access network node determining a second encryption key based on the first encryption key comprises:
the second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
14. The method of claim 9, wherein the second access network node determining a second encryption key based on the first encryption key comprises:
a specific second access network node in the secondary node group determines a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group;
the specific second access network node sends the third encryption key to other second access network nodes except the specific second access network node in the auxiliary node group; the third encryption key is used for determining second encryption keys used for encryption and integrity protection by other second access network nodes except the specific second access network node in the auxiliary node group based on the third encryption key and algorithm identification;
The specific second access network node determines a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
15. The method of claim 9, wherein the second access network node determining a second encryption key based on the first encryption key comprises:
a specific second access network node in the secondary node group determines a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group;
the specific second access network node sends the third encryption key to other second access network nodes except the specific second access network node in the auxiliary node group; the third encryption key is used for a second access network node in the secondary cell group to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
16. The method according to claim 14 or 15, wherein the method further comprises:
and resetting the second auxiliary cell group count when the specific second access network node determines the basic key change for determining the first encryption key and/or the first encryption key change corresponding to the auxiliary node group.
17. The method according to claim 14 or 15, wherein the method further comprises:
the particular second access network node updates the second secondary cell group count when it determines that a second update condition is satisfied and a base key for determining the first encryption key is unchanged.
18. The method according to claim 14 or 15, wherein the specific second access network node is configured to generate and/or manage encryption keys for other second access network nodes in the group of secondary nodes to which it belongs.
19. The method of claim 18, wherein the functionality of the particular second access network node further comprises at least one of:
establishing a control plane connection with the first access network node;
for establishing a third signaling radio bearer SRB3;
information for assigning the secondary node group; the information of the secondary node group includes at least one of: the user plane carries DRB ID, serving cell index, logical channel LC ID, measurement object ID, and measurement report ID.
20. A key information processing method, the method comprising:
the terminal equipment obtains first security information distributed by a first access network node, and determines a first encryption key based on the first security information and a basic key; the basic key is a key corresponding to the first access network node; the first security information is associated with a second access network node; the first encryption key is associated with the second access network node;
The terminal equipment obtains second security information distributed by the second access network node, and determines a second encryption key for encryption and integrity protection based on the first encryption key and the second security information; the second security information is associated with a second access network node;
wherein the terminal is configured with a first access network node and at least two second access network nodes; the first access network node is a main node, and the second access network node is an auxiliary node;
wherein the first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group;
the determining a first encryption key based on the security information and a base key includes: determining a first encryption key based on at least one of the secondary node group identity, secondary node group count, and base key; the first encryption key is a key corresponding to the auxiliary node group.
21. The method of claim 20, wherein the first security information further comprises; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts;
The determining a first encryption key based on the first security information and/or a base key includes: determining a first encryption key based on at least one of the second access network node identity, a first secondary cell group count, and a base key; the first encryption key is a key corresponding to the second access network node.
22. The method of claim 21, wherein the terminal device obtaining the first security information assigned by the first access network node comprises:
the terminal equipment obtains a first auxiliary cell group count distributed by a first access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
23. The method of any one of claims 20 to 22, wherein the method further comprises: and when the terminal equipment determines that the first updating condition is met and the basic key is unchanged, updating the first auxiliary cell group count.
24. The method of claim 20, wherein the at least two second access network nodes are divided into at least one secondary node group.
25. The method of claim 20, wherein the first encryption key is a key corresponding to at least one second access network node in a set of secondary nodes.
26. The method of claim 24 or 25, wherein the method further comprises:
and when the terminal equipment determines that the first updating condition is met and the basic key is unchanged, updating the auxiliary node group count.
27. The method of any of claims 20 to 22, wherein the second security information comprises an algorithmic identification corresponding to a second access network node;
the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising:
a second encryption key is determined based on the first encryption key and an algorithm identification corresponding to a second access network node.
28. The method according to claim 22 or 24, wherein the terminal device obtaining second security information allocated by a second access network node, comprises:
the terminal equipment obtains an algorithm identifier distributed by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group;
the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising:
Determining a third encryption key based on at least one of the first encryption key, the second access network node identifier and a second auxiliary cell group count, wherein the third encryption key is a key corresponding to other second access network nodes except the specific second access network node in the auxiliary node group;
determining a second encryption key corresponding to the other second access network node based on the third encryption key and algorithm identifications corresponding to the other second access network node;
and determining a second encryption key corresponding to the specific second access network node based on the first encryption key and the algorithm identifier corresponding to the specific second access network node.
29. The method according to claim 22 or 24, wherein the terminal device obtaining second security information allocated by a second access network node, comprises:
the terminal equipment obtains an algorithm identifier distributed by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group;
the determining keys for encryption and integrity protection based on the first encryption key and the second security information, comprising:
Determining a third encryption key based on at least one of the first encryption key, the second access network node identification, and a second secondary cell group count; the third encryption key is a key corresponding to at least one second access network node in the auxiliary node group;
and determining a second encryption key corresponding to the second access network node based on the third encryption key and an algorithm identifier corresponding to the second access network node.
30. The method of claim 28, wherein the particular second access network node is configured to generate and/or manage encryption keys for other second access network nodes in the group of secondary nodes to which it belongs.
31. The method of claim 30, wherein the functionality of the particular second access network node further comprises at least one of:
establishing a control plane connection with the first access network node;
for establishing a third signaling radio bearer SRB3;
information for assigning the secondary node group; the information of the secondary node group includes at least one of: the user plane carries DRB ID, serving cell index, logical channel LC ID, measurement object ID, and measurement report ID.
32. The method of claim 28, wherein the method further comprises:
and when the terminal equipment determines that a second updating condition is met and the basic key used for determining the first encryption key is unchanged, updating the second secondary cell group count.
33. A first access network node, the node comprising: the device comprises a first determining unit, a second determining unit and a first communication unit; wherein, the liquid crystal display device comprises a liquid crystal display device,
the first determining unit is configured to determine security information related to a second access network node;
the second determining unit is configured to determine a first encryption key based on the security information and a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node;
the first communication unit is configured to send the first encryption key to the second access network node;
wherein the security information includes: secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group;
the second determining unit is configured to determine a first encryption key based on at least one of the auxiliary node group identifier, the auxiliary node group count, and the base key; the first encryption key is a key corresponding to the auxiliary node group;
The first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with the first access network node and at least two of the second access network nodes.
34. The node of claim 33, wherein the security information comprises; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts;
the second determining unit is configured to determine a first encryption key based on at least one of the second access network node identification, a first secondary cell group count and a base key; the first encryption key is a key corresponding to the second access network node.
35. The node of claim 34, wherein the first determining unit is further configured to allocate a corresponding first secondary cell group count for the second access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
36. The node of claim 35, wherein the first determining unit is configured to determine a range of values of first secondary cell group counts corresponding to the second access network node based on a maximum value of the first secondary cell group counts and the number of second access network nodes, the range of values of first secondary cell group counts corresponding to at least two of the at least two second access network nodes being different; and determining the corresponding first auxiliary cell group count according to the value range of the first auxiliary cell group count corresponding to the second access network node.
37. The node according to any of claims 33 to 36, wherein the node further comprises a first reset unit configured to reset a first secondary cell group count upon determining the base key change.
38. The node according to any of claims 33 to 36, wherein the node further comprises a first updating unit configured to update a first secondary cell group count when it is determined that a first updating condition is met and the base key is unchanged.
39. The node of claim 33, wherein the node further comprises a first reset unit configured to reset the secondary node group count upon determining the base key change.
40. The node of claim 33, wherein the node further comprises a first updating unit configured to update the secondary node group count when it is determined that a first update condition is satisfied and the base key is unchanged.
41. A second access network node, the node comprising: a second communication unit and a third determination unit; wherein, the liquid crystal display device comprises a liquid crystal display device,
the second communication unit is configured to receive a first encryption key sent by the first access network node; the first encryption key is determined based on security information and a base key associated with the second access network node; the first encryption key is associated with the second access network node;
the third determining unit is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key;
the first encryption key is determined based on at least one of auxiliary node group identification, auxiliary node group count and basic key, and is a key corresponding to the auxiliary node group; the secondary node group identity corresponds to at least one second access network node in a secondary node group;
the first access network node is a main node connected with the terminal; the second access network node is an auxiliary node connected with the terminal; the terminal is configured with a first access network node and at least two second access network nodes.
