WO2020215323A1 - 用于完整性保护的方法或设备 - Google Patents
用于完整性保护的方法或设备 Download PDFInfo
- Publication number
- WO2020215323A1 WO2020215323A1 PCT/CN2019/084607 CN2019084607W WO2020215323A1 WO 2020215323 A1 WO2020215323 A1 WO 2020215323A1 CN 2019084607 W CN2019084607 W CN 2019084607W WO 2020215323 A1 WO2020215323 A1 WO 2020215323A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- parameter value
- bearer parameter
- bearer
- communication
- lcid
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/11—Allocation or use of connection identifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/04—Interfaces between hierarchically different network devices
- H04W92/10—Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/16—Interfaces between hierarchically similar devices
- H04W92/18—Interfaces between hierarchically similar devices between terminal devices
Definitions
- the embodiments of the present application relate to the field of communication technology, and in particular to a method or device for integrity protection.
- a secret key can be used for integrity protection at the Packet Data Convergence Protocol (PDCP) layer.
- PDCP Packet Data Convergence Protocol
- the embodiment of the present application provides a method or device for integrity protection of side link communication or Uu interface communication, which can realize the integrity protection of the PDCP layer, thereby improving the security of communication.
- a method for integrity protection of side-link communication including: obtaining a first bearer BEARER parameter value based on at least one of the following: The logical channel identifier LCID corresponding to the data, the access communication standard adopted by the side-link communication, the BEARER parameter value allocated for the side-link communication, the preset BEARER parameter value, wherein the transmitted data corresponds to The bit length of the LCID is greater than the bit length of the first BEARER parameter value; based on the first BEARER parameter value, the integrity message authentication code MAC-I or expected integrity for the side link communication is calculated Message authentication code XMAC-I.
- a method for integrity protection of Uu interface communication including: obtaining a first bearer BEARER parameter value based on at least one of the following: a logical channel identifier LCID for sidelink communication The bit length of, the BEARER parameter value allocated for the Uu interface communication, and the preset BEARER parameter value; based on the first BEARER parameter value, the integrity message authentication code MAC-I or expected for the Uu interface communication is calculated The integrity message authentication code XMAC-I.
- a device for integrity protection of sidelink communication is provided, which is used to implement the method in the above-mentioned first aspect.
- the device for integrity protection of side-link communication includes a functional module for executing the above-mentioned first aspect.
- a device for integrity protection of Uu interface communication is provided, which is used to execute the method in the first aspect.
- the device for integrity protection of Uu interface communication includes a functional module for executing the above-mentioned first aspect.
- a device for integrity protection of side link communication including a processor and a memory.
- the memory is used to store a computer program
- the processor is used to call and run the computer program stored in the memory to execute the method in the above first aspect.
- a device for integrity protection of Uu interface communication including a processor and a memory.
- the memory is used to store a computer program
- the processor is used to call and run the computer program stored in the memory to execute the method in the above first aspect.
- a chip is provided for implementing the method in the first or second aspect.
- the chip includes: a processor, configured to call and run a computer program from the memory, so that the device installed with the chip executes the method in the first or second aspect.
- a computer-readable storage medium for storing a computer program that enables a computer to execute the method in the first or second aspect.
- a computer program product including computer program instructions that cause a computer to execute the method in the first or second aspect.
- a computer program which when running on a computer, causes the computer to execute the method in the first or second aspect.
- the first bearer BEARER parameter value is obtained based on at least one of the following: the logical channel identifier LCID corresponding to the data transmitted in the side link communication, and the access used in the side link communication Communication standard, the BEARER parameter value allocated for the sidelink communication, and the preset BEARER parameter value, wherein the bit length of the LCID corresponding to the transmitted data is greater than the bit length of the first BEARER parameter value;
- the integrity message authentication code MAC-I or the expected integrity message authentication code XMAC-I for the side link communication is calculated, so that the PDCP layer based on the side link communication can be realized Integrity protection, which can improve the security of communication.
- the first bearer parameter value based on at least one of the following: the bit length of the logical channel identifier LCID used for sidelink communication, the BEARER parameter value allocated for the Uu interface communication, and the preset BEARER parameter Value; based on the first BEARER parameter value, calculate the integrity message authentication code MAC-I or the expected integrity message authentication code XMAC-I for the Uu interface communication, so that the PDCP layer based on Uu interface communication can be realized Integrity protection, which can improve the security of communication.
- Fig. 1 is a schematic diagram of a communication system architecture provided by an embodiment of the present application.
- FIG. 2 is a schematic diagram of a method for integrity protection of side-link communication provided by an embodiment of the present application.
- FIG. 3 is a schematic diagram of calculating MAC-1 or XMAC-I according to an embodiment of the present application.
- FIG. 4 is a schematic diagram of a method for obtaining BEARER parameter values provided by an embodiment of the present application.
- FIG. 5 is a schematic diagram of a method for integrity protection of Uu interface communication provided by an embodiment of the present application.
- Fig. 6 is a schematic diagram of a device for integrity protection of sidelink communication provided by an embodiment of the present application.
- Fig. 7 is a schematic diagram of a device for integrity protection of Uu interface communication provided by an embodiment of the present application.
- Fig. 8 is a schematic block diagram of a communication device provided by an embodiment of the present application.
- FIG. 9 is a schematic block diagram of a communication device provided by an embodiment of the present application.
- GSM Global System of Mobile Communication
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- GSM Global System of Mobile Communication
- GPRS General Packet Radio Service
- LTE Long Term Evolution
- FDD Frequency Division Duplex
- TDD Time Division Duplex
- UMTS Universal Mobile Telecommunication System
- WiMAX Worldwide Interoperability for Microwave Access
- the network device mentioned in the embodiment of the present application may be a device that communicates with a terminal device (or called a communication terminal or terminal).
- the network device can provide communication coverage for a specific geographic area, and can communicate with terminal devices located in the coverage area.
- the network device 110 may be a base station (Base Transceiver Station, BTS) in a GSM system or a CDMA system, a base station (NodeB, NB) in a WCDMA system, or an evolved base station in an LTE system (Evolutional Node B, eNB or eNodeB), or a base station (gNB) in a new wireless system, or a wireless controller in a cloud radio access network (Cloud Radio Access Network, CRAN), or the network device can be a mobile Switching centers, relay stations, access points, in-vehicle devices, wearable devices, hubs, switches, bridges, routers, network side devices in 5G networks, or future evolution of public land mobile networks (Public Land Mobile Network, PLMN) Network equipment
- the terminal equipment mentioned in the embodiments of this application includes, but is not limited to, connection via a wired line, such as via a public switched telephone network (PSTN), digital subscriber line (Digital Subscriber Line, DSL), digital cable, and direct cable connection ; And/or another data connection/network; and/or via a wireless interface, such as for cellular networks, wireless local area networks (WLAN), digital TV networks such as DVB-H networks, satellite networks, AM- FM broadcast transmitter; and/or another terminal device that is set to receive/send communication signals; and/or Internet of Things (IoT) equipment.
- a terminal device set to communicate through a wireless interface may be referred to as a "wireless communication terminal", a "wireless terminal” or a "mobile terminal".
- Examples of mobile terminals include, but are not limited to, satellites or cellular phones; Personal Communications System (PCS) terminals that can combine cellular radio phones with data processing, fax, and data communication capabilities; can include radio phones, pagers, Internet/intranet PDA with internet access, web browser, memo pad, calendar, and/or Global Positioning System (GPS) receiver; and conventional laptop and/or palmtop receivers or others including radio phone transceivers Electronic device.
- Terminal equipment can refer to access terminals, user equipment (UE), user units, user stations, mobile stations, mobile stations, remote stations, remote terminals, mobile equipment, user terminals, terminals, wireless communication equipment, user agents, or User device.
- the access terminal can be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a personal digital processing (Personal Digital Assistant, PDA), with wireless communication Functional handheld devices, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, terminal devices in 5G networks, or terminal devices in the future evolution of PLMN, etc.
- SIP Session Initiation Protocol
- WLL Wireless Local Loop
- PDA Personal Digital Assistant
- the terminal device 120 and the network device 110 may communicate with each other, specifically, the communication may be performed through a Uu interface, and/or the terminal device 120 and the terminal device 120 may communicate with each other.
- the communication is carried out through the side link (Sidelink, SL).
- the terminal device 120 communicates with the terminal device 120 through a side link, which can also be referred to as using a PC5 interface to communicate.
- the side link communication in the embodiments of the present application can be used for communication of the following services: Vehicle to Anything (V2X), Network Controlled Interactive Services (NCIS), and Public Safety (Public Safty) services.
- FIG. 2 is a schematic flowchart of a method 200 for integrity protection of sidelink communication.
- the method 200 includes at least part of the following content.
- the method 200 can be implemented by a terminal device.
- the method 200 can be implemented by the sender of side link communication.
- the terminal device as the sender can be used to calculate the integrity message authentication code (Message Authentication Code-Integrity, MAC-I); or,
- the method can also be implemented by the receiving end of side link communication.
- the terminal device as the receiving end can be used for computing (eXpected Message Authentication Code-Integrity, XMAC-I).
- the bearer (BEARER) parameter value may be a parameter value used to obtain MAC-I or XMAC-I, and the bit length of the BEARER parameter value may be 5.
- the BEARER parameter value may be a parameter value with a fixed length, and the fixed length may be preset on the terminal device, or may be configured by the network device for the terminal device.
- the BEARER parameter value may also have other names, for example, logical channel identity (LCID) parameter value (for example, in the case where the parameter value is obtained based on LCID), input parameter value, etc., in this embodiment of the application There is no specific restriction on this.
- LCID logical channel identity
- the BEARER parameter value can be combined with other parameters to obtain MAC-I or XMAC-I.
- the other parameters may include at least one of a PDCP count (COUNT) value, a direction of side link communication, an integrity protection key, an integrity protection key identifier, and data packet content.
- COUNT PDCP count
- the algorithm for calculating MAC-I or XMAC-I may be a network integrity algorithm (Network Integrity Algorithm, NIA) algorithm.
- the PDCP COUNT value can include 32 bits. Bits 0-15 of the 32 bits are KD- sess ID, where KD- sess is the 16-bit generated by the root key of the terminal device at the granularity of each session.
- the 31 bits are the Counter parameter value, where Counter is a counter, and the counter can be incremented by one each time a message is sent, and the K D-sess ID and Counter parameter values can be carried in the PDCP header.
- the terminal device can set the K D-sess ID and Counter parameter values to 0.
- the K D-sess ID and Counter parameter values can also be set to 0 in the PDCP message.
- the integrity protection key may be a Proximity Service (ProSe) encryption key (ProSe Encryption Key, PEK), where the terminal device may have an algorithm identifier and a ProSe Group Key (PGK), and the PGK may be The corresponding secret key of the group to which the terminal device belongs.
- the terminal can derive a ProSe Traffic Key (PTK) based on PGK.
- the PTK can be exclusive to the terminal device and can be carried in the header of the user data message.
- the terminal device can be derived based on PTK (ProSe Encryption Key, PEK), and PEK can be used to encrypt data.
- the bit length of the integrity protection key can be 128 bits.
- the direction of side link communication can be represented by 1 bit, and the direction of side link communication can include the direction from the terminal device that initiates side link communication to the direction of the terminal device that initiates side link communication (this direction
- the corresponding bit value can be 1), and the direction from the terminal device that initiates sidelink communication to the terminal device that initiates sidelink communication (the bit value corresponding to this direction can be 0).
- the terminal device obtains the first BEARER parameter value based on at least one of the following:
- the bit length of the LCID corresponding to the transmitted data is greater than the bit length of the first BEARER parameter value.
- the bit length of the LCID is 6, and the bit length of the first BEARER parameter value is 5.
- the LCID mentioned in the embodiments of this application can be assigned by network equipment or terminal equipment (for example, the group head of the terminal equipment group to which the terminal equipment belongs in side-link communication, side-link communication
- the sending end in the side link communication, the receiving end in the side link communication) or it can be negotiated between the sending end and the receiving end in the side link communication.
- the LCID may be allocated or negotiated when the LC is established.
- the bit length of the LCID corresponding to the transmitted data is greater than the first BEARER parameter value for description, but the embodiments of the present application are not limited to this, and the bit length of the LCID in the embodiments of the present application may also be Less than the value of the first BEARER parameter.
- the terminal device may obtain the first BEARER parameter value based on one of them, or obtain the BEARER parameter value based on multiple of them. The following will give an example of how to obtain the BEARER parameter value.
- the terminal device may obtain the first BEARER parameter value based on the LCID corresponding to the transmitted data.
- the LCID When the bit length of the LCID is equal to the expected bit length of the BEARER parameter value, the LCID can be directly used as the BEARER parameter value. However, in some communication systems (for example, 5G communication systems), the bit length of the LCID may not be equal to the BEARER parameter value If the expected bit length does not solve the problem of the mismatch, the terminal device can process the LCID to obtain the first BEARER parameter value.
- the processing performed on the LCID corresponding to the transmitted data may specifically include: intercepting a part of the bit value of the LCID corresponding to the transmitted data to generate the first BEARER parameter value.
- the bit length of the LCID is greater than the bit length of the expected BEARER parameter value, if the first BEARER parameter value needs to be obtained based on the LCID, a part of the bit value of the LCID can be truncated as the first BEARER parameter value.
- intercepting a part of the bit value of the LCID as the first BEARER parameter value means that the part of the bit value is used to generate the first BEARER parameter value, and other bit values are discarded.
- the terminal device may intercept the lowest N bit value or the highest N bit value of the LCID corresponding to the transmitted data to generate the first BEARER parameter value. Wherein, the N may be equal to the bit length of the first BEARER parameter value.
- the bit length of the LCID is 6, and the allowed bit length of the first BEARER parameter value is 5, then 5 bit values can be cut from the LCID as the first BEARER parameter value, for example, the highest value can be 5 One bit value (for example, (a) in FIG. 4) or the lowest 5 bit value (for example, (b) in FIG. 4) is used as the first BEARER parameter value.
- the terminal device can intercept the lowest at least one bit and the highest at least one bit of the LCID, and combine the lowest at least one bit and the highest at least one bit to form the first BEARER parameter value.
- the LCID may also have other processing.
- the value corresponding to the LCID may be subtracted or divided by a certain value to obtain the first BEARER parameter value.
- the terminal device may obtain the BEARER parameter value corresponding to the LCID corresponding to the transmitted data from the correspondence between at least one LCID and at least one BEARER parameter value, as the first BEARER Parameter value.
- the LCID and the BEARER parameter value may have a corresponding relationship (for example, a one-to-one relationship, a one-to-many relationship, or a many-to-one relationship), where the corresponding relationship may be preset on the terminal device, or It can be configured by the network device or by the group header of the terminal device group to which the terminal device belongs, or it can be negotiated between the sender and the receiver.
- the terminal device may also obtain the BEARER parameter value corresponding to the LCID corresponding to the transmitted data from the corresponding relationship as the first BEARER parameter value.
- the terminal device may obtain the first BEARER parameter value based on the access communication standard adopted by the sidelink communication.
- the terminal device obtains the BEARER parameter value corresponding to the access communication standard adopted by the sidelink communication from the correspondence between at least one access communication standard and at least one BEARER parameter value, as the first BEARER parameter value.
- the access communication standard and the BEARER parameter value may have a corresponding relationship (for example, a one-to-one correspondence, a one-to-many relationship, or a many-to-one relationship), where the corresponding relationship may be preset on the terminal device It can also be configured by the network device or by the group header of the terminal device group to which the terminal device belongs, or it can be negotiated between the sender and the receiver.
- the terminal device may also obtain the BEARER parameter value corresponding to the adopted access communication standard from the corresponding relationship as the first BEARER parameter value.
- the access communication standard mentioned in the embodiment of the present application may be the NR communication standard or the E-UTRA communication standard.
- the first BEARER parameter value can be a value.
- the access communication standard adopted by the side link communication is the E-UTRA communication standard
- the first The BEARER parameter value can be another value.
- the terminal device may obtain the first BEARER parameter value based on the BEARER parameter value allocated for sidelink communication.
- the BEARER parameter value allocated for the side link communication is allocated by the terminal device (for example, the terminal device that initiates the side link communication, the group head of the terminal device group to which the terminal device of the side link communication belongs); Or, the BEARER parameter value allocated for the sidelink communication is allocated by the network device.
- the BEARER parameter value allocated for sidelink communication may be per logical channel, that is, the BEARER parameter value is allocated at the granularity of the logical channel.
- the BEARER parameter value may be allocated in the LCID.
- the BEARER parameter value allocated for sidelink communication may be per terminal device, that is, the BEARER parameter value is allocated at the granularity of the terminal device.
- MAC-I or XMAC-I it may be The BEARER parameter value allocated by the end terminal is determined to be the first BEARER parameter value, or, alternatively, the BEARER parameter value allocated to the receiving end terminal may be determined as the first BEARER parameter value.
- the terminal device may determine the first BEARER parameter value based on the preset BEARER parameter value.
- the terminal device may determine the preset BEARER parameter value as the first BEARER parameter value.
- the terminal device calculates MAC-I or XMAC-I for the side link communication.
- the calculated MAC-I can be encapsulated into the PDCP header.
- the receiver After the sender calculates the MAC-I, the calculated MAC-I can be encapsulated into the PDCP header.
- the receiver After the receiver receives the message, it can calculate XMAC-I based on the received message, and combine XMAC-I with the PDCP header Compare the MAC-I in the MAC-I, if the two values are equal, it means that the integrity protection is successful, otherwise, it means that the message content has been changed.
- the bit length of the first BEARER parameter value is equal to the bit length of the second BEARER parameter value
- the second BEARER parameter value is used to calculate MAC-I or XMAC in Uu interface communication. -I.
- multiple implementations are provided above to obtain the first BEARER parameter value, so that the bit length of the first BEARER parameter value may be equal to the bit length of the second BEARER parameter.
- the bit length of the first BEARER parameter value and the bit length of the second BEARER parameter value may both be 5 bits, and the terminal device may determine the bit length of the first BEARER parameter value based on the bit length of the second BEARER parameter value, and Based on the determined bit length, the LCID corresponding to the transmitted data is processed, for example, a certain number of bit values are intercepted as the first BEARER parameter value.
- the second BEARER parameter value is classified into BEARER parameter values used for non-access stratum (NAS) and access stratum (AS).
- the second BEARER parameter value may be NAS Connection Identifier.
- the value may be 0X01, and for non-3GPP, the value may be 0XX00;
- the second BEARER parameter value can be the value of the SRB identifier or can be filled with a certain number of bit values before or after the SRB identifier (2 bits) (For example, 0), to generate the second BEARER parameter value;
- the second BEARER parameter value may be DRB, or may be obtained by processing the DRB identifier, for example, the DRB identifier is taken The value is [1-32], so you can directly subtract one from the value of the DRB identifier to form a 5-bit binary value as the second BEARER parameter value.
- the bit length used to calculate the BEARER parameter value of MAC-I or XMAC-I in sidelink communication is equal to the bit length used to calculate the BEARER parameter value of MAC-I or XMAC-I in Uu interface communication.
- the bit length can avoid the problem of mismatch between MAC-I or XMAC-I calculations in the two communication modes, and only one set of MAC-I or XMAC-I calculation units can be needed, which reduces the complexity of terminal equipment implementation.
- the first BEARER parameter value is obtained by the above-mentioned method, so that the bit length of the first BEARER parameter value can be equal to the bit length of the second BEARER parameter value, and it is not necessary to change the Uu interface communication to calculate the MAC-I or XMAC-I
- the architecture can make full use of existing mechanisms and parameters, and make little changes to the existing ones.
- the existing BEARER parameter value is 5 bits
- the 5-bit BEARER parameter value is obtained by processing the LCID.
- FIG. 5 is a schematic flowchart of a method 300 for integrity protection of Uu interface communication according to an embodiment of the present application.
- the method 300 may be implemented by a terminal device or a network device. This method can be implemented by the receiving end of the communication or the sending end of the communication.
- the method 300 can be implemented by a terminal device. At this time, the terminal device is used to calculate the MAC-I based on the first BEARER parameter value; or, when the Uu interface is used for uplink communication, The method 300 may be implemented by a network device. At this time, the network device may calculate XMAC-I based on the first BEARER parameter value.
- the method 300 may be implemented by a terminal device. At this time, the terminal device is used to calculate XMAC-I based on the first BEARER parameter value; or, when the Uu interface is used for downlink communication, This method can be implemented by a network device. At this time, the network device can calculate the MAC-I based on the first BEARER parameter value.
- the MAC-I or the XMAC-I is based on the first BEARER parameter value, and based on the PDCP COUNT value, the communication direction of the Uu interface communication, and the integrity protection key , At least one of the integrity protection key identifier and the content of the data packet is determined.
- the bearer (BEARER) parameter value may be a parameter value used to obtain MAC-I or XMAC-I, and the bit length of the BEARER parameter value may be 5.
- the BEARER parameter value may be a parameter value with a fixed length, and the fixed length may be preset on the terminal device, or may be configured by the network device for the terminal device.
- the BEARER parameter value may also have other names, for example, logical channel identity (LCID) parameter value (for example, when the parameter value is obtained based on LCID), data radio bearer (DRB) ) Parameter value or signaling radio bearer (Signaling Radio Bearer, SRB) parameter value, or input parameter value, etc., which are not specifically limited in the embodiment of the present application.
- LCID logical channel identity
- DRB data radio bearer
- SRB Signaling radio bearer
- the BEARER parameter value can be combined with other parameters to obtain MAC-I or XMAC-I.
- the other parameters may include the PDCP count (COUNT) value, the communication direction of the Uu interface, the integrity protection key, the integrity protection key identifier, and the content of the data packet (for example, Radio Resource Control (RRC) message) At least one of them.
- the algorithm for calculating MAC-I or XMAC-I may be the NIA algorithm.
- the PDCP COUNT value may include 32 bits.
- the available bit length of the integrity protection key can be 128 bits, which can be derived from the original key (KgNB) key.
- the communication direction of the Uu interface can be represented by 1 bit.
- the uplink can be 0 and the downlink can be 1.
- the communication device obtains the first BEARER parameter value based on at least one of the following:
- the bit length of the LCID used for sidelink communication, the BEARER parameter value allocated for the Uu interface communication, and the preset BEARER parameter value is the bit length of the LCID used for sidelink communication, the BEARER parameter value allocated for the Uu interface communication, and the preset BEARER parameter value.
- the communication device may obtain the first BEARER parameter value based on the bit length of the LCID used for sidelink communication.
- the communication device may process the radio bearer identifier of the Uu interface communication based on the bit length of the LCID to obtain the first BEARER parameter value that is the same as the bit length of the LCID.
- the processing of the identification of the radio bearer includes: adding at least one zero before the identification of the radio bearer, or adding at least one zero after the identification of the radio bearer.
- a specific value can be added before or after the DRB identifier, so that the second BEARER parameter is equal to the bit length of the LCID of the sidelink communication.
- the bit length of the LCID of the side link communication may be equal to the bit length of the BEARER parameter value of the MAC-I or XMAC-I in the side link communication.
- the terminal device may obtain the first BEARER parameter value based on the bit length used to calculate the BEARER parameter value of the MAC-I or XMAC-I in the side link communication.
- the bit length used to calculate the BEARER parameter of MAC-I or XMAC-I or the bit length of LCID used for side-link communication can be 6.
- the communication device may obtain the first BEARER parameter value based on the BEARER parameter value allocated for Uu interface communication.
- the BEARER parameter value allocated for Uu interface communication may be based on the terminal device as the granularity, or may be based on the radio bearer as the granularity.
- the communication device may determine the BEARER parameter value corresponding to the radio bearer ID used in the Uu interface communication among the BEARER parameter values with the granularity of the radio bearer ID as the first BEARER parameter value.
- the communication device will allocate a BEARER parameter value with a terminal device as the granularity for the Uu interface communication as the first BEARER parameter value.
- the communication device may obtain the first BEARER parameter value based on the preset BEARER parameter value.
- the communication device may determine the preset BEARER parameter value as the first BEARER parameter value.
- the first BEARER parameter value can be divided into the BEARER parameter value of the AS layer and the NAS layer, and the BEARER parameter value of the AS layer and the NAS layer may be the same or different.
- the method of obtaining the BEARER parameter value of the AS layer and the method of obtaining the BEARER parameter value of the NAS layer may be the same or different.
- the communication device calculates MAC-I or XMAC-I used for the Uu interface communication.
- the calculated MAC-I can be encapsulated into the PDCP header.
- the receiver After the sender calculates the MAC-I, the calculated MAC-I can be encapsulated into the PDCP header.
- the receiver After the receiver receives the message, it can calculate XMAC-I based on the received message, and combine XMAC-I with the PDCP header Compare the MAC-I in the MAC-I, if the two values are equal, it means that the integrity protection is successful, otherwise, it means that the message content has been changed.
- the bit length of the first BEARER parameter value is equal to the bit length of the second BEARER parameter value
- the second BEARER parameter value is used to calculate MAC-I in sidelink communication. Or XMAC-I.
- the bit length used to calculate the BEARER parameter value of MAC-I or XMAC-I in sidelink communication is equal to the bit length used to calculate the BEARER parameter value of MAC-I or XMAC-I in Uu interface communication.
- the bit length can avoid the problem of mismatch between MAC-I or XMAC-I calculations in the two communication modes, and only one set of MAC-I or XMAC-I calculation units can be needed, which reduces the complexity of terminal equipment implementation.
- the above method 200 and method 300 can be used in combination.
- the method used to calculate the BEARER parameters of MAC-I or XMAC-I in acquiring sidelink communication can adopt method 200.
- the method 300 may be used to obtain the BEARER parameter value used to calculate the MAC-I or XMAC-I in the Uu interface communication.
- FIG. 6 is a schematic block diagram of a device 400 for integrity protection of sidelink communication according to an embodiment of the present application.
- the device 400 includes an acquisition unit 410 and a calculation unit 420.
- the obtaining unit 410 is configured to obtain the first bearer BEARER parameter value based on at least one of the following: the logical channel identifier LCID corresponding to the data transmitted in the side link communication, and the interface used in the side link communication Incoming communication standard, the BEARER parameter value allocated for the side link communication, and the preset BEARER parameter value, wherein the bit length of the LCID corresponding to the transmitted data is greater than the bit length of the first BEARER parameter value;
- the unit 420 is configured to calculate an integrity message authentication code MAC-I or a desired integrity message authentication code XMAC-I for the side link communication based on the first BEARER parameter value.
- the bit length of the first BEARER parameter value is equal to the bit length of the second BEARER parameter value
- the second BEARER parameter value is used to calculate MAC-I or XMAC in Uu interface communication. -I.
- the obtaining unit 410 is further configured to:
- the LCID corresponding to the transmitted data is processed to obtain the first BEARER parameter value.
- the first BEARER parameter value is obtained in the following manner: intercepting a part of the bit value of the LCID corresponding to the transmitted data, and used to generate the first BEARER parameter value .
- the first BEARER parameter value is obtained in the following manner: intercepting the lowest N bit value or the highest N bit value of the LCID corresponding to the transmitted data for Generate the first BEARER parameter value.
- the N is equal to the number of bits of the first BEARER parameter value.
- the obtaining unit 410 is further configured to:
- the obtaining unit 410 is further configured to:
- the BEARER parameter value allocated for the sidelink communication is allocated by the terminal device; or,
- the BEARER parameter value allocated for the sidelink communication is allocated by the network device.
- the obtaining unit 410 is further configured to:
- the preset BEARER parameter value is determined as the first BEARER parameter value.
- the MAC-I or the MAC-I is based on the first BEARER parameter value, and based on the PDCP COUNT value of the packet data convergence protocol, and the side link communication At least one of the direction, integrity protection key, integrity protection key identifier, and data packet content is calculated.
- the device 400 can be used to implement the corresponding operations in the foregoing method 200, and for simplicity, details are not described herein again.
- FIG. 7 is a schematic block diagram of a device 500 for integrity protection of Uu interface communication according to an embodiment of the present application.
- the device 500 includes an acquisition unit 510 and a calculation unit 520.
- the obtaining unit 510 is configured to obtain the first bearer parameter value based on at least one of the following: the bit length of the logical channel identifier LCID used for sidelink communication, the BEARER parameter value allocated for the Uu interface communication, The BEARER parameter value is preset; the calculation unit 520 is configured to calculate, based on the first BEARER parameter value, an integrity message authentication code MAC-I or an expected integrity message authentication code XMAC-I for the Uu interface communication.
- the bit length of the first BEARER parameter value is equal to the bit length of the second BEARER parameter value
- the second BEARER parameter value is used to calculate MAC-I in sidelink communication. Or XMAC-I.
- the obtaining unit 510 is further configured to:
- the radio bearer identifier of the Uu interface communication is processed to obtain the first BEARER parameter value that is the same as the bit length of the LCID.
- the processing performed on the radio bearer identity includes: adding at least one zero before the radio bearer identity, or adding at least one zero after the radio bearer identity.
- the obtaining unit 510 is further configured to:
- the BEARER parameter value corresponding to the radio bearer identifier used for the Uu interface communication is determined as the first BEARER parameter value.
- the obtaining unit 510 is further configured to:
- the BEARER parameter value with the granularity of the terminal device allocated to the Uu interface communication is used as the first BEARER parameter value.
- the obtaining unit 510 is further configured to:
- the preset BEARER parameter value is determined as the first BEARER parameter value.
- the MAC-I or the XMAC-I is based on the first BEARER parameter value, and based on the packet data convergence protocol count PDCP COUNT value, the communication direction of the Uu interface communication, At least one of the integrity protection key, the integrity protection key identifier, and the content of the data packet is calculated.
- the device 500 may be used to implement the corresponding operations in the foregoing method 300, and for the sake of brevity, details are not repeated here.
- FIG. 8 is a schematic structural diagram of a communication device 600 provided by an embodiment of the present application.
- the communication device 600 shown in FIG. 8 includes a processor 610, and the processor 610 can call and run a computer program from the memory to implement the method in the embodiment of the present application.
- the communication device 600 may further include a memory 620.
- the processor 610 may call and run a computer program from the memory 620 to implement the method in the embodiment of the present application.
- the memory 620 may be a separate device independent of the processor 610, or may be integrated in the processor 610.
- the communication device 600 may further include a transceiver 630, and the processor 610 may control the transceiver 630 to communicate with other devices. Specifically, it may send information or data to other devices, or receive other devices. Information or data sent by the device.
- the transceiver 630 may include a transmitter and a receiver.
- the transceiver 630 may further include an antenna, and the number of antennas may be one or more.
- the communication device 600 may specifically be a network device in an embodiment of the present application, and the communication device 600 may implement the corresponding process implemented by the network device in each method of the embodiment of the present application. For brevity, details are not repeated here. .
- the communication device 600 may specifically be a mobile terminal/terminal device of an embodiment of the application, and the communication device 600 may implement the corresponding processes implemented by the mobile terminal/terminal device in each method of the embodiment of the application.
- I won’t repeat it here.
- Fig. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application.
- the communication device 700 shown in FIG. 9 includes a processor 710, and the processor 710 can call and run a computer program from a memory to implement the method in the embodiment of the present application.
- the communication device 700 may further include a memory 720.
- the processor 710 may call and run a computer program from the memory 720 to implement the method in the embodiment of the present application.
- the memory 720 may be a separate device independent of the processor 710, or may be integrated in the processor 710.
- the communication device 700 may further include an input interface 730.
- the processor 710 can control the input interface 730 to communicate with other devices or communication devices, and specifically, can obtain information or data sent by other devices or communication devices.
- the communication device 700 may further include an output interface 740.
- the processor 710 may control the output interface 740 to communicate with other devices or communication devices, and specifically, may output information or data to other devices or communication devices.
- the communication device may be applied to the network device in the embodiment of the present application, and the communication device may implement the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the communication device may implement the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the communication device can be applied to the mobile terminal/terminal device in the embodiment of this application, and the communication device can implement the corresponding process implemented by the mobile terminal/terminal device in each method of the embodiment of this application. For simplicity, I will not repeat them here.
- the communication device mentioned in the embodiments of the present application may be a chip, and the chip may also be called a system-level chip, a system-on-chip, a system-on-chip, or a system-on-chip, etc.
- the processor of the embodiment of the present application may be an integrated circuit chip with signal processing capability.
- the steps of the foregoing method embodiments can be completed by hardware integrated logic circuits in the processor or instructions in the form of software.
- the above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a ready-made programmable gate array (Field Programmable Gate Array, FPGA) or other Programming logic devices, discrete gates or transistor logic devices, discrete hardware components.
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA ready-made programmable gate array
- the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
- the steps of the method disclosed in the embodiments of the present application may be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
- the software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
- the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
- the memory in the embodiment of the present application may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory.
- the non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), and electrically available Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory.
- the volatile memory may be a random access memory (Random Access Memory, RAM), which is used as an external cache.
- RAM random access memory
- SRAM static random access memory
- DRAM dynamic random access memory
- DRAM synchronous dynamic random access memory
- SDRAM double data rate synchronous dynamic random access memory
- Double Data Rate SDRAM DDR SDRAM
- ESDRAM enhanced synchronous dynamic random access memory
- Synchlink DRAM SLDRAM
- DR RAM Direct Rambus RAM
- the memory in the embodiment of the present application may also be static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), Synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection Dynamic random access memory (synch link DRAM, SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, DR RAM), etc. That is to say, the memory in the embodiment of the present application is intended to include but not limited to these and any other suitable types of memory.
- the embodiment of the present application also provides a computer-readable storage medium for storing computer programs.
- the computer-readable storage medium may be applied to the network device in the embodiment of the present application, and the computer program causes the computer to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the computer program causes the computer to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the computer-readable storage medium may be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program causes the computer to execute the corresponding process implemented by the mobile terminal/terminal device in each method of the embodiment of the present application ,
- the computer program causes the computer to execute the corresponding process implemented by the mobile terminal/terminal device in each method of the embodiment of the present application ,
- I will not repeat it here.
- the embodiments of the present application also provide a computer program product, including computer program instructions.
- the computer program product may be applied to the network device in the embodiment of the present application, and the computer program instructions cause the computer to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the computer program instructions cause the computer to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the computer program instructions cause the computer to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- the computer program product can be applied to the mobile terminal/terminal device in the embodiment of the present application, and the computer program instructions cause the computer to execute the corresponding process implemented by the mobile terminal/terminal device in each method of the embodiment of the present application, For brevity, I won't repeat them here.
- the embodiment of the present application also provides a computer program.
- the computer program can be applied to the network device in the embodiment of the present application.
- the computer program runs on the computer, the computer is caused to execute the corresponding process implemented by the network device in each method of the embodiment of the present application.
- I won’t repeat it here.
- the computer program can be applied to the mobile terminal/terminal device in the embodiment of the present application.
- the computer program runs on the computer, the computer executes each method in the embodiment of the present application. For the sake of brevity, the corresponding process will not be repeated here.
- the disclosed system, device, and method may be implemented in other ways.
- the device embodiments described above are only illustrative.
- the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or It can be integrated into another system, or some features can be ignored or not implemented.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
- the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
- the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application.
- the aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory,) ROM, random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (43)
- 一种用于侧行链路通信的完整性保护的方法,其特征在于,包括:基于以下中的至少一种,获取第一承载BEARER参数值:所述侧行链路通信中传输的数据对应的逻辑信道标识LCID、所述侧行链路通信采用的接入通信制式、为所述侧行链路通信分配的BEARER参数值、预设BEARER参数值,其中,所述传输的数据对应的LCID的比特长度大于所述第一BEARER参数值的比特长度;基于所述第一BEARER参数值,计算用于所述侧行链路通信的完整性消息认证码MAC-I或期望的完整性消息认证码XMAC-I。
- 根据权利要求1所述的方法,其特征在于,所述第一BEARER参数值的比特长度等于第二BEARER参数值的比特长度,所述第二BEARER参数值用于Uu接口通信中计算MAC-I或XMAC-I。
- 根据权利要求1或2所述的方法,其特征在于,所述获取第一BEARER参数值,包括:对所述传输的数据对应的LCID进行处理,得到所述第一BEARER参数值。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述第一BEARER参数值是通过以下方式获取的:获取所述传输的数据对应的LCID的一部分比特位数值,用于生成所述第一BEARER参数值。
- 根据权利要求1至4中任一项所述的方法,其特征在于,所述第一BEARER参数值是通过以下方式获取的:截取所述传输的数据对应的LCID最低N个比特位数值或最高N个比特位数值,用于生成所述第一BEARER参数值。
- 根据权利要求5所述的方法,其特征在于,所述N等于所述第一BEARER参数值的比特位的数量。
- 根据权利要求1或2所述的方法,其特征在于,所述获取第一BEARER参数值,包括:从至少一个LCID与至少一个BEARER参数值的对应关系中,获取与所述传输的数据对应的LCID对应的BEARER参数值,以作为所述第一BEARER参数值。
- 根据权利要求1或2所述的方法,其特征在于,所述获取第一BEARER参数值,包括:从至少一个接入通信制式与至少一个BEARER参数值的对应关系中,获取与所述侧行链路通信采用的接入通信制式对应的BEARER参数值,以作为所述第一BEARER参数值。
- 根据权利要求1或2所述的方法,其特征在于,为所述侧行链路通信分配的BEARER参数值是由终端设备分配的;或者,为所述侧行链路通信分配的BEARER参数值是由网络设备分配的。
- 根据权利要求1或2所述的方法,其特征在于,所述获取第一 BEARER参数值,包括:将所述预设BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求1至10中任一项所述的方法,其特征在于,所述MAC-I或所述MAC-I是基于所述第一BEARER参数值,以及基于分组数据汇聚协议计数PDCP COUNT值、所述侧行链路通信的方向、完整性保护秘钥、完整性保护秘钥标识、数据包内容中的至少一种计算的。
- 一种用于Uu接口通信的完整性保护的方法,其特征在于,包括:基于以下中的至少一种,获取第一承载BEARER参数值:用于侧行链路通信的逻辑信道标识LCID的比特长度、为所述Uu接口通信分配的BEARER参数值、预设BEARER参数值;基于所述第一BEARER参数值,计算用于所述Uu接口通信的完整性消息认证码MAC-I或期望的完整性消息认证码XMAC-I。
- 根据权利要求12所述的方法,其特征在于,所述第一BEARER参数值的比特长度等于第二BEARER参数值的比特长度,所述第二BEARER参数值用于侧行链路通信中计算MAC-I或XMAC-I。
- 根据权利要求12或13所述的方法,其特征在于,所述获取第一BEARER参数值,包括:基于所述LCID的比特长度,对所述Uu接口通信的无线承载标识进行处理,以得到与所述LCID的比特长度相同的所述第一BEARER参数值。
- 根据权利要求14所述的方法,其特征在于,对所述无线承载标识进行的处理包括:在所述无线承载标识之前补至少一个零,或在所述无线承载标识之后补至少一个零。
- 根据权利要求12或13所述的方法,其特征在于,所述获取第一BEARER参数值,包括:将为所述Uu接口通信分配的以无线承载标识为粒度的BEARER参数值中,与所述Uu接口通信采用的无线承载标识对应的BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求12或13所述的方法,其特征在于,所述获取第一BEARER参数值,包括:将为所述Uu接口通信分配的以终端设备为粒度的BEARER参数值,作为所述第一BEARER参数值。
- 根据权利要求12或13所述的方法,其特征在于,所述获取第一BEARER参数值,包括:将所述预设BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求12至18中任一项所述的方法,其特征在于,所述MAC-I或所述XMAC-I是基于所述第一BEARER参数值,以及基于分组数据汇聚协议计数PDCP COUNT值、Uu接口通信的通信方向、完整性保护秘钥、完整性保护秘钥标识、数据包内容中的至少一种计算的。
- 一种用于侧行链路通信的完整性保护的设备,其特征在于,包括:获取单元,用于基于以下中的至少一种,获取第一承载BEARER参数值:所述侧行链路通信中传输的数据对应的逻辑信道标识LCID、所述侧行链路通信采用的接入通信制式、为所述侧行链路通信分配的BEARER参数值、预设BEARER参数值,其中,所述传输的数据对应的LCID的比特长度大于所述第一BEARER参数值的比特长度;计算单元,用于基于所述第一BEARER参数值,计算用于所述侧行链路通信的完整性消息认证码MAC-I或期望的完整性消息认证码XMAC-I。
- 根据权利要求20所述的设备,其特征在于,所述第一BEARER参数值的比特长度等于第二BEARER参数值的比特长度,所述第二BEARER参数值用于Uu接口通信中计算MAC-I或XMAC-I。
- 根据权利要求20或21所述的设备,其特征在于,所述获取单元进一步用于:对所述传输的数据对应的LCID进行处理,得到所述第一BEARER参数值。
- 根据权利要求20至22中任一项所述的设备,其特征在于,所述第一BEARER参数值是通过以下方式获取的:获取所述传输的数据对应的LCID的一部分比特位数值,用于生成所述第一BEARER参数值。
- 根据权利要求20至23中任一项所述的设备,其特征在于,所述第一BEARER参数值是通过以下方式获取的:截取所述传输的数据对应的LCID最低N个比特位数值或最高N个比特位数值,用于生成所述第一BEARER参数值。
- 根据权利要求24所述的设备,其特征在于,所述N等于所述第一BEARER参数值的比特位的数量。
- 根据权利要求20或21所述的设备,其特征在于,所述获取单元进一步用于:从至少一个LCID与至少一个BEARER参数值的对应关系中,获取与所述传输的数据对应的LCID对应的BEARER参数值,以作为所述第一BEARER参数值。
- 根据权利要求20或21所述的设备,其特征在于,所述获取单元进一步用于:从至少一个接入通信制式与至少一个BEARER参数值的对应关系中,获取与所述侧行链路通信采用的接入通信制式对应的BEARER参数值,以作为所述第一BEARER参数值。
- 根据权利要求20或21所述的设备,其特征在于,为所述侧行链路通信分配的BEARER参数值是由终端设备分配的;或者,为所述侧行链路通信分配的BEARER参数值是由网络设备分配的。
- 根据权利要求20或21所述的设备,其特征在于,所述获取单元进一步用于:将所述预设BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求20至29中任一项所述的设备,其特征在于,所述MAC-I或所述MAC-I是基于所述第一BEARER参数值,以及基于分组数据汇聚协议计数PDCP COUNT值、所述侧行链路通信的方向、完整性保护秘钥、完整性保护秘钥标识、数据包内容中的至少一种计算的。
- 一种用于Uu接口通信的完整性保护的设备,其特征在于,包括:获取单元,用于基于以下中的至少一种,获取第一承载BEARER参数值:用于侧行链路通信的逻辑信道标识LCID的比特长度、为所述Uu接口通信分配的BEARER参数值、预设BEARER参数值;计算单元,用于基于所述第一BEARER参数值,计算用于所述Uu接口通信的完整性消息认证码MAC-I或期望的完整性消息认证码XMAC-I。
- 根据权利要求31所述的设备,其特征在于,所述第一BEARER参数值的比特长度等于第二BEARER参数值的比特长度,所述第二BEARER参数值用于侧行链路通信中计算MAC-I或XMAC-I。
- 根据权利要求31或32所述的设备,其特征在于,所述获取单元进一步用于:基于所述LCID的比特长度,对所述Uu接口通信的无线承载标识进行处理,以得到与所述LCID的比特长度相同的所述第一BEARER参数值。
- 根据权利要求33所述的设备,其特征在于,对所述无线承载标识进行的处理包括:在所述无线承载标识之前补至少一个零,或在所述无线承载标识之后补至少一个零。
- 根据权利要求31或32所述的设备,其特征在于,所述获取单元进一步用于:将为所述Uu接口通信分配的以无线承载标识为粒度的BEARER参数值中,与所述Uu接口通信采用的无线承载标识对应的BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求31或32所述的设备,其特征在于,所述获取单元进一步用于:将为所述Uu接口通信分配的以终端设备为粒度的BEARER参数值,作为所述第一BEARER参数值。
- 根据权利要求31或32所述的设备,其特征在于,所述获取单元进一步用于:将所述预设BEARER参数值,确定为所述第一BEARER参数值。
- 根据权利要求31至37中任一项所述的设备,其特征在于,所述MAC-I或所述XMAC-I是基于所述第一BEARER参数值,以及基于分组数据汇聚协议计数PDCP COUNT值、Uu接口通信的通信方向、完整性保护秘钥、完整性保护秘钥标识、数据包内容中的至少一种计算的。
- 一种通信设备,其特征在于,包括:处理器和存储器,该存储器用 于存储计算机程序,所述处理器用于调用并运行所述存储器中存储的计算机程序,执行如权利要求1至19中任一项所述的方法。
- 一种芯片,其特征在于,包括:处理器,用于从存储器中调用并运行计算机程序,使得安装有所述芯片的设备执行如权利要求1至19中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,用于存储计算机程序,所述计算机程序使得计算机执行如权利要求1至19中任一项所述的方法。
- 一种计算机程序产品,其特征在于,包括计算机程序指令,该计算机程序指令使得计算机执行如权利要求1至19中任一项所述的方法。
- 一种计算机程序,其特征在于,所述计算机程序使得计算机执行如权利要求1至19中任一项所述的方法。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19926622.2A EP3846519B1 (en) | 2019-04-26 | 2019-04-26 | Method or device for integrity protection |
PCT/CN2019/084607 WO2020215323A1 (zh) | 2019-04-26 | 2019-04-26 | 用于完整性保护的方法或设备 |
AU2019442498A AU2019442498A1 (en) | 2019-04-26 | 2019-04-26 | Method or device for integrity protection |
CN201980057442.0A CN112655236A (zh) | 2019-04-26 | 2019-04-26 | 用于完整性保护的方法或设备 |
CN202110438087.0A CN113194473B (zh) | 2019-04-26 | 2019-04-26 | 用于完整性保护的方法或设备 |
US17/216,637 US11979747B2 (en) | 2019-04-26 | 2021-03-29 | Method or device for integrity protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/084607 WO2020215323A1 (zh) | 2019-04-26 | 2019-04-26 | 用于完整性保护的方法或设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/216,637 Continuation US11979747B2 (en) | 2019-04-26 | 2021-03-29 | Method or device for integrity protection |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020215323A1 true WO2020215323A1 (zh) | 2020-10-29 |
Family
ID=72940590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/084607 WO2020215323A1 (zh) | 2019-04-26 | 2019-04-26 | 用于完整性保护的方法或设备 |
Country Status (5)
Country | Link |
---|---|
US (1) | US11979747B2 (zh) |
EP (1) | EP3846519B1 (zh) |
CN (2) | CN113194473B (zh) |
AU (1) | AU2019442498A1 (zh) |
WO (1) | WO2020215323A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113194473B (zh) * | 2019-04-26 | 2022-12-09 | Oppo广东移动通信有限公司 | 用于完整性保护的方法或设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102404721A (zh) * | 2010-09-10 | 2012-04-04 | 华为技术有限公司 | Un接口的安全保护方法、装置和基站 |
CN102647332A (zh) * | 2011-02-21 | 2012-08-22 | 电信科学技术研究院 | 一种传输数据的方法及装置 |
US20190069308A1 (en) * | 2017-08-12 | 2019-02-28 | Lg Electronics Inc. | Method for handling for an uplink split operation in wireless communication system and a device therefor |
CN109547396A (zh) * | 2017-09-22 | 2019-03-29 | 维沃移动通信有限公司 | 完整性保护方法、终端和基站 |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0004178D0 (en) * | 2000-02-22 | 2000-04-12 | Nokia Networks Oy | Integrity check in a communication system |
TW200803371A (en) * | 2006-05-05 | 2008-01-01 | Interdigital Tech Corp | Ciphering control and synchronization in a wireless communication system |
US8699711B2 (en) * | 2007-07-18 | 2014-04-15 | Interdigital Technology Corporation | Method and apparatus to implement security in a long term evolution wireless device |
WO2015163625A1 (en) * | 2014-04-24 | 2015-10-29 | Lg Electronics Inc. | Method for establishing layer-2 entities for d2d communication system and device therefor |
CN104125570B (zh) * | 2014-07-02 | 2018-03-27 | 大唐移动通信设备有限公司 | 一种信令消息完整性检查的方法及装置 |
CN108141897A (zh) * | 2016-01-30 | 2018-06-08 | 华为技术有限公司 | 一种终端设备、网络设备以及数据传输方法 |
EP3622741B1 (en) * | 2017-06-14 | 2023-08-30 | Samsung Electronics Co., Ltd. | Method and user equipment for handling of integrity check failures of pdcp pdus |
CN109246705B (zh) * | 2017-06-15 | 2020-10-23 | 维沃移动通信有限公司 | 一种数据无线承载完整性保护配置方法、终端及网络设备 |
US11997738B2 (en) * | 2017-06-16 | 2024-05-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Systems and methods for the handling of data radio bearer integrity protection failure in NR |
EP3466151B1 (en) * | 2017-08-10 | 2022-09-14 | Telefonaktiebolaget LM Ericsson (publ) | Method and device for sidelink data duplication |
EP3689061B1 (en) * | 2017-09-28 | 2023-08-16 | ZTE Corporation | Methods for performing dual connectivity in sidelink communications, communication node and computer-readable medium |
US10667185B2 (en) * | 2018-03-28 | 2020-05-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for avoiding unnecessary actions in resume procedure |
KR102143023B1 (ko) * | 2018-04-16 | 2020-08-10 | 텔레호낙티에볼라게트 엘엠 에릭슨(피유비엘) | 비활성 상태로부터의 rrc 재개를 위한 보안 핸들링 |
CN113194473B (zh) * | 2019-04-26 | 2022-12-09 | Oppo广东移动通信有限公司 | 用于完整性保护的方法或设备 |
-
2019
- 2019-04-26 CN CN202110438087.0A patent/CN113194473B/zh active Active
- 2019-04-26 AU AU2019442498A patent/AU2019442498A1/en not_active Abandoned
- 2019-04-26 CN CN201980057442.0A patent/CN112655236A/zh active Pending
- 2019-04-26 WO PCT/CN2019/084607 patent/WO2020215323A1/zh unknown
- 2019-04-26 EP EP19926622.2A patent/EP3846519B1/en active Active
-
2021
- 2021-03-29 US US17/216,637 patent/US11979747B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102404721A (zh) * | 2010-09-10 | 2012-04-04 | 华为技术有限公司 | Un接口的安全保护方法、装置和基站 |
CN102647332A (zh) * | 2011-02-21 | 2012-08-22 | 电信科学技术研究院 | 一种传输数据的方法及装置 |
US20190069308A1 (en) * | 2017-08-12 | 2019-02-28 | Lg Electronics Inc. | Method for handling for an uplink split operation in wireless communication system and a device therefor |
CN109547396A (zh) * | 2017-09-22 | 2019-03-29 | 维沃移动通信有限公司 | 完整性保护方法、终端和基站 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3846519A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP3846519A4 (en) | 2021-09-01 |
US20210243606A1 (en) | 2021-08-05 |
CN113194473B (zh) | 2022-12-09 |
EP3846519A1 (en) | 2021-07-07 |
CN112655236A (zh) | 2021-04-13 |
CN113194473A (zh) | 2021-07-30 |
EP3846519B1 (en) | 2022-07-06 |
AU2019442498A1 (en) | 2021-05-06 |
US11979747B2 (en) | 2024-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020034229A1 (zh) | 一种信息传输方法及装置、通信设备 | |
EP3920491B1 (en) | Service processing method, device and computer readable storage medium | |
US11877326B2 (en) | Wireless communication method and communication device | |
WO2019153272A1 (zh) | 基于业务质量进行数据传输的方法和设备 | |
WO2021046778A1 (zh) | 无线通信的方法、终端设备和网络设备 | |
WO2021087910A1 (zh) | 用于连接网络的方法和设备 | |
WO2020061776A9 (zh) | 一种反馈资源的复用方法、终端设备及网络设备 | |
WO2020024249A1 (zh) | 一种数据传输方法、终端设备、网络设备及存储介质 | |
WO2019237315A1 (zh) | 一种控制安全功能的方法及装置、网络设备、终端设备 | |
US11979747B2 (en) | Method or device for integrity protection | |
WO2020252790A1 (zh) | 一种信息传输方法及装置、网络设备、用户设备 | |
CN112703802B (zh) | 处理上行覆盖弱化的方法及装置、终端、网络设备 | |
WO2020154929A1 (zh) | 一种秘钥信息处理方法和接入网络节点、终端设备 | |
WO2020155157A1 (zh) | 切换过程中安全信息的处理方法及装置、网络设备、终端 | |
WO2020061873A1 (zh) | 一种资源指示方法、设备及存储介质 | |
US11381963B2 (en) | Wireless communication method and device | |
WO2021138801A1 (zh) | 一种业务安全传输方法及装置、终端设备、网络设备 | |
CN112243576B (zh) | 一种信息传输方法及装置、通信设备 | |
WO2020258292A1 (zh) | 无线通信的方法、终端设备、接入网设备和核心网设备 | |
WO2020087546A1 (zh) | 一种网络信息传输方法、获取方法、网络设备及终端设备 | |
WO2020164019A1 (zh) | 一种承载配置方法及装置、网络设备 | |
WO2020087475A1 (zh) | 一种数据加扰方法及装置、通信设备 | |
WO2021142636A1 (zh) | 上行传输的方法和终端设备 | |
WO2021248336A1 (zh) | 一种释放配置的方法及装置、终端设备、网络设备 | |
CN114450989A (zh) | 设备会话密钥标识字段的填充方法及相关产品 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19926622 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019926622 Country of ref document: EP Effective date: 20210329 |
|
ENP | Entry into the national phase |
Ref document number: 2019442498 Country of ref document: AU Date of ref document: 20190426 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |