CN113630738A

CN113630738A - Sidelink communication method and device

Info

Publication number: CN113630738A
Application number: CN202010318936.4A
Authority: CN
Inventors: 李翔宇; 彭文杰; 肖潇
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-04-21
Filing date: 2020-04-21
Publication date: 2021-11-09
Anticipated expiration: 2040-04-21
Also published as: CN113630738B

Abstract

A method and apparatus for sidelink communications are intended to ensure that the security protection policies supported by QoS flows mapped to the same SLRB are the same. The method comprises the following steps: the method comprises the steps that a first terminal device obtains configuration information of a side-link bearing SLRB, the first terminal device determines a first SLRB corresponding to a first QoS flow according to the configuration information of the SLRB, and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal device establishes a second SLRB aiming at the first QoS flow. The second SLRB is different from the first SLRB so that the first QoS flow is not mapped to SLRBs of different security protection policies. The first terminal device may further indicate a second security protection policy corresponding to the second SLRB to the second terminal device.

Description

Sidelink communication method and device

Technical Field

The embodiment of the application relates to the technical field of communication, in particular to a sidelink communication method and device.

Background

In a vehicle to electrical (V2X) communication architecture, data can be directly transmitted between end devices through Sidelink (SL).

Before the terminal equipment performs SL communication, the terminal equipment establishes a sidelink radio bearer (SLRB), and maps a quality of service (QoS) flow to the corresponding SLRB. Multiple QoS flows may be mapped to the same SLRB.

Different QoS flows may support different security protection policies, which may reduce SL communication quality if multiple QoS flows mapped to the same SLRB support different security protection policies.

Disclosure of Invention

Embodiments of the present application provide a sidelink communication method and apparatus, so as to solve the problem that QoS streams supporting different security protection policies are mapped to the same SLRB, thereby reducing SL communication quality.

In a first aspect, a sidelink communication method is provided, which includes the following steps: the method comprises the steps that a first terminal device obtains configuration information of a side-link bearing SLRB; the first terminal equipment determines a first SLRB corresponding to a first quality of service (QoS) flow according to the configuration information of the SLRB; and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal equipment establishes a second SLRB aiming at the first QoS flow. By the judgment process of whether the security protection strategies are the same when the SLRB is established for the QoS flow, the condition that the QoS flows corresponding to different security protection strategies are mapped to the same SLRB can be avoided. When the SLRB configuration information configured by the network device maps QoS streams supporting different security protection policies to the same SLRB, the terminal device can establish multiple SLRBs for the QoS streams supporting different security protection policies by modifying the establishment flow of the SLRB, ensure that the AS layer implements the security protection policy of QoS stream granularity, ensure normal communication of the SL, and also avoid the QoS streams not requiring security protection from being mapped to the SLRB supporting security protection for transmission, thereby reducing higher implementation complexity and data transmission overhead caused by the transmission on the SLRB supporting security protection, and further improving the communication quality and efficiency of the SL.

In one possible design, the access AS layer of the first terminal device determines, according to a correspondence between a QoS flow indicated by the internet of vehicles V2X layer and a security protection policy, that the security protection policy corresponding to the first QoS flow is a second security protection policy. By the design, the AS layer can realize the safety protection strategy configured by the V2X layer, and the normal communication of the SL is ensured.

Optionally, the access AS layer of the first terminal device may determine, according to a corresponding relationship between the service type indicated by the V2X layer of the internet of vehicles and the security protection policy, the first service type corresponding to the first QoS flow, and determine, according to the first indication information, that the security protection policy corresponding to the first service type is the security protection policy corresponding to the first QoS flow.

In one possible design, the first terminal device sends indication information to the second terminal device, where the indication information is used to indicate the second security protection policy corresponding to the second SLRB. Through the design, the first terminal and the second terminal can use the same security protection strategy for the transmission of the same data packet, and the normal communication of the SL is ensured.

Optionally, the indication information may indicate three strategies of required (required), preferred (preferred), or not required (not required/off), and the indication information may indicate the three strategies through 2 bits (bit). Alternatively, the indication information may also indicate two strategies, namely required (required) and not required (not required/off), and the indication information may indicate the two strategies through a 1 bit (bit).

If the AS layer of the first terminal device obtains the security protection policy indicated by 2 bits from the upper layer, that is, the 2 bits may indicate one of three policies (required, inclined, or not required). The AS layer of the first terminal device needs to convert the security policy indicated by 2 bits provided by the upper layer of the first terminal device into the security policy indicated by 1 bit, where 1 bit indicates two policies: either required or not. The AS layer of the first terminal needs to convert the trend into needed or not needed when the security policy acquired by the AS layer of the first terminal device from the upper layer is a trend.

In one possible design, the first security protection policy or the second security protection policy each includes any one or more of the following information: user plane integrity protection information or user plane encryption protection information. The user plane integrity protection information or user plane encryption protection information may include the following types: illustratively, it may be required (required), inclined (preferred) or not required (not required/off), which may be indicated by 2 bits (bit), e.g., 11 indicates required, 10 indicates inclined, 00 indicates not required. For example, it may be required (required) or not required (not required/off), and may be indicated by 1 bit (bit), for example, 1 is used to indicate required and 0 is used to indicate not required.

In one possible design, the configuration information of the SLRB is carried in a radio resource control, RRC, message, a system message, or a pre-configuration message. The system message may be a SIB and the pre-configuration message may be a configuration stored locally on the chip. Based on this, the first terminal device may be in an RRC connected state, an RRC inactive state, an RRC idle state, and an out-of-coverage OOC state of the Uu interface.

In one possible design, the second SLRB is the same as any one or more of configuration parameters of a packet data convergence protocol PDCP entity, a radio link control RLC entity, or a logical channel LCH of the first SLRB.

In one possible design, the logical channel identification, LCID, of the second SLRB is different from the logical channel identification, LCID, of the first SLRB.

In one possible scenario, one PC5-RRC connection associates a pair of source address (source L2ID) and destination address (destination L2ID), but multiple unicast connections at the upper layer may correspond to the same PC5-RRC connection, that is, multiple unicast connections may correspond to the same pair of source address (source L2ID) and destination address (destination L2 ID). The first end device may obtain a security protection policy corresponding to the unicast connection granularity from an upper layer (e.g., layer V2X). In this scenario, if the first SLRB is already established and the first unicast connection corresponding to the first SLRB is different from the second unicast connection corresponding to the first QoS flow, the first terminal device establishes a second SLRB for the first QoS flow.

In one possible design, the first terminal device may obtain the security protection policy corresponding to the traffic type granularity from an upper layer (e.g., the V2X layer). In this scenario, if the first SLRB is already established and the first service type corresponding to the first SLRB is different from the second service type corresponding to the first QoS flow, the first terminal device establishes a second SLRB for the first QoS flow.

In a second aspect, a sidelink communication method is provided, the method comprising: the first terminal equipment sends first information to the network equipment, wherein the first information comprises configuration information of a security protection strategy. The first terminal equipment receives configuration information of a side uplink bearing SLRB from the network equipment; and the first terminal equipment establishes a corresponding SLRB according to the configuration information of the SLRB and carries out SL communication with the second terminal equipment. The first information is reported to the network equipment by the first terminal equipment, and the configuration information of the security protection strategy is indicated in the first information, so that the network equipment can consider the factors of the security protection strategy when determining the SLRB configuration information, and the security protection strategies corresponding to the QoS flows mapped on one SLRB are ensured to be the same. And ensuring that the AS layer realizes the security protection strategy of QoS flow granularity and ensuring the normal communication of the SL. And the QoS flow which does not need safety protection is prevented from being mapped to the SLRB supporting safety protection for transmission, so that higher implementation complexity and data transmission overhead brought by the SLRB supporting safety protection are reduced, and the communication quality and efficiency of the SL are further improved. Optionally, the access AS layer of the first terminal device may determine, according to a correspondence between unicast connection indicated by the V2X layer of the internet of vehicles and the security protection policy, a first unicast connection corresponding to the first QoS stream, and determine, according to the first indication information, that the security protection policy corresponding to the first unicast connection is the security protection policy corresponding to the first QoS stream. By the design, the AS layer can realize the safety protection strategy configured by the V2X layer, and the normal communication of the SL is ensured.

In one possible design, the first terminal device sends indication information to the second terminal device, where the indication information is used to indicate that the first SLRB corresponds to the first security protection policy. The design of the indication information may refer to the first aspect, which is not described herein. Through the design, the first terminal and the second terminal can use the same security protection strategy for the transmission of the same data packet, and the normal communication of the SL is ensured.

In one possible design: the first terminal equipment sends a data packet to the second terminal equipment, and the PDCP PDU format in the data packet is used for indicating: and the first SLRB for bearing the data packet corresponds to the first security protection strategy.

In one possible design, the first security protection policy includes any one or more of the following information: user plane integrity protection information or user plane encryption protection information. The design of the user plane integrity protection information or the user plane encryption protection information may refer to the first aspect, and will not be described herein again.

In a third aspect, a sidelink communication method is provided, which includes the following steps: a first terminal device acquires first information, wherein the first information comprises a first security protection strategy corresponding to a first quality of service (QoS) flow; the first terminal determines a second security protection strategy corresponding to the PC5 Radio Resource Control (RRC) connection associated with the first QoS flow according to the first information; and the first terminal equipment sends indication information to second terminal equipment corresponding to the PC5 RRC connection, wherein the indication information is used for indicating a second security protection strategy corresponding to the PC5 RRC connection. Therefore, when the upper layer indicates the security protection policy of the unicast connection granularity, the service type granularity or the QoS flow granularity, the AS layer of the first terminal device can always determine the security protection policy corresponding to the PC5 RRC connection and indicate the security protection policy to the second terminal device associated with the PC5 RRC connection, and finally ensure that the second terminal device receives data with the correct security protection policy, thereby realizing normal communication of the SL. The first terminal device sends indication information to the second terminal device corresponding to the PC5 RRC connection, where the indication information is used to indicate the second security protection policy corresponding to the PC5 RRC connection, so that the first terminal and the second terminal use the same security protection policy for transmission of the same data packet, and normal communication of the SL is ensured.

In one possible design, if a first security protection policy corresponding to any one of one or more first QoS flows is required, the second security protection policy is required; if none of the first security protection policies corresponding to the one or more first QoS flows is needed, and a first security protection policy corresponding to any of the one or more first QoS flows is a trend preferred, the second security protection policy is a trend; and if none of the first security protection policies corresponding to the one or more first QoS flows is required and not inclined, the second security protection policy is not required for not required.

In one possible design, if a first security protection policy corresponding to any one of the one or more first QoS flows is required or inclined, the second security protection policy is required; and if the first security protection strategies corresponding to the one or more first QoS flows are not needed and not inclined, the second security protection strategy is not needed.

In a fourth aspect, a method of sidelink communication is provided, the method comprising: the method comprises the steps that a network device receives first information from a first terminal device, wherein the first information comprises security protection strategy configuration information; and the network equipment determines and sends configuration information of the side uplink bearing SLRB to the terminal equipment according to the first information. The configuration information of the security protection policy is indicated by the first information, so that the network device can consider the factors of the security protection policy when determining the SLRB configuration information, and the security protection policies corresponding to the QoS flows mapped on one SLRB are guaranteed to be the same. And ensuring that the AS layer realizes the security protection strategy of QoS flow granularity and ensuring the normal communication of the SL. And the QoS flow which does not need safety protection is prevented from being mapped to the SLRB supporting safety protection for transmission, so that higher implementation complexity and data transmission overhead brought by the SLRB supporting safety protection are reduced, and the communication quality and efficiency of the SL are further improved.

In one possible design, the configuration information of the security protection policy includes: a first security protection strategy corresponding to the first QoS flow; the first terminal equipment receives configuration information of a side uplink bearer (SLRB) from the network equipment, wherein the configuration information of the SLRB indicates that the first QoS flow corresponds to the first SLRB; and the first terminal equipment determines the first security protection strategy corresponding to the first SLRB according to the configuration information of the SLRB. The first information is reported to the network equipment by the first terminal equipment, and the first information comprises the first security protection strategy corresponding to the first QoS flow, so that the network equipment can consider the factors of the security protection strategy when establishing the SLRB aiming at the first QoS flow, and other QoS flows mapped on the SLRB mapped by the first QoS flow and the first QoS flow can be ensured to support the same security protection strategy. And ensuring that the AS layer realizes the security protection strategy of QoS flow granularity and ensuring the normal communication of the SL.

In one possible design, the first information indicates a first traffic type corresponding to the first QoS flow. For example, when the AS layer of the first terminal device receives the corresponding relationship between the service type and the security protection policy from the upper layer, the first terminal device may indicate, to the network device, the first service type corresponding to the first QoS flow using the first information reported by the first terminal device. After receiving the first information, the network device configures a corresponding SLRB for the first QoS flow according to the first information, and only QoS flows having the same service type as the first QoS flow are mapped to the same SLRB, so that it is ensured that only QoS flows supporting the same security protection policy as the first QoS flow are mapped to the same SLRB. In this case, the SLRB configuration information transmitted by the network device to the first terminal device does not need to indicate the first security protection policy of the first SLRB. The first terminal device determines that the security protection policy corresponding to the first SLRB is the first security protection policy according to the security protection policy corresponding to the first QoS flow mapped to the first SLRB.

Optionally, the configuration information of the security protection policy includes: the service type corresponding to the first QoS flow may be, for example, a first service type corresponding to the first QoS flow is indicated in the first information. Optionally, under the condition that the AS layer of the first terminal device receives the corresponding relationship between the service type and the security protection policy from the upper layer, the first terminal device may indicate, to the network device, the first service type corresponding to the first QoS flow by using the first information reported by the first terminal device. In this way, when configuring the SLRB for the QoS flow, the network device may refer to the information of the service type, so that the service types of the QoS flows configured on one SLRB are the same, that is, it may be ensured that the security protection policies of the QoS flows configured on one SLRB are the same.

In one possible design, the configuration information of the security protection policy includes: after receiving the first information, the network device configures a corresponding SLRB for the first QoS stream according to the first information, and only the QoS stream which is the same as the unicast connection of the first QoS stream is mapped to the same SLRB, so that only the QoS stream which supports the same security protection strategy as the first QoS stream is mapped to the same SLRB.

In one possible design, the configuration information for the SLRB indicates that one or more of the first QoS flows correspond to the first SLRB.

In a fifth aspect, a communication apparatus is provided, which may be a first terminal device, or an apparatus (e.g., a chip or a system of chips or a circuit) in the first terminal device, or an apparatus capable of being used with the first terminal device. In one design, the communication device may include a module corresponding to one or more of the methods/operations/steps/actions described in the first aspect, where the module may be implemented by hardware circuit, software, or a combination of hardware circuit and software. In one design, the communication device may include a processing module and a communication module. The processing module is used for calling the communication module to execute the receiving and/or sending functions. Exemplarily, the following steps are carried out:

the communication module is used for acquiring the configuration information of the side link bearing SLRB; the processing module is used for determining a first SLRB corresponding to a first quality of service (QoS) flow according to the configuration information of the SLRB; and means for establishing a second SLRB for the first QoS flow if the first SLRB is established and a first security protection policy corresponding to the first SLRB is different from a second security protection policy corresponding to the first QoS flow.

In one possible design, the processing module is specifically configured to determine, according to a correspondence between a QoS flow indicated by a V2X layer of the internet of vehicles and a security protection policy, that the security protection policy corresponding to the first QoS flow is a second security protection policy.

In a possible design, the communication module is further configured to send indication information to the second terminal device, where the indication information is used to indicate the second security protection policy corresponding to the second SLRB.

Other possible designs of the fifth aspect may refer to the description of the first aspect, and the beneficial effects of the fifth aspect may refer to the related description of the first aspect, which is not repeated herein.

In a sixth aspect, a communication apparatus is provided, which may be the first terminal device, or an apparatus (e.g., a chip, or a system of chips, or a circuit) in the first terminal device, or an apparatus capable of being used with the first terminal device. In one design, the communication device may include a module corresponding to one or more of the methods/operations/steps/actions described in the second aspect, where the module may be implemented by hardware circuit, software, or a combination of hardware circuit and software. In one design, the communication device may include a processing module and a communication module. The processing module is used for calling the communication module to execute the receiving and/or sending functions. Exemplarily, the following steps are carried out:

a communication module, configured to send first information to a network device, where the first information includes a first security protection policy corresponding to a first quality of service (QoS) flow; and receiving configuration information of a sidelink bearer (SLRB) from the network device, the configuration information of the SLRB indicating that the first QoS flow corresponds to the first SLRB; and the processing module is used for determining the first security protection strategy corresponding to the first SLRB according to the configuration information of the SLRB.

In one possible design, the processing module is specifically configured to determine, according to a correspondence between a QoS flow indicated by a V2X layer of the internet of vehicles and a security protection policy, that the security protection policy corresponding to the first QoS flow is the first security protection policy.

Other possible designs of the sixth aspect may refer to the description of the second aspect, and the beneficial effects of the sixth aspect may refer to the description of the second aspect, which is not repeated herein.

In a seventh aspect, a communication apparatus is provided, where the communication apparatus may be a first terminal device, an apparatus (e.g., a chip, or a system of chips, or a circuit) in the first terminal device, or an apparatus capable of being used with the first terminal device. In one design, the communication device may include a module corresponding to one or more of the methods/operations/steps/actions described in the third aspect, where the module may be implemented by hardware circuit, software, or a combination of hardware circuit and software. In one design, the communication device may include a processing module and a communication module. The processing module is used for calling the communication module to execute the receiving and/or sending functions. Exemplarily, the following steps are carried out:

a communication module, configured to obtain first information, where the first information includes a first security protection policy corresponding to a first quality of service (QoS) flow; the processing module is used for determining a second security protection strategy corresponding to the PC 5-Radio Resource Control (RRC) connection associated with the first QoS flow according to the first information; the communication module is further configured to send indication information to a second terminal device corresponding to the PC5 RRC connection, where the indication information is used to indicate a second security protection policy corresponding to the PC5 RRC connection.

For other possible designs of the seventh aspect, reference may be made to the description of the third aspect, and for beneficial effects of the seventh aspect, reference may be made to the description of the third aspect, which is not repeated herein.

In an eighth aspect, a communication apparatus is provided, which may be a network device, or an apparatus (e.g., a chip or a system of chips or a circuit) in a network device, or an apparatus capable of being used with a network device. In one design, the communication apparatus may include a module corresponding to one or more of the methods/operations/steps/actions described in the fourth aspect, where the module may be a hardware circuit, a software circuit, or a combination of a hardware circuit and a software circuit. In one design, the communication device may include a processing module and a communication module. The processing module is used for calling the communication module to execute the receiving and/or sending functions. Exemplarily, the following steps are carried out:

a communication module, configured to receive first information from a first terminal device, where the first information includes a correspondence between a first quality of service (QoS) flow and a first security protection policy; the processing module is used for determining the configuration information of the side link bearing SLRB according to the first information; a communication module, configured to send the configuration information of the SLRB to the first terminal device.

Other possible designs of the eighth aspect may refer to the description of the fourth aspect, and the beneficial effects of the eighth aspect may refer to the description of the fourth aspect, which is not repeated herein.

In a ninth aspect, a communication apparatus is provided, which includes a communication interface and a processor, wherein the communication interface is used for the communication apparatus to communicate with other devices, such as data or signal transceiving. Illustratively, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface, and the other device may be a network device or a second terminal device. The processor is configured to invoke a set of programs, instructions or data to perform the method described in any of the first to third aspects. The communication device may also include a memory for storing programs, instructions or data called by the processor. The memory is coupled to the processor, and the processor, when executing instructions or data stored in the memory, may implement the method described in any of the first to third aspects.

In a tenth aspect, a communication apparatus is provided, which includes a communication interface and a processor, wherein the communication interface is used for the communication apparatus to communicate with other devices, such as data or signal transceiving. Illustratively, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface, and the other device may be the first terminal device. The processor is configured to call a set of programs, instructions or data to perform the method described in the fourth aspect. The communication device may also include a memory for storing programs, instructions or data called by the processor. The memory is coupled to the processor, and the processor, when executing the instructions or data stored in the memory, may implement the method described in the fourth aspect above.

In a tenth aspect, this embodiment further provides a computer-readable storage medium, in which computer-readable instructions are stored, and when the computer-readable instructions are executed on a computer, the method according to any one of the first to third aspects is executed.

Twelfth, an embodiment of the present application further provides a computer-readable storage medium, having computer-readable instructions stored therein, which, when run on a computer, cause the method according to the fourth aspect to be performed.

In a thirteenth aspect, an embodiment of the present application provides a chip system, where the chip system includes a processor and may further include a memory, and is configured to implement the method according to any one of the first to third aspects. The chip system may be formed by a chip, and may also include a chip and other discrete devices.

In a fourteenth aspect, an embodiment of the present application provides a chip system, where the chip system includes a processor and may further include a memory, and is configured to implement the method in the fourth aspect. The chip system may be formed by a chip, and may also include a chip and other discrete devices.

In a fifteenth aspect, an embodiment of the present application provides a communication system, where the communication system includes a first terminal and a second terminal, and the first terminal is configured to perform the method according to any one of the first to third aspects. The second terminal is a terminal for the first terminal to perform the sidelink communication.

In one possible design, the communication system further includes a network device configured to perform the method as set forth in the fourth aspect or any one of the possible designs of the fourth aspect.

In a sixteenth aspect, there is provided a computer program product comprising instructions which, when run on a computer, causes the method according to any of the first to third aspects described above to be performed.

A seventeenth aspect provides a computer program product comprising instructions which, when run on a computer, causes the method according to the fourth aspect described above to be performed.

Drawings

FIG. 1 is a schematic diagram of a V2X communication architecture in an embodiment of the present application;

fig. 2 is a schematic diagram of a unicast connection establishment process in the embodiment of the present application;

fig. 3 is a schematic diagram of a corresponding relationship between unicast connection, service and QoS flow in the embodiment of the present application;

FIG. 4 is a flowchart illustrating a sidelink communications method according to an embodiment of the present application;

FIG. 5 is a second flowchart of a sidelink communications method according to the present application;

fig. 6 is a third schematic flowchart of a sidelink communication method according to the present application;

FIG. 7 is a fourth flowchart illustrating a sidelink communications method according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a communication device in an embodiment of the present application;

fig. 9 is a second schematic structural diagram of a communication device in the embodiment of the present application.

Detailed Description

The embodiment of the application provides a sidelink communication method and a device, aiming at improving the SL communication quality. The method and the device are based on the same or similar conception of the same technology, and because the principle of solving the problem by the method and the device is similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated. In the description of the embodiment of the present application, "and/or" describes an association relationship of associated objects, which means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. At least one referred to in this application means one or more; plural means two or more. In addition, it is to be understood that the terms first, second, third and the like in the description of the present application are used for distinguishing between the descriptions and are not to be construed as indicating or implying relative importance or order. Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.

The technical scheme provided by the application can be applied to a device to device (D2D) scene, and optionally can be applied to a vehicle to electronic (V2X) scene. For example, D2D may be D2D in a Long Term Evolution (LTE) communication system, D2D in a New Radio (NR) communication system, or D2D in other communication systems that may appear as technologies develop. Similarly, V2X may be LTE V2X, or NR V2X, or V2X in other communication systems that may appear as technology develops.

Illustratively, the V2X scenario may be embodied as any of the following systems: vehicle to vehicle communication (V2V), vehicle to vehicle communication (V2P), vehicle to network (V2N) traffic and vehicle to infrastructure communication (V2I), and so on.

Wherein one participant of V2N is a terminal device and the other participant is a service entity. V2N is the most widely used form of car networking, and its main function is to connect the vehicle to the cloud server through the mobile network, so as to provide navigation, entertainment, anti-theft functions through the cloud server.

Both participants of V2V are terminal devices. V2V may be used as an inter-vehicle information interaction reminder, the most typical application being for inter-vehicle collision avoidance safety systems.

Both participants of V2P are terminal devices. V2P may be used to provide safety warnings to pedestrians or non-motor vehicles on the road.

One participant in V2I is a terminal device and the other participant is an infrastructure (or infrastructure). V2I may be used for vehicle-to-infrastructure communications, e.g., where the infrastructure may be roads, traffic lights, roadblocks, etc., where road management information such as timing of traffic light signals may be obtained.

In the embodiment of the present application, both the sender and the receiver in V2X may be D2D devices or V2X devices. For example, both the transmitting end and the receiving end in V2X may be terminal devices.

The terminal device in this embodiment may also be referred to as a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), and the like, and is a device that provides voice or data connectivity to a user, and may also be an internet of things device. For example, the terminal device includes a handheld device, an in-vehicle device, and the like having a wireless connection function. The terminal device may be: mobile phone (mobile phone), tablet computer, notebook computer, palm computer, Mobile Internet Device (MID), wearable device (e.g. smart watch, smart bracelet, pedometer, etc.), vehicle-mounted device (e.g. car, bicycle, electric car, airplane, ship, train, high-speed rail, etc.), Virtual Reality (VR) device, Augmented Reality (AR) device, wireless terminal in industrial control (industrial control), smart home device (e.g. refrigerator, television, air conditioner, electric meter, etc.), smart robot, workshop device, wireless terminal in self drive (driving), wireless terminal in remote surgery (remote medical supply), wireless terminal in smart grid (smart grid), wireless terminal in transportation safety (transportation safety), wireless terminal in smart city (city), or a wireless terminal in a smart home (smart home), a flying device (e.g., a smart robot, a hot air balloon, a drone, an airplane), etc. The terminal may also be other terminal-capable devices, for example, a terminal may also be a device serving a terminal function in D2D communication or in car networking communication.

It should be understood that the terminal device in the embodiment of the present application may also refer to a chip in the terminal device, a communication apparatus, a unit or a module having a D2D or V2X communication function, and the like, such as an in-vehicle communication apparatus, an in-vehicle communication module or an in-vehicle communication chip.

In this embodiment, a network device is a node in a Radio Access Network (RAN), which may also be referred to as a base station and may also be referred to as a RAN node (or device). Currently, some examples of access network devices are: next generation base stations (gnbs), next generation evolved Node bs (Ng-enbs), Transmission Reception Points (TRPs), evolved Node bs (evolved Node bs, enbs), Radio Network Controllers (RNCs), Node Bs (NBs), Base Station Controllers (BSCs), Base Transceiver Stations (BTSs), home base stations (e.g., home evolved Node bs, or home Node bs, HNBs), Base Band Units (BBUs), or wireless fidelity (Wifi) Access Points (APs), network devices may also be satellites or future base stations, and satellites may also be referred to as platforms, aircrafts, or high altitude base stations. The network device may also be other network device enabled devices, for example, the network device may also be a device that functions as a network device in D2D communication or in car networking communication. The network device may also be a network device in a future possible communication system.

In some deployments, a network device may include Centralized Units (CUs) and Distributed Units (DUs). The network device may also include an Active Antenna Unit (AAU). The CU implements part of functions of the network device, and the DU implements part of functions of the network device, for example, the CU is responsible for processing non-real-time protocols and services, and implements functions of a Radio Resource Control (RRC) layer and a packet data convergence layer (PDCP) layer. The DU is responsible for processing a physical layer protocol and a real-time service, and implements functions of a Radio Link Control (RLC) layer, a Medium Access Control (MAC) layer, and a Physical (PHY) layer. The AAU implements part of the physical layer processing functions, radio frequency processing and active antenna related functions. Since the information of the RRC layer eventually becomes or is converted from the information of the PHY layer, the higher layer signaling, such as the RRC layer signaling, may also be considered to be transmitted by the DU or by the DU + AAU under this architecture. It is to be understood that the network device may be a device comprising one or more of a CU node, a DU node, an AAU node. In addition, the CU may be divided into network devices in an access network (RAN), or may be divided into network devices in a Core Network (CN), which is not limited in this application.

The embodiments of the present application will be described in detail below with reference to the accompanying drawings.

The scheme provided by the embodiment of the application is described by taking the application to a V2X scene as an example. Fig. 1 shows a schematic diagram of a V2X communication architecture 100. As shown in fig. 1, the V2X communication architecture 100 includes: V2X devices (e.g., V2X UE1 and V2X UE2 shown in fig. 1) and network devices. The V2X communication architecture 100 may also include a V2X application server. The V2X communication architecture includes two communication interfaces, namely a PC5 interface and a Uu interface. Among them, the PC5 interface is a direct communication interface between V2X UEs, and the direct communication link between V2X UEs is also defined as a sidelink or Sidechain (SL). Uu interface communication is a communication mode that a sender V2X UE (e.g., V2X UE 1) sends V2X data to a network device through a Uu interface, the data is sent to a V2X application server through the network device for processing, then the data is sent to the network device by the V2X application server, and the data is sent to a receiver V2X UE (e.g., V2X UE2) through the network device. In the Uu interface communication mode, the network device that forwards the uplink data of the sender V2X UE to the application server and the network device that forwards the downlink data sent by the application server to the receiver V2X UE may be the same network device or different network devices, and may be specifically determined by the application server. It should be understood that the transmission of the sender V2X UE to the network device is called Uplink (UL) transmission, which is denoted in fig. 1 by Uu UL; the transmission of the network device to the receiver V2X UE is called Downlink (DL) transmission and is indicated in fig. 1 by Uu DL.

Based on the description of the V2X communication architecture 100 shown in fig. 1, the sidelink communication method provided by the embodiment of the present application is described in detail below.

Before introducing the schemes, some descriptions of concepts, terms, or implementation flows mentioned in the embodiments of the present application are first introduced to facilitate better understanding of the schemes provided in the embodiments of the present application.

1) Access layer (AS) layer:

the AS layer of the terminal device may include one or more of a Radio Resource Control (RRC) layer, a Service Data Adaptation Protocol (SDAP) layer, a Packet Data Convergence Protocol (PDCP) layer, a Radio Link Control (RLC) layer, and a Media Access Control (MAC) layer. Optionally, the access layer may also include a Physical (PHY) layer.

The upper layer of the AS layer may refer to a layer above the AS layer of the terminal device, such AS the V2X layer, the application layer, or a layer between the V2X layer and the application layer.

2) Procedure for unicast connection establishment for SL communication:

in NR V2X R16, SL communication supports three communication modes, unicast, multicast, and broadcast. For unicast communication, a PC5-S connection needs to be established between two terminal devices, and a PC5-S connection may also be referred to as a PC5 unicast connection (unicast link) or a unicast connection. The PC5-S connection can be considered as a connection of the upper layers of the terminal device. The connection of the AS layer can be considered a PC5-RRC connection. When the PC5-S connection of the upper layer is established, the PC5-RRC connection corresponding to the AS layer is also considered to be established. In practical application, an additional process of establishing the PC5-RRC connection is not required, and after the establishment of the PC5-S connection is completed, the PC5-RRC message can be transmitted by directly adopting a SL signaling radio bearer (SL-SRB) with a predefined protocol. Specifically, the unicast connection establishment process is shown in fig. 2. Two terminal devices that need to establish a unicast connection are represented by UE1 and UE 2. Message 1 is a PC5-S connection establishment request message sent by UE1 to UE 2; message 2 is a security activation command message sent by the UE2 to the UE 1; message 3 is a security activation completion message fed back to UE2 by UE 1; message 4 is the PC5-S connection setup accept message fed back by the UE2 to the UE 1. During the PC5-S connection establishment, a corresponding security configuration is also established.

After the PC5-S connection at the upper layer of the terminal device is established, the terminal device allocates a unique PC5 connection identifier (PC5link identifier) inside the terminal device to each unicast connection. The upper layer of the terminal device provides unicast connection file (unicast link profile) information associated with each unicast connection to the AS layer. Specifically, the unicast link profile includes one or more of the following items of information: V2X traffic type; an application layer identifier (application layer ID) and a layer two identifier L2ID of the source terminal device; an application layer identifier (application layer ID) and a layer two identifier L2ID of the destination terminal equipment; unicast connection of a corresponding network layer protocol; a set of PC5 quality of service flow identifiers (PFIs) managed per V2X traffic type, each PFI being associated with a set of QoS parameters. The V2X service type may include a Provider Service Identifier (PSID) or an intelligent transportation system application identifier (ITS-AID).

3) PC5 quality of service flow (PC5 quality of service flow, PC5QoS flow): one PC5QoS flow is associated with one PFI. The PFI is an identifier assigned to the upper layer of the terminal device, and is used for uniquely identifying one QoS flow under a destination address (destination L2ID) of one layer two. A PFI may also be associated with a set of QoS files (profiles). The QoS profile may include one or more of the following parameters: PC5 interface 5G quality of service identification (PC 55G quality of service identifier, PQI), Guaranteed Flow Bit Rate (GFBR), Maximum Flow Bit Rate (MFBR), minimum required communication distance (range), Allocation and Reservation Priority (ARP), PC5LINK maximum aggregation bit rate (PC5LINK-aggregate maximum bit rate, PC5 LINK-AMBR), default values (default values), resource type (resource type), priority level (priority level), Packet Delay Budget (PDB), Packet Error Rate (PER), averaging window (QoS flow for GBR and Delay-critical GBR resource types), or maximum data burst (QoS flow for Delay-critical GBR resource types). The resource type may be, for example, Guaranteed Bit Rate (GBR), delay critical GBR (delay critical GBR), or Non-GBR (Non-GBR). In the embodiment of the present application, the PC5QoS flow may be referred to as QoS flow for short.

4) Sidelink radio bearer SLRB: is a bearer for data of the transmit and receive sidelink in layer two. The SLRB includes a Packet Data Convergence Protocol (PDCP) entity, a Radio Link Control (RLC) entity, a Logical Channel (LCH), or the like. One SLRB uniquely associates a set of address information including a source address identification (e.g., source L2ID) and a destination address identification (e.g., destination L2ID), and may also include a communication type (cast type). Where cast type may be unicast, multicast or broadcast.

5) In the embodiments of the present application, "support", "association", "corresponding", or "mapping" may indicate the same or similar meanings. When referring to "A supports B," it may refer to "A associates B," A corresponds to B, "or" A allows B. For example, a QoS flow supports a security protection policy, which may be understood as a security protection policy corresponding to the QoS flow; as another example, a QoS flow corresponds to an SLRB, which can be understood as a QoS mapping to an SLRB. The association relationship may also be referred to as a correspondence relationship, and a and B have an association relationship, which may be understood as a correspondence relationship.

6) Traffic, QoS flow or unicast connection relationship:

as shown in fig. 3, two terminal apparatuses performing SL communication are represented by UE a and UE B. An upper PC5-S unicast connection may include multiple V2X services (services) and multiple PCs 5QoS flows in each service, with different QoS flows distinguished by QoS flow identification (PFI) at the same destination address. For example, PC5-S unicast connection 1 includes two V2X services, V2X service a and V2X service B, respectively. Service a has PC5QoS flow 1 and PC5QoS flow 2, and service a has PC5QoS flow 3.

7) SLRB: the SLRB may include a SL-SRB and a sidelink data radio bearer (SL-DRB). In the embodiments of the present application, the description is mainly made with respect to SL-DRB.

8) And (3) security protection policy: including control plane and user plane security protection policies. Further, the integrity protection of the control plane and the encryption protection of the control plane, and the integrity protection of the user plane and the encryption protection of the user plane are included.

As shown in fig. 4, a specific flow of one of the sidelink communication methods provided in the embodiments of the present application is as follows.

S401: the first terminal device acquires the configuration information of the SLRB.

The configuration information of the SLRB may include a mapping relationship between the QoS parameter and the SLRB. One or more QoS parameters may be mapped on one SLRB. For example, the first QoS parameter corresponds to a first SLRB, and the first QoS parameter corresponds to a first QoS flow.

It will be appreciated that the QoS parameters include a QoS flow identification (e.g., QoS flow ID or PFI), and the QoS parameters may also include a QoS file, such as any one or more of the QoS files described in point 3 above.

S402: and the first terminal equipment determines a first SLRB corresponding to the first QoS flow according to the configuration information of the SLRB.

S403: and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal equipment establishes a second SLRB aiming at the first QoS flow.

By the judgment process of whether the security protection strategies are the same when the SLRB is established for the QoS flow, the condition that the QoS flows corresponding to different security protection strategies are mapped to the same SLRB can be avoided. When the SLRB configuration information configured by the network device maps QoS streams supporting different security protection policies to the same SLRB, the terminal device can establish multiple SLRBs for the QoS streams supporting different security protection policies by modifying the establishment flow of the SLRB, thereby ensuring that the AS layer implements the security protection policy of QoS stream granularity and ensuring normal communication of the SL.

An alternative implementation of the embodiment of fig. 4 is described in detail below.

The embodiment shown in fig. 4 may be applied to the first terminal device in an RRC connected state, an RRC inactive state, an RRC idle state, and an out-of-coverage (OOC) state of the Uu interface. Generally, before the first terminal device performs SL communication, the first terminal device may acquire configuration information of the SLRB from the network device.

When the first terminal is in the RRC connected state of the Uu interface, the first terminal may receive an RRC message from the network device, where the RRC message carries the configuration information of the SLRB, and for example, the RRC message may be an RRC reconfiguration message.

When the first terminal is in an RRC inactive state or an RRC idle state, the first terminal may receive a system message from the network device, where the system message carries configuration information of the SLRB, and for example, the system message may be a System Information Block (SIB).

When the first terminal device is in an out-of-coverage OOC state, the first terminal device may acquire pre-configured (pre-configured) SLRB configuration information. Optionally, the preconfigured SLRB configuration information may be pre-stored in the first terminal device local chip.

After the first terminal device obtains the SLRB configuration, the AS layer of the first terminal device may establish a corresponding SLRB for the QoS flow, for example, the RRC layer may trigger the establishment process of the SLRB.

An optional implementation manner for the first terminal device to obtain the second security protection policy corresponding to the first QoS flow is described below. The method can be applied to the first terminal device obtaining the security protection policy corresponding to any QoS flow, and is applied to the first terminal device obtaining the part of the security protection policy corresponding to the QoS flow in any embodiment of the present application.

From the AS layer perspective, different security protection policies need to be configured to support different traffic types (or different QoS flows) within one PC5-RRC connection. It will be appreciated that at this point, one PC5-RRC connection and one unicast connection (PC5-S connection) are in a one-to-one correspondence, each uniquely associating a pair of source address (source L2ID) and destination address (destination L2 ID).

The AS layer of the first terminal device may obtain the indication information of the security protection policy from an upper layer (e.g., the V2X layer), and for distinction, the indication information is denoted AS the first indication information. The V2X layer sends first indication information to the AS layer, where the first indication information may indicate the correspondence between the QoS flows and the security protection policies, i.e. the first indication information is used to indicate the security protection policy corresponding to each (per) QoS flow. The first terminal device may determine a security protection policy corresponding to the first QoS flow according to the first indication information.

Optionally, the first indication information may also indicate a security protection policy corresponding to each service (per service) type. The first terminal device may determine a first service type corresponding to the first QoS flow, and determine, according to the first indication information, that the security protection policy corresponding to the first service type is the security protection policy corresponding to the first QoS flow.

The V2X layer may send the first indication information to the AS layer at the QoS flow granularity or at the traffic granularity. The first indication information sent by the V2X layer to the AS layer may indicate one or more of the following information for each (per) QoS flow, or indicate one or more of the following information for each service (per service):

(1) user plane integrity protection information. Illustratively, it may be required (required), preferred (preferred) or not required (not required/off). Illustratively, it may be required or not required (not required/off), and may be indicated by 1 bit (bit).

(2) The user plane encrypts the protection information. Illustratively, it may be required (required), preferred (preferred) or not required (not required/off). Illustratively, it may be required or not required.

(3) Control plane integrity protection information. Illustratively, it may be required (required), preferred (preferred) or not required (not required/off). Illustratively, it may be required or not required.

(4) The control plane encrypts protection information. Illustratively, it may be required (required), preferred (preferred) or not required (not required/off). Illustratively, it may be required or not required.

(5) Integrity protected algorithms and/or configuration parameters.

(6) Encryption protected algorithms and/or configuration parameters.

When three options are included in the security protection policy, i.e. required, preferred, or not required (not required/off), the two options may be indicated by 2 bits (bit), for example, 11 indicates required, 10 indicates inclined, and 00 indicates not required. When two options are included in the security protection policy, i.e. required or not required (not required/off), a 1 bit (bit) may be used to indicate, for example, 1 is used to indicate required and 0 is used to indicate not required.

When the network device configures the configuration information of the SLRB for the first terminal, the network device may not consider the security protection policy corresponding to the QoS flow. Therefore, when the network device configures the SLRB, QoS flows supporting different security protection policies may be mapped onto the same SLRB. Illustratively, the configuration information of the SLRB configured by the network device includes mapping relationships of QoS files to SLRBs, different QoS flows may be associated with the same QoS file under the same destination address, for example, QoS flows with the same QoS file requirement may exist for different services, and these QoS flows support different security protection policies, the upper layer of the first terminal device represents different QoS flows by different PFIs, and different QoS flows represented by different PFIs support different security protection policies, but are mapped to the same SLRB by the network device configuration.

Based on this, the procedure for the first terminal device to establish the SLRB for the first QoS flow may be implemented in the following manner.

The first terminal device may determine a first SLRB corresponding to the first QoS flow according to the configuration information of the SLRB.

And if the first SLRB corresponding to the first QoS flow is not established, the first terminal equipment establishes the first SLRB aiming at the first QoS flow and transmits the side link data of the first QoS flow on the first SLRB.

If the first SLRB corresponding to the first QoS flow is established, the first terminal needs to determine a security protection policy corresponding to the first SLRB, and record the security protection policy as the first security protection policy. The first SLRB is already established, which means that the first terminal establishes the first SLRB for another QoS flow (denoted as a second QoS flow) before, and the security protection policy corresponding to the first SLRB is the security protection policy corresponding to the second QoS flow. The security protection policy corresponding to the second QoS flow may be determined by the first indication information of the upper layer, similarly to the determination method of the security protection policy corresponding to the first QoS flow. The first terminal judges whether a first security protection policy corresponding to the first SLRB is the same as a second security protection policy corresponding to the first QoS flow. And if the two QoS flows are the same, the first terminal maps the first QoS flow onto the first SLRB, and the first SLRB transmits the side link data of the first QoS flow and the second QoS flow. And if the difference is not the same, the first terminal establishes a second SLRB aiming at the first QoS flow and transmits the side link data of the first QoS flow on the second SLRB. Of course, the first terminal may transmit the sidelink data for the second QoS flow on the first SLRB.

The first security protection policy and the second security protection policy which are different may refer to: and partial information in the first security protection strategy and the second security protection strategy is different, or all information in the first security protection strategy and the second security protection strategy is different.

Optionally, the configuration parameters of the PDCP entity, the RLC entity and the LCH of the second SLRB and the first SLRB may be the same. A Logical Channel Identifier (LCID) of the second SLRB may be different from that of the first SLRB. It can be understood that the LCID configuration parameter may not be included in the SLRB configuration information acquired by the first terminal device.

The configuration information of one SLRB may be associated with a plurality of LCHs. The second SLRB and the first SLRB may be considered as bearers different in LCID established based on the configuration information of the same SLRB.

In S403, the first terminal device establishes a second SLRB for the first QoS flow, where the first QoS flow corresponds to the second security protection policy, and then the second SLRB corresponds to the second security protection policy.

The second SLRB corresponds to a second security protection policy, which may be understood as all sidelink data transmitted on the second SLRB adopts the second security protection policy.

Optionally, before S403 or at the same time as S403, S404 may be further included.

S404: and the first terminal equipment sends the second indication information to the second terminal equipment, and the second terminal equipment receives the second indication information from the first terminal equipment.

The second indication information is used for indicating a second security protection policy corresponding to the second SLRB.

Optionally, after receiving the second indication information, the second terminal device may send a completion message to the first terminal device, and the first terminal device really establishes the second SLRB after receiving the completion message.

The second security protection strategy mainly relates to a user plane security protection strategy, and comprises a user plane integrity protection strategy and a user plane encryption protection strategy. The second indication information may indicate three strategies of required (required), preferred (preferred) or not required (not required/off), and may indicate the three strategies by 2 bits (bit), for example. For example, 11 indicates required, 10 indicates inclined, and 01 indicates not required.

The second indication information may also indicate that both (required) and (not required/off) strategies are required, and may indicate the two strategies by 1 bit (bit), for example. For example, 1 indicates needed and 0 indicates not needed.

If the AS layer of the first terminal device obtains the security protection policy indicated by 2 bits from the upper layer, that is, the 2 bits may indicate one of three policies (required, inclined, or not required). Optionally, in this case, the AS layer of the first terminal device needs to convert the security policy indicated by 2 bits provided by the upper layer of the first terminal device into the security policy indicated by 1 bit, where 1 bit indicates two policies: either required or not. The AS layer of the first terminal needs to convert the trend into needed or not needed when the security policy acquired by the AS layer of the first terminal device from the upper layer is a trend.

In an optional manner, the second indication information may be carried in a PC5-RRC message, the second terminal device receives the PC5-RRC message from the first terminal device, determines a second security protection policy corresponding to the second SLRB according to the second indication information carried in the PC5-RRC message, and the second terminal device adopts the second security protection policy for all sidelink data received on the second SLRB. Specifically, the second indication information is associated with the SLRB configuration information included in the PC5-RRC message, for example, the second indication information is associated with the PDCP configuration.

In another alternative, the second indication information may be carried in a data packet. For example, the second indication information is a PDCP PDU format (format), the first terminal device sends a data packet corresponding to the first QoS flow to the second terminal device on the second SLRB, and the second security protection policy is indicated by the PDCP PDU format. For example, the second SLRB supports user plane ciphering protection or user plane integrity protection, and a PDCP header (header) corresponding to the second SLRB includes a MAC-I and/or a key identifier (key ID), where the MAC-I and/or the key ID indicates a required (required); otherwise, if the SLRB does not support ciphering and integrity protection, the PDCP header corresponding to the second SLRB does not include the MAC-I and the key ID, indicating that no need exists (not required/off). The second terminal device determines whether to perform ciphering protection and integrity protection upon receiving the second SLRB according to whether a MAC-I and/or a key ID are included in a PDCP PDU format (PDCP header).

It is understood that the first terminal device indicates the security protection policy of each SLRB to the second terminal device with the SLRB as a granularity. The indication manner of the security protection policy of each SLRB may indicate the manner of the second security protection policy of the second SLRB with reference to the second indication information. One indication information may indicate a security protection policy of one or more SLRBs. If the security protection policies of the plurality of SLRBs are indicated by one indication information, the indication information may indicate a correspondence relationship between the SLRBs and the security protection policies.

Optionally, for the security protection policy of the SRB, as long as the control plane integrity protection policy corresponding to one QoS flow in the PC5 RRC connection is needed or inclined, the SL-SRBs corresponding to the corresponding PC5 RRC connection all need integrity protection. The encryption protection strategy of SRB is similar. It is understood that SL-SRBs include SL-SRBs carrying PC5-RRC messages and SL-SRBs carrying PC5-S messages.

The first terminal device may trigger the setting up SLRB for a plurality of QoS flows, and the method of triggering the setting up SLRB for each QoS flow may refer to the method of setting up SLRB for the first QoS flow described above. If the setup of the SLRB is triggered for a plurality of QoS flows, as shown in fig. 5, the sidelink communication method may be described as follows.

S501: the first terminal device acquires the configuration information of the SLRB.

Wherein the SLRB configuration information includes M QoS parameters. The QoS parameters may refer to the introduction of S401.

The first terminal device may acquire the configuration information of the SLRB through an RRC message, an SIB message, or a pre-configuration. The state of the first terminal device may be an RRC connected state, an RRC inactive state, an RRC idle state, or an OOC state. The details of this step may be described in the embodiment of fig. 4 for obtaining the SLRB configuration information.

S502: the first terminal device determines that, among the M QoS parameters corresponding to the first destination address, the security protection policies supported by the QoS flows corresponding to the N QoS parameters are different.

The security protection policy may be different in part or in whole.

Wherein M, N is an integer greater than 1, and M and N may be the same or different.

The first destination address may correspond to a PC5-RRC connection.

Specifically, the AS layer of the first terminal device may determine, through information obtained from an upper layer, an association relationship between a QoS flow corresponding to the QoS parameter and a security protection policy, and determine, according to the association relationship and the configuration information of the SLRB, that security protection policies supported by QoS flows corresponding to at least two QoS parameters among the M QoS parameters at the first destination address are different.

S503: the first terminal device establishes N SLRBs aiming at QoS flows corresponding to N QoS parameters under a first destination address, wherein the QoS flows corresponding to the N QoS parameters corresponding to the first destination address correspond to the N SLRBs one by one.

It should be understood that QoS flows corresponding to other M-N QoS parameters may also be mapped to corresponding N SLRBs according to the configuration of the acquired SLRB.

For example, the SLRB configuration information includes

QoS parameters

1, 2, and 3, and then QoS flow 1 corresponding to QoS parameter 1 and QoS flow 2 corresponding to QoS parameter 2 both support security protection policy 1, for example, as needed; the QoS flow corresponding to QoS parameter 3 supports security protection policy 2, e.g., is not required. The first terminal device establishes SLRB1 for QoS flow 1 and QoS flow 2 and SLRB2 for QoS flow 3.

With the embodiment of fig. 5, the first terminal device establishes multiple SLRBs for one destination address based on one SLRB configuration, so that it can be ensured that all QoS streams mapped to one SLRB correspond to the same security protection policy, and thus SL transmission can be performed normally.

Optionally, S504 may be included before S503 or at the same time as S503.

S504: and the first terminal equipment sends third indication information to the second terminal equipment, and the second terminal equipment receives the third indication information from the first terminal equipment.

The third indication information is used for indicating a security protection policy corresponding to each SLRB in the N SLRBs.

Optionally, after receiving the second indication information, the second terminal device may send a completion message to the first terminal device, and the first terminal device really establishes the SLRB after receiving the completion message.

The security protection strategy corresponding to the SLRB is the same as the security protection strategy corresponding to the QoS flow on the SLRB, and through the design of the application, the security protection strategies corresponding to all the QoS flows corresponding to the same SLRB can be guaranteed to be the same.

The format and the indication mode of the third indication information may refer to the second indication information. The second indication information indicates a second security protection policy corresponding to the second SLRB, and similarly, the security protection policy of any one SLRB may be indicated in this manner.

In one possible design, if the first terminal device obtains the security protection policy corresponding to the service type granularity from an upper layer (e.g., the V2X layer), that is, the security protection policy corresponding to each service type. Based on the embodiment of fig. 4, based on the same technical concept, one possible alternative way of S403 is that, if the first SLRB is already established and the first service type corresponding to the first SLRB is different from the second service type corresponding to the first QoS flow, the first terminal device establishes a second SLRB for the first QoS flow. Or, based on the embodiment of fig. 5, based on the same technical idea, a possible alternative is that, in S502, the first terminal device determines that, among the M QoS parameters corresponding to the first destination address, service types corresponding to QoS flows corresponding to N QoS parameters are different. For example, the SLRB configuration information includes

QoS parameters

1, 2, and 3, and then QoS flow 1 corresponding to QoS parameter 1 and QoS flow 2 corresponding to QoS parameter 2 correspond to the same service type 1; the QoS flow corresponding to the QoS parameter 3 corresponds to the service type 2. The first terminal device establishes SLRB1 for QoS flow 1 and QoS flow 2 and SLRB2 for QoS flow 3.

In one possible scenario, one PC5-RRC connection associates a pair of source address (source L2ID) and destination address (destination L2ID), but multiple unicast connections (unicast links) of the upper layer may correspond to the same PC5-RRC connection, that is, multiple unicast connections may correspond to the same pair of source address (source L2ID) and destination address (destination L2 ID). The first end device may obtain a security protection policy corresponding to the unicast connection granularity from an upper layer (e.g., layer V2X). The embodiments of fig. 4 and 5 described above may be applied to such a scenario. For the application scenario, the embodiment of the present application further provides a possible design, and based on the same technical idea on the basis of the embodiment of fig. 4, a possible alternative is that, if the first SLRB is already established and a first unicast connection corresponding to the first SLRB is different from a second unicast connection corresponding to the first QoS stream, the first terminal device establishes a second SLRB for the first QoS stream. Or, in this scenario, based on the embodiment of fig. 5, based on the same technical idea, a possible alternative is that, in S502, the first terminal device determines that, among the M QoS parameters corresponding to the first destination address, unicast connections corresponding to QoS streams corresponding to N QoS parameters are different. For example, the SLRB configuration information includes

QoS parameters

1, 2, and 3, and then QoS flow 1 corresponding to QoS parameter 1 and QoS flow 2 corresponding to QoS parameter 2 correspond to the same unicast connection 1; the QoS flow corresponding to QoS parameter 3 corresponds to unicast connection 2. The first terminal device establishes SLRB1 for QoS flow 1 and QoS flow 2 and SLRB2 for QoS flow 3.

Based on the same technical concept, as shown in fig. 6, a specific flow of a second sidelink communication method provided by the embodiment of the present application is as follows.

S601: the first terminal device sends the first information to the network device, and the network device receives the first information from the first terminal device.

The first information indicates a first security protection policy corresponding to a first quality of service, QoS, flow.

When the terminal device is in the RRC connected state, the first information sent to the network device may be carried in a Sidelink UE Information (SUI) message. The SUI message is used to request SLRB configuration. The SUI message includes the content included in the first information.

It should be understood that the reporting mode of the first information may be a full information reporting mode (full information reporting) or a delta information reporting mode (delta information reporting). The complete information reporting means that: if the first information reported before is still in an effective state at the current reporting time, the first information still needs to be reported again at the current reporting time. The mode of reporting the incremental information means that only the first information which is changed latest is included in the first information content reported each time.

S602: the network equipment sends the configuration information of the SLRB to the first terminal, and the first terminal equipment receives the configuration information of the SLRB from the network equipment.

The configuration information of the SLRB indicates that the first QoS flow corresponds to the first SLRB.

It can be understood that the first terminal device may report the security protection policy corresponding to each QoS flow to the network device, that is, report the security protection policy with the QoS flow as a granularity, for example, indicate the security protection policy corresponding to the QoS flow under the QoS flow ID. The network device may obtain security protection policies corresponding to the QoS streams, respectively. The network device may refer to the information of the security protection policy when configuring the SLRB for the QoS flow according to the security protection policy corresponding to each QoS flow, so that the security protection policies of the QoS flows configured on one SLRB are the same.

After receiving the first information, the network device configures a corresponding SLRB for the first QoS flow according to the first information, and only QoS flows that support the same security protection policy as the first QoS flow are mapped to the same SLRB.

S603: and the first terminal equipment determines a first security protection strategy corresponding to the first SLRB according to the configuration information of the SLRB.

The first terminal equipment determines that the first QoS flow is mapped to the first SLRB according to the configuration information of the SLRB, and determines a first security protection strategy corresponding to the first SLRB according to the first security protection strategy corresponding to the first QoS flow.

Optionally, the configuration information of the SLRB may indicate a first security protection policy corresponding to the first SLRB. For example, it may be indicated by 2 bits that the first security protection policy corresponding to the first SLRB is one of the three options of needed, inclined, or not needed, or it may be indicated by 1 bit that the first security protection policy corresponding to the first SLRB is one of needed or not needed. If the configuration information of the SLRB indicates the first security protection policy of the first SLRB by 2 bits, the first terminal device needs to convert the security policy indicated by the 2 bits into the security policy indicated by the 1 bit according to the configuration information of the SLRB. The 1 bit indicates one of two policies (required or not), the first terminal needs to convert the inclination to required or not when the security policy indicated by the configuration information of the SLRB is the inclination.

In summary, in the embodiment of fig. 6, the first terminal device reports the first information to the network device, where the first information includes the first security protection policy corresponding to the first QoS flow, so that the network device can consider the factor of the security protection policy when establishing the SLRB for the first QoS flow, and ensure that other QoS flows mapped on the SLRB to which the first QoS flow is mapped support the same security protection policy as the first QoS flow. And ensuring that the AS layer realizes the security protection strategy of QoS flow granularity and ensuring the normal communication of the SL.

Optionally, when the first terminal determines that the security policies of the QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal sends a first failure message to the network device, where the first failure message is used to indicate that the SLRB configuration information is incorrect. It is to be appreciated that the first failure message can be an RRC reconfiguration failure message or other RRC message.

Optionally, when the first terminal determines that the security policies of the QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal may perform the SLRB establishment procedure according to fig. 4 or fig. 5.

Optionally, after S603, one or more steps from S604 to S606 are further included.

S604, the first terminal device establishes a first SLRB for the first QoS flow according to the configuration information of the SLRB.

S605: the first terminal device sends the indication information to the second terminal device, and the second terminal device receives the indication information from the first terminal device.

The indication information is used for indicating a first security protection policy corresponding to the first SLRB.

It is understood that S604 and S605 are not in a strict order of execution, and S605 may be executed before S604, or S605 and S604 may be executed simultaneously.

Specifically, in S604, the first terminal triggers the establishment of the first SLRB. Optionally, in S605, the second terminal device may send the completion information to the first terminal device after receiving the indication information, and the first terminal device really establishes the first SLRB after receiving the completion information.

In this step, reference may be made to the description of S404, where the indication information indicates details of the first security protection policy, and reference may be made to the description of S404 where the second indication information indicates the second security protection policy. The repetition is not described in detail.

S606: the first terminal device performs SL communication with the second terminal device on the established first SLRB.

The first SLRB may refer to a SL-DRB, and the SL communication in this step may indicate transmission of a data packet.

S605 and S606 may be performed synchronously, or S605 is implemented in the step of S606. For example, if the indication information is carried in a packet, the first terminal device transmits the indication information to the second terminal device during the SL communication with the second terminal device on the first SLRB. The first SLRB may include a SL-SRB, and if the indication information is carried in the PC5-RRC message, the first terminal device sends the indication information to the second terminal device on the SL-SRB.

When the indication information is carried in the PC5-RRC message, the indication information may be 1 bit for indicating that the first security protection policy is required or not. When the first security protection policy of the first SLRB acquired by the first terminal device is a tendency, the first terminal device may convert the tendency into a need or a non-need.

It is understood that in S601 to S603 and S605, the protection requirement scheme of the embodiment of the present application can also be formed. The first terminal sends the indication information to the second terminal, and the second terminal may determine the first security protection policy corresponding to the first SLRB according to the indication information, so as to implement the security protection procedure for the first SLRB according to the first security protection policy.

Optionally, the first terminal device may obtain the first security protection policy corresponding to the first QoS flow from an upper layer (e.g., a V2X layer), and the obtaining method may refer to an implementation manner of obtaining the second security protection policy corresponding to the first QoS flow for the first terminal device in fig. 4. The repetition is not described in detail.

Based on the embodiment of fig. 6, based on the same technical idea, in S601, the first terminal device may indicate, in the first information, the first service type corresponding to the first QoS flow. For example, when the AS layer of the first terminal device receives the corresponding relationship between the service type and the security protection policy from the upper layer, the first terminal device may indicate, to the network device, the first service type corresponding to the first QoS flow using the first information reported by the first terminal device.

Specifically, the first service type may be a PSID or an ITS-AID, and the first service type may also be an internally unique local identification or index (local index/ID) assigned by the first terminal device.

It can be understood that the first terminal device may report the service types respectively corresponding to the QoS flows to the network device. When configuring the SLRB for the QoS flow, the network device refers to the information of the service type, so that the service types of the QoS flows configured on one SLRB are the same, that is, it can be ensured that the security protection policies of the QoS flows configured on one SLRB are the same.

After receiving the first information, the network device configures a corresponding SLRB for the first QoS flow according to the first information, and only QoS flows having the same service type as the first QoS flow are mapped to the same SLRB, so that it is ensured that only QoS flows supporting the same security protection policy as the first QoS flow are mapped to the same SLRB.

In this case, the SLRB configuration information transmitted by the network device to the first terminal device does not need to indicate the first security protection policy of the first SLRB. The first terminal device determines that the security protection policy corresponding to the first SLRB is the first security protection policy according to the security protection policy corresponding to the first QoS flow mapped to the first SLRB.

Optionally, when the first terminal determines that the service types of the multiple QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal sends a first failure message to the network device, where the first failure message is used to indicate that the SLRB configuration information is incorrect. It is to be appreciated that the first failure message can be an RRC reconfiguration failure message or other RRC message.

Optionally, when the first terminal determines that the service types of the multiple QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal may perform the SLRB establishment procedure according to fig. 4 or fig. 5.

The above-described fig. 6 embodiment may be applied in scenario 1 below: one PC5-RRC connection and one unicast connection (PC5-S connection) may be in a one-to-one correspondence, each uniquely associating a pair of source address (source L2ID) and destination address (destination L2 ID). In another possible scenario 2, one PC5-RRC connection associates a pair of source address (source L2ID) and destination address (destination L2ID), but multiple unicast connections at the upper layer may correspond to the same PC5-RRC connection, that is, multiple unicast connections may correspond to the same pair of source address (source L2ID) and destination address (destination L2 ID). The embodiment of fig. 6 described above may be applied to scenario 2. In this scenario 2, based on the embodiment of fig. 6, based on the same technical idea, in S601, the first terminal device may indicate, in the first information, the first unicast connection corresponding to the first QoS flow. The information of the first unicast connection may be a connection identifier (link identifier), or the information of the first unicast connection may also be an internally unique local identifier or index (local index/ID) assigned by the first terminal.

The first terminal device may obtain a first security protection policy corresponding to the first unicast connection from an upper layer (e.g., a V2X layer), and the obtaining method may refer to an implementation manner of obtaining, in the embodiment in fig. 4, a second security protection policy corresponding to the first QoS flow for the first terminal device.

It is to be understood that the first terminal device may report the unicast connections corresponding to the QoS streams to the network device. When configuring the SLRB for the QoS flow, the network device refers to the information of the unicast connection corresponding to the QoS flow, so that the unicast connections of the QoS flow configured on one SLRB are the same, that is, it can be ensured that the security protection policies of the QoS flow configured on one SLRB are the same.

After receiving the first information, the network device configures a corresponding SLRB for the first QoS flow according to the first information, and only QoS flows that are the same as the unicast connection of the first QoS flow are mapped to the same SLRB, so that it is ensured that only QoS flows that support the same security protection policy as the first QoS flow are mapped to the same SLRB.

Optionally, when the first terminal determines that the unicast connections of the QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal sends a first failure message to the network device, where the first failure message is used to indicate that the SLRB configuration information is incorrect. It is to be appreciated that the first failure message can be an RRC reconfiguration failure message or other RRC message.

Optionally, when the first terminal determines that the unicast connections of the QoS streams corresponding to the first SLRB are different according to the configuration information of the SLRB, the first terminal may perform the SLRB establishment procedure according to fig. 4 or fig. 5.

Optionally, for the security protection policy of the SRB, as long as there is a control plane integrity protection policy corresponding to a unicast connection in the PC5 RRC connection that is needed or inclined, the SL-SRBs corresponding to the corresponding PC5 RRC connection all need integrity protection. The encryption protection strategy of SRB is similar. It is understood that SL-SRBs include SL-SRBs carrying PC5-RRC messages and SL-SRBs carrying PC5-S messages.

Based on the same technical concept, as shown in fig. 7, a specific flow of a third sidelink communication method provided by the embodiment of the present application is as follows.

S701: the first terminal device acquires the first information.

The first information comprises a security protection policy corresponding to each of one or more QoS flows. For example, the first information may include a first security protection policy corresponding to the first QoS flow. The first QoS flow is any one of one or more QoS flows.

The upper layer of the AS layer of the first terminal device indicates the correspondence between the QoS flow and the security protection policy to the AS layer. The AS layer of the first terminal device obtains the corresponding relation between the QoS flow and the security protection strategy from the upper layer.

This step may refer to the description that the AS layer of the first terminal device in the embodiment of fig. 4 obtains the indication information of the security protection policy from an upper layer (e.g., the V2X layer), where the first information is the first indication information in the embodiment of fig. 4. The repetition is not described in detail.

S702: and the first terminal determines a second security protection strategy corresponding to the PC5-RRC connection associated with the first QoS flow according to the first information.

From the AS layer perspective, only one set of security protection policies is supported within one PC5-RRC connection. One PC5-RRC connection and one unicast connection (PC5-S connection) are in a one-to-one correspondence, each uniquely associating a pair of source address (source L2ID) and destination address (destination L2 ID).

Since a PC5-RRC connection may include one or more QoS flows, the AS layer of the first terminal device obtains a security protection policy corresponding to each of the one or more QoS flows from an upper layer. When a PC5-RRC connection includes a QoS flow, the security protection policy corresponding to the QoS flow is the security protection policy corresponding to the PC5-RRC connection.

When one PC5-RRC connection includes a plurality of QoS flows, security protection policies corresponding to the QoS flows may be different, and the first terminal device determines a second security protection policy corresponding to the PC5-RRC connection according to the first information.

Based on this, the first terminal device may determine the second security protection policy corresponding to the PC5-RRC connection as follows.

Mode 1: if a first security protection policy corresponding to any one of the one or more first QoS flows is required, the second security protection policy is required; if the first security protection strategies corresponding to the one or more first QoS flows are not needed, and the first security protection strategy corresponding to any one of the one or more first QoS flows is inclined, the second security protection strategy is inclined; and if the first security protection strategies corresponding to one or more first QoS flows are not needed and not inclined, the second security protection strategy is not needed for not needed.

In this manner 1, the second security protection policy may be indicated by 2 bits, the second security protection policy being one of required, inclined or not required.

Mode 2: if the first security protection strategy corresponding to any one of the one or more first QoS flows is needed or inclined, the second security protection strategy is needed; and if the first security protection strategies corresponding to the one or more first QoS flows are not needed and not inclined, the second security protection strategy is not needed.

In this manner 2, the second security protection policy may be indicated by 1 bit, and the second security protection policy may be one of required and unnecessary. Optionally, after S702, S703 is further included.

S703: the first terminal device sends indication information to a second terminal device associated with the PC5 RRC connection, wherein the indication information is used for indicating a second security protection strategy corresponding to the PC5 RRC connection.

The specific manner in which the indication information indicates the second security protection policy corresponding to the PC5 RRC connection in this step is similar to the method in which the second indication information indicates the second security protection policy corresponding to the second SLRB in S404, except that the granularity of the security protection policies is different, and other parts may be referred to each other.

For example, the indication information may be carried in a PC5-RRC message, the second terminal device receives the PC5-RRC message from the first terminal device, and determines a second security protection policy corresponding to the PC5 RRC connection according to the second indication information carried in the PC5-RRC message. The second terminal device employs a second security protection policy for all sidelink data received over the PC5 RRC connection.

For another example, the indication information may be carried in a data packet. The indication information may be a PDCP PDU format (format), the first terminal device sends a data packet to the second terminal device on the PC5 RRC connection, and the second security protection policy is indicated by the PDCP PDU format of all SLRBs on the PC5 RRC connection. For example, the PC5 RRC connection supports user plane ciphering protection or user plane integrity protection, and the PDCP header (header) corresponding to all SLRBs corresponding to the PC5 RRC connection includes MAC-I and/or key identification (key ID) indicating required (required); otherwise, if the PC5 RRC connection does not support ciphering protection and integrity protection, then the corresponding PDCP header of the PC5 RRC connection all SLRBs does not include MAC-I and does not include key ID, indicating that no (not needed/off). The second terminal device determines whether to perform ciphering protection and integrity protection upon receiving a packet on the PC5 RRC connection according to whether a MAC-I and/or key ID is included in a PDCP PDU format (PDCP header).

It can be seen that, in the embodiment of fig. 7, after the AS layer of the first terminal device obtains the first security protection policies corresponding to the one or more first QoS flows from the upper layer, the AS layer determines a second security protection policy of the PC5-RRC connection according to the first security protection policies corresponding to the one or more first QoS flows, where the second security protection policy may be different from the first security protection policy.

If the first terminal device is in the RRC connected state, after S702, before S703, S704 and S705 may also be included.

S704: the first terminal device reports a second security protection strategy corresponding to the PC5-RRC connection associated with the first QoS flow to the network device, and the network device receives the second security protection strategy corresponding to the PC5-RRC connection associated with the first QoS flow reported from the first terminal device.

And the network equipment determines a third security protection policy corresponding to the PC5-RRC connection associated with the first QoS flow according to the second security protection policy.

In the above mode 2, if the second security protection policy is indicated by 1 bit, the network device keeps the second security protection policy determined by the first terminal device unchanged, that is, the third security protection policy is the second security protection policy.

In the above mode 1, the second security protection policy is indicated by 2 bits, and the network device may configure the second security protection policy as needed or not needed when the second security protection policy is a trend, so that the third security protection policy may be indicated by 1 bit, and specifically indicate a policy that is needed or not needed.

S705: the network device sends a third security protection policy corresponding to the PC5-RRC connection associated with the first QoS flow to the first terminal device, and the first terminal device receives the third security protection policy corresponding to the PC5-RRC connection associated with the first QoS flow from the network device.

It can be understood that, in the case that the second security protection policy and the third security protection policy are different, the second security protection policy indicated to the second terminal device by the first terminal device is replaced with the third security protection policy in S703.

AS described in the embodiment of fig. 7 with the granularity configuration of QoS flows, it can be understood that the upper layer of the first terminal device may also indicate, to the AS layer, the configuration of security protection policies of other granularities, for example, the granularity of service types, that is, the security protection policy corresponding to each service type, and for example, the granularity of unicast connections, that is, the security protection policy corresponding to each unicast connection.

One PC5-RRC connection may correspond to one or more traffic types and may also correspond to one or more unicast connections. When the upper layer of the first terminal device indicates the security protection policy of the service type granularity or the unicast connection granularity to the AS layer, the communication method of the sidelink may refer to the scheme of the security protection policy of the QoS flow granularity in fig. 7, and in brief, replace the QoS flow in the embodiment of fig. 7 with the service type or the unicast connection, so AS to obtain the variant scheme that needs to be protected in the present application. Or, when the upper layer of the first terminal device indicates the security protection policy of the service type granularity or the unicast connection granularity to the AS layer, the security protection policy of the QoS stream is determined according to the security protection policy of the service type granularity or the unicast connection granularity, thereby implementing the method in the embodiment of fig. 7.

Optionally, for the security protection policy of the SRB, as long as there is a service type or QoS flow in the PC5 RRC connection or the control plane integrity protection policy corresponding to the unicast connection needs to be required or preferred, the SL-SRBs corresponding to the corresponding PC5 RRC connection all need to be integrity protected. The encryption protection strategy of SRB is similar. It is understood that SL-SRBs include SL-SRBs carrying PC5-RRC messages and SL-SRBs carrying PC5-S messages.

Fig. 7 illustrates an embodiment, which may ensure that, when the upper layer indicates the security protection policy of the unicast connection granularity, the service type granularity, or the QoS flow granularity, the AS layer of the first terminal device can always determine the security protection policy corresponding to the PC5 RRC connection and indicate the security protection policy to the second terminal device associated with the PC5 RRC connection, and finally ensure that the second terminal device receives data with a correct security protection policy, so AS to implement normal SL communication.

It is understood that the embodiments of the present application are based on the same technical concept, and detailed descriptions of the same technical features and alternative implementations of the embodiments may be mutually referred to, and are not repeated herein for brevity of the application document.

In order to implement the functions in the method provided by the embodiment of the present application, the first terminal device may include a hardware structure and/or a software module, and implement the functions in the form of a hardware structure, a software module, or a hardware structure and a software module. Whether any of the above-described functions is implemented as a hardware structure, a software module, or a hardware structure plus a software module depends upon the particular application and design constraints imposed on the technical solution.

As shown in fig. 8, based on the same technical concept, an embodiment of the present application further provides a communication apparatus 800, where the communication apparatus 800 may be a first terminal device or a network device, may also be an apparatus in the first terminal device or the network device, or may be an apparatus capable of being used in cooperation with the first terminal device or the network device. In one design, the communication apparatus 800 may include a module corresponding to one to perform the method/operation/step/action performed by the first terminal device in the foregoing method embodiment, where the module may be a hardware circuit, or may be software, or may be implemented by combining a hardware circuit and software. In one design, the communications apparatus 800 may include a processing module 801 and a communications module 802. The processing module 801 is used to invoke the communication module 802 to perform the receiving and/or transmitting functions.

When the communication apparatus 800 is used to perform an operation performed by the first terminal device:

in one embodiment, the communication module 802 is configured to obtain configuration information of a sidelink bearer SLRB. The processing module 801 is configured to: determining a first SLRB corresponding to a first QoS flow according to the configuration information of the SLRB; and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal equipment establishes a second SLRB aiming at the first QoS flow.

In another embodiment, the communication module 802 is configured to send first information to a network device, where the first information includes a first security protection policy corresponding to a first quality of service QoS flow; and receiving configuration information of a sidelink bearer (SLRB) from the network device, the configuration information of the SLRB indicating that the first QoS flow corresponds to the first SLRB; a processing module 801, configured to determine the first security protection policy corresponding to the first SLRB according to the configuration information of the SLRB.

In another embodiment, the communication module 802 is configured to obtain first information, where the first information includes a first security protection policy corresponding to a first quality of service QoS flow; a processing module 801, configured to determine, according to the first information, a second security protection policy corresponding to the PC 5-radio resource control, RRC, connection associated with the first QoS flow; the communication module 802 is further configured to send indication information to a second terminal device corresponding to the PC5 RRC connection, where the indication information is used to indicate a second security protection policy corresponding to the PC5 RRC connection.

When the communication apparatus 800 is used to perform operations performed by a network device:

a communication module 802, configured to receive first information from a first terminal device, where the first information includes a correspondence between a first quality of service (QoS) flow and a first security protection policy; a processing module 801, configured to determine configuration information of a sidelink bearer SLRB according to the first information; a communication module, configured to send the configuration information of the SLRB to the first terminal device.

By way of example, the communication apparatus 800 performs part of the operations of the first terminal device or the network device, it is understood that the processing module 801 and the communication module 802 are also used to perform other receiving or transmitting steps or operations performed by the first terminal device or the network device in the above method embodiments. The processing module 801 may also be configured to execute other corresponding steps or operations, except for transceiving, executed by the first terminal device or the network device in the foregoing method embodiments, which are not described in detail herein.

The division of the modules in the embodiments of the present application is schematic, and only one logical function division is provided, and in actual implementation, there may be another division manner, and in addition, each functional module in each embodiment of the present application may be integrated in one processor, may also exist alone physically, or may also be integrated in one module by two or more modules. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.

Fig. 9 shows a communication apparatus 900 according to an embodiment of the present application, configured to implement the function of the first terminal device or the network device in the foregoing method. The communication device may be the first terminal device or the network device, or may be a device in the first terminal device or the network device, or may be a device that can be used in cooperation with the first terminal device or the network device. The communication device 900 may be a chip system. In the embodiment of the present application, the chip system may be composed of a chip, and may also include a chip and other discrete devices. The communication apparatus 900 includes at least one processor 920, configured to implement the functions of the first terminal device or the network device in the method provided in the embodiment of the present application. The communications device 900 may also include a communications interface 910. In embodiments of the present application, the communication interface may be a transceiver, circuit, bus, module, or other type of communication interface for communicating with other devices over a transmission medium. For example, the communication interface 910 is used for devices in the communication apparatus 900 to communicate with other devices.

Exemplarily, when the communication apparatus 900 is used to perform the operation performed by the first terminal device:

in one embodiment, the communication interface 910 is configured to obtain configuration information of the sidelink bearer SLRB. The processor 920 is configured to: determining a first SLRB corresponding to a first QoS flow according to the configuration information of the SLRB; and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal equipment establishes a second SLRB aiming at the first QoS flow.

In another embodiment, the communication interface 910 is configured to send first information to a network device, where the first information includes a first security protection policy corresponding to a first quality of service QoS flow; and receiving configuration information of a sidelink bearer (SLRB) from the network device, the configuration information of the SLRB indicating that the first QoS flow corresponds to the first SLRB; a processor 920, configured to determine the first security protection policy corresponding to the first SLRB according to the configuration information of the SLRB.

In another embodiment, the communication interface 910 is configured to obtain first information, where the first information includes a first security protection policy corresponding to a first quality of service QoS flow; a processor 920, configured to determine, according to the first information, a second security protection policy corresponding to the PC 5-radio resource control, RRC, connection associated with the first QoS flow; the communication interface 910 is further configured to send indication information to a second terminal device corresponding to the PC5 RRC connection, where the indication information is used to indicate a second security protection policy corresponding to the PC5 RRC connection.

When the communications apparatus 900 is used to perform operations performed by a network device:

a communication interface 910, configured to receive first information from a first terminal device, where the first information includes a correspondence between a first quality of service QoS flow and a first security protection policy; a processor 920, configured to determine configuration information of a sidelink bearer SLRB according to the first information; a communication module, configured to send the configuration information of the SLRB to the first terminal device.

The processor 920 and the communication interface 910 may also be configured to perform other corresponding steps or operations performed by the first terminal device or the network device in the foregoing method embodiments, which are not described in detail herein.

The communications apparatus 900 can also include at least one memory 930 for storing program instructions and/or data. A memory 930 is coupled to the processor 920. The coupling in the embodiments of the present application is an indirect coupling or a communication connection between devices, units or modules, and may be an electrical, mechanical or other form for information interaction between the devices, units or modules. The processor 920 may operate in conjunction with the memory 930. Processor 920 may execute program instructions stored in memory 930. At least one of the at least one memory may be included in the processor.

The specific connection medium among the communication interface 910, the processor 920 and the memory 930 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 930, the processor 920, and the communication interface 910 are connected by a bus 940 in fig. 9, the bus is represented by a thick line in fig. 9, and the connection manner between other components is merely illustrative and is not limited thereto. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.

When the communication apparatus 800 and the communication apparatus 900 are specifically chips or chip systems, the output or the reception of the communication module 802 and the communication interface 910 may be baseband signals. When the communication apparatus 800 and the communication apparatus 900 are embodied as devices, the communication module 802 and the communication interface 910 may output or receive radio frequency signals.

In the embodiments of the present application, the processor 920 may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.

In the embodiment of the present application, the memory 930 may be a non-volatile memory, such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory (RAM), for example, a random-access memory (RAM). The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.

Some or all of the operations and functions performed by the terminal described in the above method embodiments of the present application may be implemented by a chip or an integrated circuit.

In order to implement the functions of the communication apparatus described in fig. 8 or fig. 9, an embodiment of the present application further provides a chip, which includes a processor and is configured to support the communication apparatus to implement the functions related to the first terminal device in the foregoing method embodiments. In one possible design, the chip is connected to or includes a memory for storing the necessary program instructions and data of the communication device.

The embodiment of the application provides a computer readable storage medium, which stores a computer program, wherein the computer program comprises instructions for executing the method embodiment.

Embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the above-described method embodiments.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.

Claims

1. A method of sidelink communication, comprising:

the method comprises the steps that a first terminal device obtains configuration information of a side-link bearing SLRB;

the first terminal equipment determines a first SLRB corresponding to a first quality of service (QoS) flow according to the configuration information of the SLRB;

and if the first SLRB is established and a first security protection strategy corresponding to the first SLRB is different from a second security protection strategy corresponding to the first QoS flow, the first terminal equipment establishes a second SLRB aiming at the first QoS flow.

2. The method of claim 1, wherein the method further comprises:

and the access AS layer of the first terminal equipment determines that the safety protection strategy corresponding to the first QoS flow is a second safety protection strategy according to the corresponding relation between the QoS flow indicated by the Internet of vehicles V2X layer and the safety protection strategy.

3. The method of claim 1 or 2, wherein the method further comprises:

and the first terminal equipment sends indication information to the second terminal equipment, wherein the indication information is used for indicating the second security protection strategy corresponding to the second SLRB.

4. The method according to any one of claims 1 to 3,

the first security protection policy or the second security protection policy each include any one or more of the following items of information: user plane integrity protection information or user plane encryption protection information.

5. The method of any of claims 1 to 4, wherein the configuration information of the SLRB is carried in a Radio Resource Control (RRC) message, a system message, or a pre-configuration message.

6. The method of any of claims 1 to 5, wherein the second SLRB is the same as any one or more of configuration parameters of a Packet Data Convergence Protocol (PDCP) entity, a Radio Link Control (RLC) entity, or a Logical Channel (LCH) of the first SLRB.

7. The method of any of claims 1 to 6, wherein the Logical Channel Identification (LCID) of the second SLRB is different from the Logical Channel Identification (LCID) of the first SLRB.

8. A method of sidelink communication, comprising:

a first terminal device sends first information to a network device, wherein the first information comprises a first security protection strategy corresponding to a first quality of service (QoS) flow;

the first terminal equipment receives configuration information of a side uplink bearer (SLRB) from the network equipment, wherein the configuration information of the SLRB indicates that the first QoS flow corresponds to the first SLRB;

and the first terminal equipment determines the first security protection strategy corresponding to the first SLRB according to the configuration information of the SLRB.

9. The method of claim 8, wherein the method further comprises:

and the AS access layer of the first terminal equipment determines that the security protection strategy corresponding to the first QoS flow is the first security protection strategy according to the corresponding relation between the QoS flow indicated by the Internet of vehicles V2X layer and the security protection strategy.

10. The method according to claim 8 or 9, wherein the first information is carried in a sidelink user information, SUI, message.

11. The method of any one of claims 8 to 10, further comprising:

and the first terminal equipment sends indication information to the second terminal equipment, wherein the indication information is used for indicating that the first SLRB corresponds to the first security protection strategy.

12. The method according to any one of claims 8 to 11,

the first security protection policy includes any one or more of the following information: user plane integrity protection information or user plane encryption protection information.

13. A method of sidelink communication, comprising:

a first terminal device acquires first information, wherein the first information comprises a first security protection strategy corresponding to a first quality of service (QoS) flow;

the first terminal determines a second security protection strategy corresponding to the PC 5-Radio Resource Control (RRC) connection associated with the first QoS flow according to the first information;

and the first terminal equipment sends indication information to second terminal equipment corresponding to the PC5 RRC connection, wherein the indication information is used for indicating a second security protection strategy corresponding to the PC5 RRC connection.

14. The method of claim 13, wherein if a first security protection policy corresponding to any of the one or more first QoS flows is required, the second security protection policy is required; if none of the first security protection policies corresponding to the one or more first QoS flows is needed, and a first security protection policy corresponding to any of the one or more first QoS flows is a trend preferred, the second security protection policy is a trend; and if none of the first security protection policies corresponding to the one or more first QoS flows is required and not inclined, the second security protection policy is not required for not required.

15. The method of claim 13,

if a first security protection policy corresponding to any one of the one or more first QoS flows is required or inclined, the second security protection policy is required; and if the first security protection strategies corresponding to the one or more first QoS flows are not needed and not inclined, the second security protection strategy is not needed.

16. A method of sidelink communication, comprising:

the method comprises the steps that network equipment receives first information from first terminal equipment, wherein the first information comprises a corresponding relation between a first quality of service (QoS) flow and a first security protection strategy;

and the network equipment determines and sends configuration information of the side uplink bearing SLRB to the first terminal equipment according to the first information.

17. The method of claim 16, wherein the first information is carried in a sidelink user information, SUI, message.

18. The method of claim 15 or 16, wherein the configuration information for the SLRB indicates that one or more of the first QoS flows correspond to the first SLRB.

19. A communications device for performing the method of any one of claims 1 to 7, or for performing the method of any one of claims 8 to 12, or for performing the method of any one of claims 13 to 15.

20. A communication device, wherein the device is configured to perform the method of any of claims 16-18.

21. A communications apparatus, comprising: a processor coupled to a memory for storing a program or instructions which, when executed by the processor, cause the method of any of claims 1-7 to be performed, or cause the method of any of claims 8-12 to be performed, or cause the method of any of claims 13-15 to be performed.

22. A communications apparatus, comprising: a processor coupled to a memory for storing a program or instructions which, when executed by the processor, cause the method of any of claims 16-18 to be performed.

23. A communication system comprising a first terminal and a network device;

the first terminal is configured to perform the method according to any one of claims 1 to 7, or configured to perform the method according to any one of claims 13 to 15; alternatively, the first and second electrodes may be,

the first terminal is configured to perform the method according to any one of claims 8 to 12, and the network device is configured to perform the method according to any one of claims 16 to 18.

24. A computer-readable storage medium having computer-readable instructions stored thereon, wherein the computer-readable instructions, when executed on a communication device, cause the method of any of claims 1-7 to be performed, or cause the method of any of claims 8-12 to be performed, or cause the method of any of claims 13-15 to be performed, or cause the method of any of claims 16-18 to be performed.