42. The node of claim 41, wherein the first encryption key is determined based on at least one of a second access network identity corresponding to the second access network node, a first secondary cell group count associated with the second access network node, and a base key, the first encryption key being a key corresponding to the second access network node; at least two second access network nodes of the at least two second access network nodes correspond to different second access network node identities and/or first secondary cell group counts.
43. The node of claim 42, wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
44. A node as defined in claim 41, wherein the first encryption key is a key corresponding to at least one second access network node in the secondary node group.
45. The node of any of claims 41 to 44, wherein the third determining unit is configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification.
46. The node of claim 41, wherein the second access network node is a particular second access network node in a secondary node group,
the third determining unit is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group; further configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and an algorithm identification;
the second communication unit is further configured to send the third encryption key to other second access network nodes in the auxiliary node group except the specific second access network node; the third encryption key is used for other second access network nodes in the secondary node group than the specific second access network node to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
47. The node of claim 41, wherein the second access network node is a particular second access network node in a secondary node group,
The third determining unit is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to at least one second access network node in the auxiliary node group;
the second communication unit is further configured to send the third encryption key to other second access network nodes in the auxiliary node group except the specific second access network node; the third encryption key is used for a second access network node in the secondary cell group to determine a second encryption key for encryption and integrity protection based on the third encryption key and an algorithm identification.
48. The node according to claim 46 or 47, wherein the node further comprises a second resetting unit configured to reset the second secondary cell group count when determining a base key change for determining the first encryption key and/or a first encryption key change corresponding to a secondary node group.
49. The node according to claim 46 or 47, wherein the node further comprises a second updating unit configured to update the second secondary cell group count when it is determined that a second updating condition is fulfilled and a base key for determining the first encryption key is unchanged.
50. The node according to claim 46 or 47, wherein the specific second access network node is configured to generate and/or manage encryption keys for other second access network nodes in the group of secondary nodes to which it belongs.
51. The node of claim 50, wherein the functionality of the particular second access network node further comprises at least one of:
establishing a control plane connection with the first access network node;
for establishing a third signaling radio bearer SRB3;
information for assigning the secondary node group; the information of the secondary node group includes at least one of: the user plane carries DRB ID, serving cell index, logical channel LC ID, measurement object ID, and measurement report ID.
52. A terminal device, the terminal device comprising: a third communication unit and a fourth determination unit; wherein, the liquid crystal display device comprises a liquid crystal display device,
the third communication unit is configured to obtain first security information distributed by the first access network node; the first security information is associated with a second access network node; further configured to obtain second security information allocated by a second access network node; the second security information is associated with a second access network node;
The fourth determining unit is configured to determine a first encryption key based on the first security information and a base key; the basic key is a key corresponding to the first access network node; the first encryption key is associated with the second access network node; further configured to determine a second encryption key for encryption and integrity protection based on the first encryption key and the second security information;
wherein the first security information includes; secondary node group count and/or secondary node group identification; the secondary node group identity corresponds to at least one second access network node in a secondary node group;
the fourth determining unit is configured to determine a first encryption key based on at least one of the auxiliary node group identifier, the auxiliary node group count, and the base key; the first encryption key is a key corresponding to the auxiliary node group;
wherein the terminal is configured with a first access network node and at least two second access network nodes.
53. The terminal device of claim 52, wherein the first security information comprises; a first secondary cell group count and/or a second access network node identity associated with the second access network node; at least two second access network nodes in the at least two second access network nodes correspond to different second access network node identifications and/or first auxiliary cell group counts;
The fourth determining unit is configured to determine a first encryption key based on at least one of the second access network node identification, a first secondary cell group count and a base key; the first encryption key is a key corresponding to the second access network node.
54. The terminal device of claim 53, wherein the third communication unit is configured to obtain a first secondary cell group count allocated by the first access network node; wherein the starting values of the first secondary cell group counts corresponding to at least two of the at least two second access network nodes are different.
55. The terminal device of any of claims 52 to 54, wherein the terminal device further comprises a third updating unit configured to update the first secondary cell group count when it is determined that the first updating condition is satisfied and the base key is unchanged.
56. The terminal device of claim 52, wherein the at least two second access network nodes are divided into at least one secondary node group.
57. The terminal device of claim 52, wherein the first encryption key is a key corresponding to at least one second access network node in the set of secondary nodes.
58. The terminal device of claim 52 or 57, wherein the terminal device further comprises a third updating unit configured to update the secondary node group count when it is determined that a first update condition is satisfied and the base key is unchanged.
59. The terminal device of any of claims 52 to 54, wherein the second security information comprises an algorithmic identification corresponding to a second access network node;
the fourth determining unit is configured to determine a second encryption key based on the first encryption key and an algorithm identification corresponding to a second access network node.
60. The terminal device of claim 52 or 56, wherein,
the third communication unit is configured to obtain an algorithm identifier allocated by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group;
the fourth determining unit is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identifier and a second secondary cell group count, where the third encryption key is a key corresponding to a second access network node in the secondary node group except for the specific second access network node; determining a second encryption key corresponding to the other second access network node based on the third encryption key and algorithm identifications corresponding to the other second access network node; and determining a second encryption key corresponding to the specific second access network node based on the first encryption key and the algorithm identifier corresponding to the specific second access network node.
61. The terminal device of claim 52 or 56, wherein,
the third communication unit is configured to obtain an algorithm identifier allocated by a second access network node in the auxiliary node group; obtaining a second auxiliary cell group count and/or a second access network node identifier allocated by a specific second access network node in the auxiliary node group;
the fourth determining unit is configured to determine a third encryption key based on at least one of the first encryption key, the second access network node identification and a second secondary cell group count; the third encryption key is a key corresponding to a second access network node in the auxiliary node group; and determining a second encryption key corresponding to the second access network node based on the third encryption key and an algorithm identifier corresponding to the second access network node.
62. The terminal device of claim 60, wherein the particular second access network node is configured to generate and/or manage encryption keys for other second access network nodes in the group of secondary nodes to which it belongs.
63. The terminal device of claim 62, wherein the functionality of the particular second access network node further comprises at least one of:
Establishing a control plane connection with the first access network node;
for establishing a third signaling radio bearer SRB3;
information for assigning the secondary node group; the information of the secondary node group includes at least one of: the user plane carries DRB ID, serving cell index, logical channel LC ID, measurement object ID, and measurement report ID.
64. The terminal device of claim 60, wherein the terminal device further comprises a third updating unit configured to update the second secondary cell group count when it is determined that a second updating condition is satisfied and a base key for determining the first encryption key is unchanged.
65. A terminal device, comprising: a processor and a memory for storing a computer program, the processor being for invoking and running the computer program stored in the memory, performing the method of any of claims 20 to 32.
66. An access network node, comprising: a processor and a memory for storing a computer program, the processor for invoking and running the computer program stored in the memory, performing the method of any of claims 1 to 8; alternatively, the processor is configured to invoke and run a computer program stored in the memory, to perform the method of any of claims 9 to 19.
67. A chip, comprising: a processor for calling and running a computer program from a memory, causing a device on which the chip is mounted to perform the method of any one of claims 1 to 8; alternatively, a device on which the chip is mounted is caused to perform the method of any one of claims 9 to 19; alternatively, a device on which the chip is mounted is caused to perform the method of any one of claims 20 to 32.
68. A computer-readable storage medium storing a computer program that causes a computer to perform the method of any one of claims 1 to 8; alternatively, the computer program causes a computer to perform the method of any one of claims 9 to 19; alternatively, the computer program causes a computer to perform the method of any of claims 20 to 32.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/073792 WO2020154929A1 (en) | 2019-01-29 | 2019-01-29 | Key information processing method, access network nodes and terminal device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112690010A CN112690010A (en) | 2021-04-20 |
| CN112690010B true CN112690010B (en) | 2023-05-05 |
Family
ID=71841709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980060409.3A Active CN112690010B (en) | 2019-01-29 | 2019-01-29 | Key information processing method, access network node and terminal equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112690010B (en) |
| WO (1) | WO2020154929A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116545638A (en) * | 2022-01-25 | 2023-08-04 | 华为技术有限公司 | Method and related device for determining master-slave equipment in key negotiation process |
| CN117835235A (en) * | 2022-09-29 | 2024-04-05 | 大唐移动通信设备有限公司 | Method, device, apparatus and storage medium for determining SCG side security key |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104956644A (en) * | 2013-01-30 | 2015-09-30 | 瑞典爱立信有限公司 | Security key generation for dual connectivity |
| WO2018030798A1 (en) * | 2016-08-09 | 2018-02-15 | Samsung Electronics Co., Ltd. | Method and apparatus for managing user plane operation in wireless communication system |
| CN108737045A (en) * | 2017-04-19 | 2018-11-02 | 华为技术有限公司 | Repeat the method and device of transmission |
| WO2018212539A1 (en) * | 2017-05-15 | 2018-11-22 | Samsung Electronics Co., Ltd. | Apparatus and method for managing security keys in wireless communication system |
| CN109246696A (en) * | 2017-06-16 | 2019-01-18 | 华为技术有限公司 | Cipher key processing method and relevant apparatus |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ES2890499T3 (en) * | 2013-09-11 | 2022-01-20 | Samsung Electronics Co Ltd | Procedure and system to enable secure communication for inter-eNB transmission |
| WO2015108389A1 (en) * | 2014-01-17 | 2015-07-23 | Samsung Electronics Co., Ltd. | Dual connectivity mode of operation of a user equipment in a wireless communication network |
| EP3886397B1 (en) * | 2014-03-21 | 2023-01-18 | Sun Patent Trust | Security key derivation in dual connectivity |
| CN108810888B (en) * | 2017-05-05 | 2020-09-18 | 华为技术有限公司 | Key updating method and device |
-
2019
- 2019-01-29 CN CN201980060409.3A patent/CN112690010B/en active Active
- 2019-01-29 WO PCT/CN2019/073792 patent/WO2020154929A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104956644A (en) * | 2013-01-30 | 2015-09-30 | 瑞典爱立信有限公司 | Security key generation for dual connectivity |
| WO2018030798A1 (en) * | 2016-08-09 | 2018-02-15 | Samsung Electronics Co., Ltd. | Method and apparatus for managing user plane operation in wireless communication system |
| CN108737045A (en) * | 2017-04-19 | 2018-11-02 | 华为技术有限公司 | Repeat the method and device of transmission |
| WO2018212539A1 (en) * | 2017-05-15 | 2018-11-22 | Samsung Electronics Co., Ltd. | Apparatus and method for managing security keys in wireless communication system |
| CN109246696A (en) * | 2017-06-16 | 2019-01-18 | 华为技术有限公司 | Cipher key processing method and relevant apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020154929A1 (en) | 2020-08-06 |
| CN112690010A (en) | 2021-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109644099B (en) | Wireless communication method, network equipment and terminal | |
| CN112703779B (en) | Uplink transmission power control method and terminal equipment | |
| CN113383595B (en) | Wireless communication method, terminal equipment and network equipment | |
| CN112673687B (en) | Registration method, terminal equipment and network equipment | |
| CN113615257B (en) | Path selection method and device and terminal | |
| CN112425192B (en) | Method, device and storage medium for reporting capability of terminal device | |
| CN114364037B (en) | Wireless communication method, terminal equipment and network equipment | |
| CN113767653A (en) | Wireless communication method, network equipment and terminal equipment | |
| CN111989984A (en) | Strategy determination method and device, and terminal | |
| CN112690010B (en) | Key information processing method, access network node and terminal equipment | |
| WO2019174056A1 (en) | Communication method and device | |
| CN112425217B (en) | Synchronization source priority determining method, equipment and computer storage medium | |
| JP2020503738A (en) | Information transmission method, network device and terminal device | |
| CN112534940A (en) | Resource allocation method, terminal equipment and network equipment | |
| CN112887073B (en) | Bandwidth part processing method, terminal equipment and network equipment | |
| CN111742600B (en) | Uplink data transmission method and related equipment | |
| CN111837419B (en) | Data transmission method, terminal equipment and network equipment | |
| WO2023020297A1 (en) | Relay selection method and apparatus | |
| CN113286276A (en) | Method for determining transmission mode in sidelink, terminal equipment and network equipment | |
| CN113194473B (en) | Method or apparatus for integrity protection | |
| CN113315618B (en) | Data scrambling method and device and communication equipment | |
| CN112385271A (en) | Network information transmission method, network information acquisition method, network equipment and terminal equipment | |
| CN113748727A (en) | Wireless communication method, terminal equipment and network equipment | |
| CN112534905A (en) | Wireless communication method, terminal equipment and network equipment | |
| CN112840714A (en) | Access control method, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |